Project

General

Profile

1.4.40

2016-07-16

100%

148 issues   (148 closed — 0 open)

Release Info

  • Version: 1.4.40
  • Previous version: 1.4.39
  • Branch: 1.4
  • Status: stable
  • Release Purpose: bug fixes
  • Release manager: gstrauss
  • Released date: 2016-07-16

Important changes from 1.4.39

  • major bug-fix release; hundreds of issues resolved in issue tracker
  • git master lighttpd source repository (migrated from svn)

Downloads

Highlights

  • improved resource management
    • asynchronous, bidirectional streaming options to dynamic backends
    • detect client disconnects and abort request to dynamic backends
    • rework dynamic handler control flow logic for consistent clean up
    • constrained memory footprint; limit memory used by large responses
  • robustness and portability
    • fallback to traditional I/O if mmap or sendfile not available
    • update support for lua 5.2, 5.3; memcached; libressl; openssl 1.1.0
    • better cygwin support; passes tests
    • better webdav support
  • selected new features
    • lighttpd -tt performs config validation and preflight startup checks
    • lighttpd -1 process single (one) request on stdin socket (e.g. xinetd)
    • lighttpd -i <secs> graceful shutdown after <secs> of inactivity
    • config file supports include file globs (e.g. include "conf.d/*.conf")
    • server.bsd-accept-filter ("httpready", "dataready")
    • server.error-handler to handle 4xx and 5xx status
    • server.http-parseopt-header-strict restrict chars allowed in HTTP headers
    • server.http-parseopt-host-strict restrict chars allowed in HTTP Host
    • server.http-parseopt-host-normalize normalize HTTP Host header
    • server.listen-backlog to configure socket listen backlog
    • server.max-request-size is now scopeable (no longer one global setting)
    • server.stream-request-body to control streaming, buffering of request
    • server.stream-response-body to control streaming, buffering of response
    • server.upload-dirs will retry in remaining dirs in list if disk full
    • accesslog.format now supports %a %A %C %D %k %{}t %{}T
    • evasive.location for 302 redirect option if limit reached
    • url.rewrite and url.redirect now short-circuit if replacement is blank
    • url.access-allow for explicit list of allowed suffixes; deny others
    • mod_cgi handles local redirect response if Location: /path?query
    • REDIRECT_URI is set for internal redirects (cgi, magnet, rewrite, errdoc)
    • REDIRECT_STATUS is set to http error status for error docs
    • mod_indexfile sets PATH_TRANSLATED_DIRINDEX if target URL begins w/ '/'
    • "listen-backlog" to configure socket listen backlog for FastCGI, SCGI
    • X-Sendfile for CGI and SCGI (in addition to FastCGI)

Future scheduled behavior changes in lighttpd 1.4.41

  • server.use-ipv6 = "enable" will be inherited from global scope if set, so if that is not what is desired, add server.use-ipv6 = "disable" to appropriate $SERVER["socket"] blocks. Similar for server.set-v6only.
  • long-deprecated config directives will be removed. These directives are non-functional and emit a warning message if directives were renamed. After being removed, they will result in "directive unknown" warnings.

