Project

General

Profile

1.4.21

2009-02-16

"Yes we can... do another release"

100%

51 issues   (51 closed — 0 open)

Release Info

  • Version: 1.4.21
  • Previous version: 1.4.20
  • Branch: 1.4
  • Status: stable
  • Release Purpose: bug fixes
  • Release manager: stbuehler
  • Released date: 2009-02-16

"Yes we can... do another release"

Four and a half months after the release of 1.4.20 comes a new version in the stable branch of lighty: 1.4.21 is here.
It is a bugfix release but also contains 3 small new features.
We would like to thank everybody who reported bugs, especially the ones who provided patches.

spawn-fcgi warning

We decided to remove spawn-fcgi after this release from the lighttpd source, there is now a separate project for it:
http://redmine.lighttpd.net/projects/spawn-fcgi

Important changes

  • Reverted fix for CVE-2008-4359 (too many regressions - see #1720 and r2362): do NOT use rewrite/redirect to protect specific urls!
  • Fixed a bug when server.max-connections was hit
  • SSLv2 disabled by default
  • New setting to disable returning of a 417 if "Expect: 100-continue" header is given:
    server.reject-expect-100-with-417 = "disable" 
    
  • Settings that require numbers can now be strings too which get converted. Useful in conjunction wth env vars (thx andrewb)
  • mod_compress now supports caching through etags and last-modified
  • The annoying log entries about timeouted connections are now disabled by default and can be enabled with a new setting:
    debug.log-timeouts = "enable" 
    
  • New $HTTP["language"] conditional (thx to petar) which allows interesting new configs like:
    $HTTP["language"] =~ "(de|it|hr)" {
        url.redirect = ( "^/$" => "http://www.site.net/%1/" )
    }
    

Downloads

Changes from 1.4.20

  • Fix base64 decoding in mod_auth (#1757, thx guido)
  • Fix mod_cgi segfault when bound to unix domain socket (#653)
  • Do not rely on ioctl FIONREAD (#673)
  • Now really fix mod auth ldap (#1066)
  • Fix leaving zombie process with include_shell (#1777)
  • Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff
  • Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb)
  • Do not cache default vhost in mod_simple_vhost (#709)
  • Trust pcre-config, do not check for pcre manually (#1769)
  • Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
  • Add possibility to disable methods in mod_compress (#1773)
  • Fix duplicate connection keep-alive/transfer-encoding headers (#960)
  • Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715)
  • Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests
  • Compare address family in inet_ntop_cache
  • Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions.
  • Use FD_CLOEXEC if possible (fixes #1821)
  • Optimized buffer usage in mod_proxy (fixes #1850)
  • Fix uninitialized value in time struct after strptime
  • Do not pass Proxy-Connection: header from client to backend http server in mod_proxy (#1877)
  • Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng)
  • Some small buffer.c fixes (closes #1837)
  • Remove floating point math from server.c (fixes #1402)
  • Disable SSLv2 by default
  • Use/enforce sane max-connection values (fixes #1803)
  • Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884)
  • Add option to ignore the "Expect: 100-continue" header instead of returning 417 Expectation failed (closes #1017)
  • Use modified etags in mod_compress (fixes #1800)
  • Fix max-connection limit handling/100% cpu usage (fixes #1436)
  • Fix error handling in freebsd-sendfile (fixes #1813)
  • Silenced the annoying "request timed out" warning, enable with the "debug.log-timeouts" option (fixes #1529)
  • Allow tabs in header values (fixes #1822)
  • Added Language conditional (fixes #1119); patch by petar
  • Fix wrong format strings (#1900, thx stepancheg)

External references

Issues by
Bug

40/40

Feature

11/11