Release Info¶

• Version: 1.4.74
• Previous version: 1.4.73
• Branch: 1.4
• Status: stable
• Release Purpose: bug fixes
• Release manager: gstrauss
• Released date: 2024-02-19

Important changes from 1.4.73¶

• bugs fixes, portability, expand CI

Downloads¶

• https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.tar.gz
  • GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.tar.gz.asc
  • SHA256: 3a82994d2afdd685c967569919cfa612dbb39bc1cc737d1b07dc4e988379ae57
• https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.tar.xz
  • GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.tar.xz.asc
  • SHA256: 5c08736e83088f7e019797159f306e88ec729abe976dc98fb3bed71b9d3e53b5
• SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.sha256sum
• SHA512 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.74.sha512sum

Behavior Changes¶

• Some messages sent to syslog() (if enabled in lighttpd config) have been
  changed to use different priorities (e.g. LOG\_WARNING, LOG\_DEBUG) instead
  of everything being sent with LOG\_ERROR priority. The change affects only
  lighttpd configs which set server.errorlog-use-syslog = "enable" (not default)
• Use sendfile() with musl libc; fix build detection of sendfile() w/ musl libc
  Please report any issues, though any issues are unexpected since
  lighttpd falls back to writev() if sendfile() fails.

Future Scheduled Behavior Changes (for the next lighttpd release)¶

• TLS cipher defaults will be incrementally updated to stronger defaults
  Proposed defaults are forward-secret and support authenticated encryption (AEAD)
  Proposed defaults: openssl ciphers 'EECDH+AESGCM:CHACHA20:!PSK:!DHE'
  Current defaults: openssl ciphers 'EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384'
  Little or no impact is expected for lighttpd configs already using lighttpd TLS defaults
  (and supported clients, i.e. those which have not already reached end-of-life).
  Reference: https://developers.cloudflare.com/ssl/reference/cipher-suites/recommendations/
• mod\_redirect: default url.redirect-code for HTTP/1.1 and later will be
  changed from 301 Moved Permanently to 308 Permanent Redirect
  (only if url.redirect is not explicitly set in lighttpd.conf)
  RFC7538: https://datatracker.ietf.org/doc/html/rfc7538
  (published almost 9 years ago)

Future Scheduled Behavior Changes (2025)¶

• lighttpd TLS defaults will change to MinProtocol TLSv1.3
  Other configurations will still be supported, but will not be the default.
  Proposed default: MinProtocol TLSv1.3
  Current default: MinProtocol TLSv1.2

