Actions
Release Info¶
- Version: 1.4.36
- Previous version: 1.4.35
- Branch: 1.4
- Status: stable
- Release Purpose: bug fixes
- Release manager: stbuehler
- Released date: 2015-07-26
Important changes from 1.4.35¶
- [ssl] disable SSL3.0 by default
- escape all strings for logging
- fix segfault when temp file for upload couldn't be created (found by coverity)
- changes to the internal API for buffers, chunks and more; 3rd party plugins are likely to break
Downloads¶
- http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.36.tar.gz
- GPG signature: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.36.tar.gz.asc
- SHA256:
8afc12cd40412cd94679f08725c68e4f5a3d91dfff7abc12d217c4f489b1819b
- http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.36.tar.xz
- GPG signature: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.36.tar.xz.asc
- SHA256:
897ab6b1cc7bd51671f8af759e7846245fbbca0685c30017e93a5882a9ac1a53
- SHA256 checksums: http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.36.sha256sum
Changes from 1.4.35¶
- use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
- fix bad shift in conditional netmask ".../0" handling
- add more mime types and a script to generate mime.conf (fixes #2579)
- add support for (Free)BSD extended attributes
- [build] use fortify flags with "extra-warnings"
- [mod_dirlisting,mod_redirect,mod_rewrite] abort config parsing if pcre-compile fails or isn't available
- [ssl] disable SSL3.0 by default
- fixed typo in example config found by openSUSE user (boo# 907709)
- [network] fix compile break in calculation of sockaddr_un size if SUN_LEN is not defined (fixes #2609)
- [connections] fix bug in connection state handling
- print backtrace in assert logging with libunwind
- major refactoring of internal buffer/chunk handling
- [mod_auth] use crypt_r instead of crypt if available
- fix error message for T_CONFIG_ARRAY config values if an entry value is not a string
- fix segfaults in many plugins if they failed configuration
- escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp)
- fix hex escape in accesslog (fixes #2559)
- show extforward re-run warning only with debug.log-request-handling (fixes #2561)
- parse If-None-Match for ETag validation (fixes #2578)
- fix memory leak in mod_status when no counters are set (found by coverity)
- [mod_magnet] fix segfault when accessing not existing lighty.req_env[] entry (found by coverity)
- fix segfault when temp file for upload couldn't be created (found by coverity)
- mime.conf: add some new mime types, remove .dat, .sha1, .md5, update .vcf
- [mod_proxy] add unix domain socket support (fixes #2653)
- [configfile] fix reading uninitialized variable (found by Willian B.)
External references¶
Updated by stbuehler over 9 years ago · 2 revisions