Changes from 1.4.39

  • [mod_ssi] enhance support for ssi vars (thx fbrosson)
  • add handling for lua 5.2 and 5.3 (fixes #2674)
  • use libmemcached instead of deprecated libmemcache
  • add force_assert for more allocation results
  • [mod_cgi] use MAP_PRIVATE to mmap temporary file (fixes #2715)
  • [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711)
  • [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)
  • [mod_cgi] issue trace and exit if execve() fails (closes #2302)
  • [configparser] don't continue after parse error (fixes #2717)
  • [core] never evaluate else branches until the previous branches are ready (fixes #2598)
  • [core] fix conditional cache handling
  • [core] improve conditional enabling (thx Gwenlliana, #2598)
  • [mod_compress] case-insensitive content-codings (fixes #2645)
  • [plugins] don't include dlfcn.h if not needed (fixes #2548)
  • [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474)
  • [mod_cgi] send 500 if CGI ends and there is no response (fixes #2542)
  • [mod_cgi] consolidate CGI cleanup code
  • [mod_cgi] simplify mod_cgi_handle_subrequest()
  • [mod_cgi] kill CGI if fail to write request body
  • [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
  • [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
  • [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
  • [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project)
  • [core] improve array API to prevent memory leaks
  • [core] refactor array search; raise array size limit to SSIZE_MAX
  • [core] fix memory leak in configparser_merge_data
  • [core] provide array_extract_element and use it
  • [core] configparser: error on duplicate keys in array merge (fixes #2685)
  • [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
  • [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
  • [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
  • [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
  • restart (some) syscalls after SIGCHLD interrupted them; should fix LDAP problems (fixes #2464)
  • [core] log remote address on request timeouts (fixes #652)
  • [autobuild] use AC_CANONICAL_HOST instead of AC_CANONICAL_TARGET (fixes #1866)
  • [core] fix request_start in keep-alive requests to mark time when received first byte (fixes #2412)
  • [core] truncate pidfile on exit (fixes #2695)
  • consistent inclusion of config.h at top of files (fixes #2073)
  • [core] add generic vector implementation
  • [core] replace array weakref with vector
  • [base64] fix crash due to broken force_assert
  • [unittests] add test_buffer and test_base64 unit tests
  • [buffer] refactor buffer_path_simplify (fixes #2560)
  • validate return values from strtol, strtoul (fixes #2564)
  • [mod_ssi] Add SSI vars SCRIPT_{URI,URL} and REQUEST_SCHEME (fixes #2721)
  • [config] warn if server.upload-dirs has non-existent dirs (fixes #2508)
  • [mod_proxy] accept LF delimited headers, not just CRLF (fixes #2594)
  • [core] wait for grandchild to be ready when daemonizing (fixes #2712, thx pasdVn)
  • [core] respond 411 Length Required if request has Transfer-Encoding: chunked (fixes #631)
  • [core] fixed the loading for default modules if they are specified explicitly
  • [core] lighttpd -tt performs preflight startup checks (fixes #411)
  • [stat] mimetype.xattr-name global config option (fixes #2631)
  • [mod_webdav] allow Depth: Infinity lock on file (fixes #2296)
  • [mod_status] use snprintf() instead of sprintf()
  • pass buf size to li_tohex()
  • use li_[iu]tostrn() instead of li_[iu]tostr()
  • [stream] fstat() after open() to obtain file size
  • [core] clean up srv before exiting for lighttpd -[vVh]
  • [mod_fastcgi,mod_scgi] check for spawning on same unix socket (fixes #319)
  • [mod_cgi] always set QUERY_STRING (fixes #1339)
  • [mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468)
  • [mod_magnet] rename var for clarity (fixes #1483)
  • [mod_extforward] reset cond_cache for scheme (fixes #1499)
  • [mod_webdav] readdir POSIX compat (fixes #1826)
  • [mod_expire] reset caching response headers for error docs (fixes #1919)
  • [mod_status] page refresh option (fixes #2170)
  • [mod_status] table w/ count of con states (fixes #2427)
  • [mod_dirlisting] class for dir <tr> (fixes #2304)
  • [core] define STDC_WANT_LIB_EXT1 (fixes #2722)
  • [core] setrlimit max-fds <= rlim_max for non-root (fixes #2723)
  • [mod_ssi] config ssi.conditional-requests
  • [mod_ssi] config ssi.exec (fixes #2051)
  • [mod_redirect,mod_rewrite] short-circuit if blank replacement (fixes #2085)
  • [mod_indexfile] save physical path to env (fixes #448, #892)
  • [core] open fd when appending file to cq (fixes #2655)
  • [config] server.listen-backlog option (fixes #1825, #2116)
  • [core] retry tempdirs on partial write, ENOSPC (fixes #2588)
