Actions
Release Info¶
- Version: 1.4.74
- Previous version: 1.4.73
- Branch: 1.4
- Status: stable
- Release Purpose: bug fixes
- Release manager: gstrauss
- Released date: 2024-02-19
Important changes from 1.4.73¶
- bugs fixes, portability, expand CI
Downloads¶
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.tar.gz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.tar.gz.asc
- SHA256:
3a82994d2afdd685c967569919cfa612dbb39bc1cc737d1b07dc4e988379ae57
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.tar.xz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.tar.xz.asc
- SHA256:
5c08736e83088f7e019797159f306e88ec729abe976dc98fb3bed71b9d3e53b5
- SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.sha256sum
- SHA512 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.sha512sum
Behavior Changes¶
- Some messages sent to syslog() (if enabled in lighttpd config) have been
changed to use different priorities (e.g. LOG\_WARNING, LOG\_DEBUG) instead
of everything being sent with LOG\_ERROR priority. The change affects only
lighttpd configs which set server.errorlog-use-syslog = "enable" (not default) - Use sendfile() with musl libc; fix build detection of sendfile() w/ musl libc
Please report any issues, though any issues are unexpected since
lighttpd falls back to writev() if sendfile() fails.
Future Scheduled Behavior Changes (for the next lighttpd release)¶
- TLS cipher defaults will be incrementally updated to stronger defaults
Proposed defaults are forward-secret and support authenticated encryption (AEAD)
Proposed defaults: openssl ciphers 'EECDH+AESGCM:CHACHA20:!PSK:!DHE'
Current defaults: openssl ciphers 'EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384'
Little or no impact is expected for lighttpd configs already using lighttpd TLS defaults
(and supported clients, i.e. those which have not already reached end-of-life).
Reference: https://developers.cloudflare.com/ssl/reference/cipher-suites/recommendations/ - mod\_redirect: default url.redirect-code for HTTP/1.1 and later will be
changed from 301 Moved Permanently to 308 Permanent Redirect
(only if url.redirect is not explicitly set in lighttpd.conf)
RFC7538: https://datatracker.ietf.org/doc/html/rfc7538
(published almost 9 years ago)
Future Scheduled Behavior Changes (2025)¶
- lighttpd TLS defaults will change to MinProtocol TLSv1.3
Other configurations will still be supported, but will not be the default.
Proposed default: MinProtocol TLSv1.3
Current default: MinProtocol TLSv1.2
Changes from 1.4.73¶
- [mod_h2] send 500 if backend oversized resp hdrs
- [mod_h2] h2_send_1xx() lowercase field names (fixes #3233)
- [mod_dirlisting] smaller funcs to generate listing
- [mod_dirlisting] dir-listing.sort option (#3235)
- [mod_dirlisting] check for response stream bufmin
- [core] skip SIGUSR1 after clock jump if chroot'ed
- [mod_deflate] move bzip2 to end of priority list
- [mod_deflate] deflate.allowed-encodings default
- [core] cfg "if","elif","elsif","elseif","else if"
- [lemon] refresh LEMON parser to SQLite maint ver
- [core] add newlines to config parsing error trace
- [ls-hpack] sys/queue.h portability
- [scons] remove -std=gnu99 to use modern defaults
- [multiple] share code for upgrade: websocket
- [core] check for SOCK_CLOEXEC earlier in startup
- [autotools] report if ipv6 support disabled (fixes #3237)
- [core] simpler error page header
- [mod_status] simpler status page header
- [h2] quicker server graceful shutdown of idle h2
- [mod_openssl] kTLS: check for kernel tls offload
- [mod_gnutls] kTLS: check for kernel tls offload
- [core] quicker server graceful shutdown of websockets
- [build] -D_LARGEFILE64_SOURCE for musl sendfile64()
- [mod_setenv] code consistency
- [mod_expire] resp tag check
- [mod_expire] comment
- [core] use SF_NODISKIO with sendfile() on FreeBSD
- [core] chunk_file_pread_chunk()
- [mod_deflate] prefer reusable buffer to read file
- [core] reduce blocking I/O sending files to net
- [core] reduce network send file fallback path
- [core] try mmap() if not using sendfile()
- [mod_wolfssl] mod_wolfssl_write_err()
- [multiple] extend chunkqueue_peek_data() w/ nowait
- [core] preadv2 RWF_NOWAIT EOPNOTSUPP on tmpfs (?!)
