1.4.21
closedRelease Info¶
- Version: 1.4.21
- Previous version: 1.4.20
- Branch: 1.4
- Status: stable
- Release Purpose: bug fixes
- Release manager: stbuehler
- Released date: 2009-02-16
"Yes we can... do another release"
Four and a half months after the release of 1.4.20 comes a new version in the stable branch of lighty: 1.4.21 is here.
It is a bugfix release but also contains 3 small new features.
We would like to thank everybody who reported bugs, especially the ones who provided patches.
spawn-fcgi warning¶
We decided to remove spawn-fcgi after this release from the lighttpd source, there is now a separate project for it:
http://redmine.lighttpd.net/projects/spawn-fcgi
Important changes¶
- Reverted fix for CVE-2008-4359 (too many regressions - see #1720 and r2362): do NOT use rewrite/redirect to protect specific urls!
- Fixed a bug when server.max-connections was hit
- SSLv2 disabled by default
- New setting to disable returning of a 417 if "Expect: 100-continue" header is given:
server.reject-expect-100-with-417 = "disable"
- Settings that require numbers can now be strings too which get converted. Useful in conjunction wth env vars (thx andrewb)
- mod_compress now supports caching through etags and last-modified
- The annoying log entries about timeouted connections are now disabled by default and can be enabled with a new setting:
debug.log-timeouts = "enable"
- New
$HTTP["language"]
conditional (thx to petar) which allows interesting new configs like:
$HTTP["language"] =~ "(de|it|hr)" { url.redirect = ( "^/$" => "http://www.site.net/%1/" ) }
Downloads¶
- http://www.lighttpd.net/download/lighttpd-1.4.21.tar.gz
- MD5:
5ff4e7075652f6cc200fa278ea2b1f96
- SHA1:
6b42570b0b19cfbcb4324780c61625b139f6ef8e
- MD5:
- http://www.lighttpd.net/download/lighttpd-1.4.21.tar.bz2
- MD5:
49eeba63c931fa82120711adc7182731
- SHA1:
e76f83b9c56c83f0a734ad0bdd20351fc97472d2
- MD5:
- SHA1 checksums: http://www.lighttpd.net/download/lighttpd-1.4.21.sha1sum
- MD5 checksums: http://www.lighttpd.net/download/lighttpd-1.4.21.md5sum
Changes from 1.4.20¶
- Fix base64 decoding in mod_auth (#1757, thx guido)
- Fix mod_cgi segfault when bound to unix domain socket (#653)
- Do not rely on ioctl FIONREAD (#673)
- Now really fix mod auth ldap (#1066)
- Fix leaving zombie process with include_shell (#1777)
- Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff
- Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb)
- Do not cache default vhost in mod_simple_vhost (#709)
- Trust pcre-config, do not check for pcre manually (#1769)
- Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
- Add possibility to disable methods in mod_compress (#1773)
- Fix duplicate connection keep-alive/transfer-encoding headers (#960)
- Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715)
- Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests
- Compare address family in inet_ntop_cache
- Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions.
- Use FD_CLOEXEC if possible (fixes #1821)
- Optimized buffer usage in mod_proxy (fixes #1850)
- Fix uninitialized value in time struct after strptime
- Do not pass Proxy-Connection: header from client to backend http server in mod_proxy (#1877)
- Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng)
- Some small buffer.c fixes (closes #1837)
- Remove floating point math from server.c (fixes #1402)
- Disable SSLv2 by default
- Use/enforce sane max-connection values (fixes #1803)
- Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884)
- Add option to ignore the "Expect: 100-continue" header instead of returning 417 Expectation failed (closes #1017)
- Use modified etags in mod_compress (fixes #1800)
- Fix max-connection limit handling/100% cpu usage (fixes #1436)
- Fix error handling in freebsd-sendfile (fixes #1813)
- Silenced the annoying "request timed out" warning, enable with the "debug.log-timeouts" option (fixes #1529)
- Allow tabs in header values (fixes #1822)
- Added Language conditional (fixes #1119); patch by petar
- Fix wrong format strings (#1900, thx stepancheg)
External references¶
Also available in: TXT