Changes from 1.4.73¶

• [mod_h2] send 500 if backend oversized resp hdrs
• [mod_h2] h2_send_1xx() lowercase field names (fixes #3233)
• [mod_dirlisting] smaller funcs to generate listing
• [mod_dirlisting] dir-listing.sort option (#3235)
• [mod_dirlisting] check for response stream bufmin
• [core] skip SIGUSR1 after clock jump if chroot'ed
• [mod_deflate] move bzip2 to end of priority list
• [mod_deflate] deflate.allowed-encodings default
• [core] cfg "if","elif","elsif","elseif","else if"
• [lemon] refresh LEMON parser to SQLite maint ver
• [core] add newlines to config parsing error trace
• [ls-hpack] sys/queue.h portability
• [scons] remove -std=gnu99 to use modern defaults
• [multiple] share code for upgrade: websocket
• [core] check for SOCK_CLOEXEC earlier in startup
• [autotools] report if ipv6 support disabled (fixes #3237)
• [core] simpler error page header
• [mod_status] simpler status page header
• [h2] quicker server graceful shutdown of idle h2
• [mod_openssl] kTLS: check for kernel tls offload
• [mod_gnutls] kTLS: check for kernel tls offload
• [core] quicker server graceful shutdown of websockets
• [build] -D_LARGEFILE64_SOURCE for musl sendfile64()
• [mod_setenv] code consistency
• [mod_expire] resp tag check
• [mod_expire] comment
• [core] use SF_NODISKIO with sendfile() on FreeBSD
• [core] chunk_file_pread_chunk()
• [mod_deflate] prefer reusable buffer to read file
• [core] reduce blocking I/O sending files to net
• [core] reduce network send file fallback path
• [core] try mmap() if not using sendfile()
• [mod_wolfssl] mod_wolfssl_write_err()
• [multiple] extend chunkqueue_peek_data() w/ nowait
• [core] preadv2 RWF_NOWAIT EOPNOTSUPP on tmpfs (?!)
• [build] type error in configure.ac sendfile probe (fixes #3238)
• [core] update ls-hpack
• [ls-hpack] sys/queue.h STAILQ_FOREACH portability
• [core] chunk_open_file_chunk() in chunk.h
• [multiple] use chunk_open_file_chunk()
• [core] remove chunkqueue_open_file_chunk()
• [core] use sendfile() with iovecs where available
• [scons] remove CheckFunc() incorrect header usage
• [core] spelling in comment in network_write.c
• [cmake] check for sendfile64 only on Linux
• [core] quiet compiler warning for NDEBUG redefined
• [autoconf] config test for mbedtls needs mbedx509
• [mod_h2] add con to job queue when wr alloc used
• [mod_h2] use different flag for disk I/O busy
• [crypto] use evp api for truncated sha-2 with libressl
• [mod_expire] smaller options parse func
• [mod_expire] check modification time to cur time
• [tests] t/test_mod_expire.c
• [tests] add mod_expire tests to tests/request.t
• [core] log trace with priority for syslog() (#3239)
• [core] avoid preprocessor use inside macros
• [core] log_pri() and log_pri_multiline() (#3239)
• [build] remove checks for sendfile64
• [tests] clean up memleak on test exit
• [build] quiet compiler warnings in LEMON parser
• [core] simplify connection_handle_write() err case
• [core] gw_host_get shared code
• [doc] update doc/config/conf.d/mime.conf
• [core] combine *BSD cond handling 0-len FILE_CHUNK
• [meson] portability improvements
• [core] DragonflyBSD portability
• [tests] quiet compiler warning
• [ci] enable github CI
• [ci] adjust .github/workflows/meson.yml
• [ci] quiet msys-clang32 stdcall compiler warning
• [ci] #undef _XOPEN_SOURCE on Solaris
• [core] fix recent solaris typo; compile failure
• [ci] _WIN32 portability
• [cmake,meson] skip tests/* under native Windows
• [tests] support platforms without cp -n
• [ci] cmake did not detect inet_pton on x86 _WIN32
• [ci] use latest GCC and clang
• [ci] adjust .github/workflows/meson.yml
• [ci] further simplify
• [ci] adjust NetBSD,OpenBSD tests .github/workflows
• [ci] add Windows-VisualStudio to .github/workflows
• [ci] add Solaris (disabled) to .github/workflows
• [ci] add Windows-MSYS2 to .github/workflows
• [ci] rename .github/workflows/meson.yml to pr.yml
• [tests] adjust shell syntax in tests/prepare.sh
• [tests] test_mod stub funcs for static builds
