- Table of contents
- Security
Security¶
The latest lighttpd stable version is the best available version of lighttpd.
lighttpd release notes index
Maintaining Software¶
Make a habit of maintaining systems. Regularly check for updates, test, and roll out to production in a scheduled and controlled fashion.
lighttpd security defaults are incrementally updated over time to be more secure, but only have the desired effect when updates are deployed. "No changes" policies are detrimental to security, preventing bugs from being fixed and security policies from being incrementally updated to be more secure. To be properly maintained, software periodically must be updated.
The latest lighttpd stable version is the best available version of lighttpd.
If any issues arise in a new lighttpd release, the issues are typically reported and resolved within a month, and visible in the public lighttpd issue tracker. Best practices for vendors, distributors, and users include testing and rolling out new lighttpd releases to production in a timely fashion. lighttpd release notes announce occasional behavior changes, such as incrementally increasing security of TLS defaults, and lighttpd configurations work with new releases without modification (unless otherwise announced in release notes); upgrading to the latest lighttpd stable version is safe and recommended.
Updated by gstrauss 7 months ago · 1 revisions