- [build] type error in configure.ac sendfile probe (fixes #3238)
- [core] update ls-hpack
- [ls-hpack] sys/queue.h STAILQ_FOREACH portability
- [core] chunk_open_file_chunk() in chunk.h
- [multiple] use chunk_open_file_chunk()
- [core] remove chunkqueue_open_file_chunk()
- [core] use sendfile() with iovecs where available
- [scons] remove CheckFunc() incorrect header usage
- [core] spelling in comment in network_write.c
- [cmake] check for sendfile64 only on Linux
- [core] quiet compiler warning for NDEBUG redefined
- [autoconf] config test for mbedtls needs mbedx509
- [mod_h2] add con to job queue when wr alloc used
- [mod_h2] use different flag for disk I/O busy
- [crypto] use evp api for truncated sha-2 with libressl
- [mod_expire] smaller options parse func
- [mod_expire] check modification time to cur time
- [tests] t/test_mod_expire.c
- [tests] add mod_expire tests to tests/request.t
- [core] log trace with priority for syslog() (#3239)
- [core] avoid preprocessor use inside macros
- [core] log_pri() and log_pri_multiline() (#3239)
- [build] remove checks for sendfile64
- [tests] clean up memleak on test exit
- [build] quiet compiler warnings in LEMON parser
- [core] simplify connection_handle_write() err case
- [core] gw_host_get shared code
- [doc] update doc/config/conf.d/mime.conf
- [core] combine *BSD cond handling 0-len FILE_CHUNK
- [meson] portability improvements
- [core] DragonflyBSD portability
- [tests] quiet compiler warning
- [ci] enable github CI
- [ci] adjust .github/workflows/meson.yml
- [ci] quiet msys-clang32 stdcall compiler warning
- [ci] #undef _XOPEN_SOURCE on Solaris
- [core] fix recent solaris typo; compile failure
- [ci] _WIN32 portability
- [cmake,meson] skip tests/* under native Windows
- [tests] support platforms without cp -n
- [ci] cmake did not detect inet_pton on x86 _WIN32
- [ci] use latest GCC and clang
- [ci] adjust .github/workflows/meson.yml
- [ci] further simplify
- [ci] adjust NetBSD,OpenBSD tests .github/workflows
- [ci] add Windows-VisualStudio to .github/workflows
- [ci] add Solaris (disabled) to .github/workflows
- [ci] add Windows-MSYS2 to .github/workflows
- [ci] rename .github/workflows/meson.yml to pr.yml
- [tests] adjust shell syntax in tests/prepare.sh
- [tests] test_mod stub funcs for static builds
- [ci] adjust Windows tests in .github/workflows
- [mod_authn_dbi,mod_vhostdb_dbi] check for <dbi.h>
- [ci] tailor scripts/ci-build.sh for FreeBSD
- [ci] use set -e in .github/workflows run commands
- [debug] debug.log-timeouts for all timeout logging
- [debug] use log_debug_multiline() (#3239)
- [debug] use log_debug() instead of log_error() (#3239)
- [multiple] use log_warn() for config warnings (#3239)
- [core] use log_warn(),log_notice(),log_info() (fixes #3239)
- [ls-hpack] compat include of <sys/queue.h>
- [tests] skip deflate tests if zlib not available
- [core] ignore cc -Wcpp warning for <sys/cdefs.h>
- [ci] mechanism to disable wolfssl in ci-build.sh
- [ci] use Alpine Linux VMs to test additional arch
- [ci] skip 32-bit builds on Windows; save resources
- [tests] skip shutdown(SHUT_WR) in tests on s390x
- [ci] add s390x arch