• [ci] adjust Windows tests in .github/workflows
• [mod_authn_dbi,mod_vhostdb_dbi] check for <dbi.h>
• [ci] tailor scripts/ci-build.sh for FreeBSD
• [ci] use set -e in .github/workflows run commands
• [debug] debug.log-timeouts for all timeout logging
• [debug] use log_debug_multiline() (#3239)
• [debug] use log_debug() instead of log_error() (#3239)
• [multiple] use log_warn() for config warnings (#3239)
• [core] use log_warn(),log_notice(),log_info() (fixes #3239)
• [ls-hpack] compat include of <sys/queue.h>
• [tests] skip deflate tests if zlib not available
• [core] ignore cc -Wcpp warning for <sys/cdefs.h>
• [ci] mechanism to disable wolfssl in ci-build.sh
• [ci] use Alpine Linux VMs to test additional arch
• [ci] skip 32-bit builds on Windows; save resources
• [tests] skip shutdown(SHUT_WR) in tests on s390x
• [ci] add s390x arch
• [meson] replace deprecated meson.build_root() use
• [ci] x86_64 and x86 featureful builds on ubuntu
• [ci] add x86_64 cmake ASAN build on ubuntu
• [ci] ci-build.sh add some NO_* options
• [ci] add Windows-Cygwin build
• [ci] fail fast if x86 build fails on alpine
• [ci] reduce some builds while maintaining coverage
• [ci] remove config not actually running x86 ubuntu
• [ci] more featureful build on macOS
• [doc] cert-staple.sh check staple newer than cert
• [ci] pr.yml format consistency
• [tests] remove repeated file in prepare.sh cp
• [wolfssl] renamed SSL_OP_NO_TICKET
• [ci] more featureful build on NetBSD
• [mod_authn_gssapi] ifndef GSS_KRB5_NT_PRINCIPAL_NAME
• [build] check 'lua54' before other lua variants
• [ci] OpenBSD CFLAGS LDFLAGS PKG_CONFIG_LIBDIR
• [ci] more featureful build on OpenBSD
• [ci] use bash on DragonflyBSD instead of csh
• [ci] special-cases for running tests under MSYS2
• [ci] basic build and run tests under MSYS2
• [tests] remove stray comment from test_mod_expire
• [ci] ci-build.sh NO_DBI option
• [ci] ci-build.sh NO_UUID option
• [ci] ci-build.sh NO_GNUTLS option
• [ci] ci-build.sh NO_MYSQL option
• [core] _WIN32 define PROT_WRITE to PAGE_READWRITE
• [mod_authn_sasl] use HOSTNAME for fqdn on _WIN32
• [ci] more featureful build on MSYS2
• [mod_authn_sasl] fix typo
• [ci] use cygwin test repos for latest packages
• [ci] vmactions usesh: true
• [ci] fix cmake generator path for MSVC
• [mod_wstunnel] read and discard HTTP/1.1 req body
• [core] use log_notice() for conn limit notice (#3239)
• [core] gw_upgrade_policy() shared code
• [mod_wstunnel] handle large kernel socket recv buf
• [core] stat_cache.c replace assert w/ error codes
• [core] remove dev assert in http_chunk_append_mem
• [core] ck_static_assert()
• [core] remove asserts from gw_status_get_counter()
• [core] configparser.y combine assert, remove debug
• [core] remove assert from sock_addr.c
• [mod_fastcgi] check env w/ cond instead of assert
• [core] shared code chunkqueue_close_tempchunk()
• [core] buffer.c combine asserts
• [core] array require nonnull for insert,replace
• [core] li_tohex*() no longer adds '\0'
• [core] accept 65536 in config for ushort values
• [ci] add missing intermediate dep for Cygwin
• [core] clarify configfile parse comment
• [core] fix crash with invalid lighttpd.conf syntax
• [core] lighttpd.conf detect,err if consecutive str
• [mod_magnet] lighty.r.req_body.unspecified_len
• [mod_proxy] handle HTTP/1.0 unspecified req len
• [core] unset Upgrade if downgrade HTTP/1.1 to 1.0
• [mod_magnet] interface to downgrade HTTP/1.1 to 1.0
• [mod_magnet] expand guidance in error message (#3240)
• [debug] use log_debug() instead of log_error() (#3239)
• [mod_wstunnel] use log_warn(),log_notice(),log_info() (#3239)
• [multiple] gw_backend_error_trace() (fixes #1406)
• [mod_webdav] webdav_uuid_v4() to supplant libuuid (#1056)
• [build] remove libuuid dependency (fixes #1056)
• [mod_wstunnel] quiet coverity warning
• [doc] fix typos in doc/config/lighttpd.conf
• [mod_h2] send 502 if backend oversized resp hdrs

External references¶

• https://www.lighttpd.net/2024/2/19/1.4.74