1.4.50
closedRelease Info¶
- Version: 1.4.50
- Previous version: 1.4.49
- Branch: 1.4
- Status: stable
- Release Purpose: bug fixes
- Release manager: gstrauss
- Released date: 2018-08-13
Important changes from 1.4.49¶
- security fixes
- bug fixes
Downloads¶
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.50.tar.gz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.50.tar.gz.asc
- SHA256:
c9a9f175aca6db22ebebbc47de52c54a99bbd1dce8d61bb75103609a3d798235
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.50.tar.xz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.50.tar.xz.asc
- SHA256:
29378312d8887cbc14ffe8a7fadef2d5a08c7e7e1be942795142346ad95629eb
- SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.50.sha256sum
Changes from 1.4.49¶
- [mod_extforward] allow explict IPs to be untrusted (#2860)
- [core] fix crash if 'host' empty in config (fixes #2876)
- [mod_magnet] fix regression in lighty.stat (fixes #2877)
- [core] minor code cleanup in gw_recv_response()
- [core] fix rare race condition from backends (fixes #2878)
- [mod_proxy] fix segfault in Set-Cookie reverse map (fixes #2879)
- [core] fdevent_accept_listenfd() nonblock cloexec
- [build] remove m4 AC_PATH_PROG for PKG_CONFIG
- [core] some header cleanup
- [mod_wstunnel] better Sec-WebSocket-Protocol parse
- [mod_magnet] code reuse
- [mod_magnet] reduce buffer copies
- [mod_fastcgi,mod_scgi] fastcgi.balance,scgi.balance (fixes #2882)
- [core] check if SOCK_NONBLOCK is ignored (fixes #2883)
- [core] buffer_append_string_encoded_hex_lc()
- [core] more efficient hex2int()
- [mod_secdownload] compare bin MAC instead of hex
- [core] li_tohex_lc() explicitly uses lc hex chars
- [core] buffer_append_uint_hex_lc() uses lc hex
- [core] buffer_append_string_encoded() uc hex
- [tests] reduce test_base64 brute force tests
- [tests] remove test_buffer output, except on error
- [core] check for continuation in server.tag
- [core] CONNECT must be handled before fs hooks
- [mod_redirect, mod_rewrite] code reuse (sharing)
- [core] data_config_pcre_compile,exec()
- [tests] test_request unit tests
- [core] http_kv.[ch] method, status, version str
- [core] remove unused get_http_status_body_name()
- [core] remove proc_open.[ch], reduce stdio.h use
- [tests] move src/test_*.c to src/t/
- [core] server.http-parseopts URL normalization opt (fixes #1720)
- [core] inline some buffer.[ch] routines
- [core] remove some duplicative code in log.c
- [core] debug server.log-request-header-on-error
- [mod_redirect,mod_rewrite] short-circuit earlier
- [core] fix buffer_to_upper()
- [mod_cgi] handle CGI partial response header write
- [mod_redirect,mod_rewrite] pass request URI info
- [mod_redirect,mod_rewrite] encoding options (fixes #443, fixes #911)
- [mod_redirect,mod_rewrite] fix segfault w/ invalid syntax (fixes #2892)
- [mod_fastcgi] fix memleak with FastCGI auth,resp (fixes #2894)
- [mod_alias] security: potential path traversal with specific configs
- [mod_wstunnel] quiet 32-bit compiler warnings
- [core] POLLRDHUP handling for transparent proxying
- [mod_redirect,mod_rewrite] support up to 19 match
- [core] add missing includes to quiet compiler warn
- [mod_redirect,mod_rewrite] base64url encoding opt
- [mod_rewrite] require rewrite result to begin '/'
- [core] security: use-after-free invalid Range req
- [core] reset var if FAMMonitorDirectory() fails
- [core] option to propagate TCP FIN to backend host
- mod_sockproxy - socket forwarding
- [core] workaround Coverity cov-build bug with gcc7
- [build] add missing file for test_burl
- [core] quell insignificant coverity warning
- [core] extend server.http-parseopts
- [mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898)
- [core] security: use-after-free after invalid Range request (fixes #2899)
External references¶
Also available in: TXT