- [meson] replace deprecated meson.build_root() use
- [ci] x86_64 and x86 featureful builds on ubuntu
- [ci] add x86_64 cmake ASAN build on ubuntu
- [ci] ci-build.sh add some NO_* options
- [ci] add Windows-Cygwin build
- [ci] fail fast if x86 build fails on alpine
- [ci] reduce some builds while maintaining coverage
- [ci] remove config not actually running x86 ubuntu
- [ci] more featureful build on macOS
- [doc] cert-staple.sh check staple newer than cert
- [ci] pr.yml format consistency
- [tests] remove repeated file in prepare.sh cp
- [wolfssl] renamed SSL_OP_NO_TICKET
- [ci] more featureful build on NetBSD
- [mod_authn_gssapi] ifndef GSS_KRB5_NT_PRINCIPAL_NAME
- [build] check 'lua54' before other lua variants
- [ci] OpenBSD CFLAGS LDFLAGS PKG_CONFIG_LIBDIR
- [ci] more featureful build on OpenBSD
- [ci] use bash on DragonflyBSD instead of csh
- [ci] special-cases for running tests under MSYS2
- [ci] basic build and run tests under MSYS2
- [tests] remove stray comment from test_mod_expire
- [ci] ci-build.sh NO_DBI option
- [ci] ci-build.sh NO_UUID option
- [ci] ci-build.sh NO_GNUTLS option
- [ci] ci-build.sh NO_MYSQL option
- [core] _WIN32 define PROT_WRITE to PAGE_READWRITE
- [mod_authn_sasl] use HOSTNAME for fqdn on _WIN32
- [ci] more featureful build on MSYS2
- [mod_authn_sasl] fix typo
- [ci] use cygwin test repos for latest packages
- [ci] vmactions usesh: true
- [ci] fix cmake generator path for MSVC
- [mod_wstunnel] read and discard HTTP/1.1 req body
- [core] use log_notice() for conn limit notice (#3239)
- [core] gw_upgrade_policy() shared code
- [mod_wstunnel] handle large kernel socket recv buf
- [core] stat_cache.c replace assert w/ error codes
- [core] remove dev assert in http_chunk_append_mem
- [core] ck_static_assert()
- [core] remove asserts from gw_status_get_counter()
- [core] configparser.y combine assert, remove debug
- [core] remove assert from sock_addr.c
- [mod_fastcgi] check env w/ cond instead of assert
- [core] shared code chunkqueue_close_tempchunk()
- [core] buffer.c combine asserts
- [core] array require nonnull for insert,replace
- [core] li_tohex*() no longer adds '\0'
- [core] accept 65536 in config for ushort values
- [ci] add missing intermediate dep for Cygwin
- [core] clarify configfile parse comment
- [core] fix crash with invalid lighttpd.conf syntax
- [core] lighttpd.conf detect,err if consecutive str
- [mod_magnet] lighty.r.req_body.unspecified_len
- [mod_proxy] handle HTTP/1.0 unspecified req len
- [core] unset Upgrade if downgrade HTTP/1.1 to 1.0
- [mod_magnet] interface to downgrade HTTP/1.1 to 1.0
- [mod_magnet] expand guidance in error message (#3240)
- [debug] use log_debug() instead of log_error() (#3239)
- [mod_wstunnel] use log_warn(),log_notice(),log_info() (#3239)
- [multiple] gw_backend_error_trace() (fixes #1406)
- [mod_webdav] webdav_uuid_v4() to supplant libuuid (#1056)
- [build] remove libuuid dependency (fixes #1056)
- [mod_wstunnel] quiet coverity warning
- [doc] fix typos in doc/config/lighttpd.conf
- [mod_h2] send 502 if backend oversized resp hdrs
External references¶
Updated by gstrauss 10 months ago · 1 revisions