  • [core] compile with upcoming openssl 1.1.0 release (fixes #2727)
  • [core] improve dynamic handler control flow logic
  • [core] defer reading request body until handle subrequest (fixes #2541)
  • [core] always poll for client POLLHUP/POLLERR events (fixes #399)
  • [mod_fastcgi,mod_scgi,mod_proxy] handlers can read response before sending req body (fixes #131, #2566)
  • [mod_cgi] asynchronous send of request body to CGI
  • [core] compile with upcoming openssl 1.1.0 release (fixes #2727)
  • [core] set REDIRECT_STATUS to error_handler_saved_status (fixes #1828)
  • [core] server.error-handler new directive for error pages (fixes #2702)
  • [core] support IPv6 in $HTTP["remote-ip"] CIDR cond match (fixes #2706)
  • [core] http_response_send_file() shared code (#2017)
  • [mod_fastcgi] use http_response_xsendfile() (fixes #799, fixes #851, fixes #2017, fixes #2076)
  • [mod_scgi] X-Sendfile feature (fixes #2253)
  • [mod_cgi] X-Sendfile feature (fixes #2313)
  • [mod_webdav] lseek,read if fs can not mmap (#2666, fixes #962)
  • [mod_compress] use mmap and trap SIGBUS (#2666, fixes #1879)
  • fallback to lseek()/read() if mmap() fails (fixes #2666)
  • [mod_auth] skip blank lines and comment lines (fixes #2327)
  • [core] fallback to write if sendfile not supported (fixes #471, #987)
  • [core] preserve PATH_INFO case on case-insensitive fs (fixes #406)
  • [mod_ssi, mod_cml] set DOCUMENT_ROOT to basedir (fixes #2383)
  • [core] cmd line opt to shutdown after idle time limit (fixes #2696)
  • [core] lighttpd -1 handles single request on stdin socket (fixes #1584)
  • [mod_fastcgi,mod_scgi] IPv6 support (fixes #2372)
  • [mod_status] add JSON output option (fixed #2432)
  • [mod_webdav] map COPY/MOVE Destination to aliases (fixes #1787)
  • [mod_webdav] improve PROPFIND,PROPPATCH (#1818, #1953)
  • [core] reset response headers, write_queue for error docs
  • build with libressl
  • static build instructions using SCons or make
  • [mod_auth] preserve WWW-Authenticate for error docs (fixes #2730)
  • check close() return code after writing to file
  • adjustments for openssl 1.1.0 pre-release
  • [config] support include file glob (fixes #1221)
  • [mod_evasive] 302 redirect option if limit reached (fixes #2199)
  • [build] enhancements for cross-compiling (fixes #2276)
  • [mod_accesslog] report aborted con state with %X (fixes #1890)
  • [mod_ssi] fix SSI statement parser
  • [mod_ssi] include relative to alias,userdir (fixes #222)
  • [mod_ssi] add PCRE_* options to constrain regex
  • [mod_ssi] more flexible quoting (fixes #1768)
  • [core] wrap IPv6 literal in "[]" in redirect URL
  • [mod_ssi] fix parse of tag across buf boundary (fixes #2732)
  • [mod_cgi,mod_scgi] X-Sendfile sets file_started (fixes #2733)
  • [mod_fastcgi] no chunked response w/ X-Sendfile (fixes #2733)
  • [config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016)
  • [config] normalize IP strings in lighttpd.conf
  • [build_cmake] use MODULE on Mac OS X (fixes #1761)
  • [config] server.bsd-accept-filter option
  • [mod_webdav] create file w/ LOCK request if ENOENT
  • [core] buffer large responses to tempfiles (fixes #758, fixes #760, fixes #933, fixes #1387, #1283, fixes #2083)
  • [core] stream response to client (#949)
  • [TLS] release openssl buffers as used (fixes #1265, fixes #1283, #881)
  • [config] config options to stream request/response (#949, #376)
  • [core] option to stream request body to backend (fixes #376)
  • [core] option to stream response body to client (fixes #949, #760, #1283, #1387)
  • drain backend socket/pipe bufs upon FDEVENT_HUP
  • remove excess calls to joblist_append()
  • defer choosing "Transfer-Encoding: chunked"
  • asynchronous, bidirectional streaming options
  • fix errors detected by Coverity Scan
  • [cygwin] fix mod_proxy and mod_fastcgi ioctl use
  • [mod_webdav] remove excess SQL param to UNLOCK
  • graceful shutdown without unnecessary 1 sec delay
  • [core] disable Nagle algorithm (TCP_NODELAY)
  • [core] add declarations to fdevent.h (#2373)
  • [tests] remove dependency on CGI.pm
  • [TLS] fix return value checks during cert init
  • [core] fix server.max-request-size to be precise (fixes #2131)
  • [mod_webdav] fix proppatch mem leak, other fixes (fixes #1334, fixes #2000)
  • [autobuild] CMake check for struct tm tm_gmtoff (fixes #2014)
  • [mod_uploadprogress] fix mem leak (#1858)
  • [core] make server.max-request-size scopeable (fixes #1901)
  • [mod_fastcgi,mod_scgi] check for spawning on same unix socket (#319)
  • [mod_accesslog] %a %A %C %D %k %{}t %{}T (fixes #1145, fixes #1415, fixes #2081)
  • [mod_access] new directive url.access-allow (fixes #1421)
  • [core] fdevent_libev: update use of ev_timer
  • [mod_cgi] handle local redirect response (fixes #2108)

External references

Time tracking
Estimated time 1.70 hour
Issues by
Bug

99/99

Feature

49/49