1.4.18
closedRelease Info¶
- Version: 1.4.18
- Previous version: 1.4.17
- Branch: 1.4
- Status: Stable
- Release Purpose: security and bug fixes
- Release manager: darix
- Released date: 2007-09-09
"Release early, release often."
So here we are again. The previous release is already 12 days old! It already got grey hair.
And again we have a small security bug! It seems, if you get the more popular, more people are looking at your code. This time Mattias Bengtsson and Philip Olausson from secweb.se took a look at the code. They found a small bug that could lead to remote code execution in fastcgi applications. (We wont mention names here.)
Changes from 1.4.17¶
- fixed compile error on IRIX 6.5.x on prctl() (#1333)
- fixed forwarding a SIGINT and SIGHUP when using max-workers (#902)
- fixed FastCGI header overrun in mod_fastcgi (reported by mattias@secweb.se)
- fixed hanging redirects with keep-alive due to missing "Content-Length: 0" headers
- fixed crashing when using undefined environment variables in the config
- fixed compilation of mod_mysql_vhost on irix (#1341)
External references¶
Downloads¶
- http://www.lighttpd.net/download/lighttpd-1.4.18.tar.gz
- MD5: 5db3204d57436a032f899ff9dbce793f
- SHA1: 30eb24cdfcfeadf10fa16f187330bdc5deb25ed2
- http://www.lighttpd.net/download/lighttpd-1.4.18.tar.bz2
- MD5: 26f98dddf9d8c0775221b800986003ee
- SHA1: a53a8f8ae8d42d036f0b5129764b822e943cc778
Also available in: TXT