Lighttpd 1.4.50 发布高性能 Web 服务器

Lighttpd 1.4.50 已发布，Lighttpd 是一个开源 Web 服务器软件，旨在提供一个专门针对高性能网站，安全、快速、兼容性好并且灵活的 Web Server 环境。具有非常低的内存开销，CPU 占用率低，效能好，以及丰富的模块等特点。

重要变更

安全修复
bug 修复

下载地址

lighttpd-1.4.50.tar.gz (GPG signature)

SHA256: c9a9f175aca6db22ebebbc47de52c54a99bbd1dce8d61bb75103609a3d798235

lighttpd-1.4.50.tar.xz (GPG signature)

SHA256: 29378312d8887cbc14ffe8a7fadef2d5a08c7e7e1be942795142346ad95629eb

SHA256 checksums

自 1.4.49 以来的变更

[mod_extforward] allow explict IPs to be untrusted (#2860)
[core] fix crash if ‘host’ empty in config (fixes #2876)
[mod_magnet] fix regression in lighty.stat (fixes #2877)
[core] minor code cleanup in gw_recv_response()
[core] fix rare race condition from backends (fixes #2878)
[mod_proxy] fix segfault in Set-Cookie reverse map (fixes #2879)
[core] fdevent_accept_listenfd() nonblock cloexec
[build] remove m4 AC_PATH_PROG for PKG_CONFIG
[core] some header cleanup
[mod_wstunnel] better Sec-WebSocket-Protocol parse
[mod_magnet] code reuse
[mod_magnet] reduce buffer copies
[mod_fastcgi,mod_scgi] fastcgi.balance,scgi.balance (fixes #2882)
[core] check if SOCK_NONBLOCK is ignored (fixes #2883)
[core] buffer_append_string_encoded_hex_lc()
[core] more efficient hex2int()
[mod_secdownload] compare bin MAC instead of hex
[core] li_tohex_lc() explicitly uses lc hex chars
[core] buffer_append_uint_hex_lc() uses lc hex
[core] buffer_append_string_encoded() uc hex
[tests] reduce test_base64 brute force tests
[tests] remove test_buffer output, except on error
[core] check for continuation in server.tag
[core] CONNECT must be handled before fs hooks
[mod_redirect, mod_rewrite] code reuse (sharing)
[core] data_config_pcre_compile,exec()
[tests] test_request unit tests
[core] http_kv.[ch] method, status, version str
[core] remove unused get_http_status_body_name()
[core] remove proc_open.[ch], reduce stdio.h use
[tests] move src/test_*.c to src/t/
[core] server.http-parseopts URL normalization opt (fixes #1720)
[core] inline some buffer.[ch] routines
[core] remove some duplicative code in log.c
[core] debug server.log-request-header-on-error
[mod_redirect,mod_rewrite] short-circuit earlier
[core] fix buffer_to_upper()
[mod_cgi] handle CGI partial response header write
[mod_redirect,mod_rewrite] pass request URI info
[mod_redirect,mod_rewrite] encoding options (fixes #443, fixes #911)
[mod_redirect,mod_rewrite] fix segfault w/ invalid syntax (fixes #2892)
[mod_fastcgi] fix memleak with FastCGI auth,resp (fixes #2894)
[mod_alias] security: potential path traversal with specific configs
[mod_wstunnel] quiet 32-bit compiler warnings
[core] POLLRDHUP handling for transparent proxying
[mod_redirect,mod_rewrite] support up to 19 match
[core] add missing includes to quiet compiler warn
[mod_redirect,mod_rewrite] base64url encoding opt
[mod_rewrite] require rewrite result to begin ‘/’
[core] security: use-after-free invalid Range req
[core] reset var if FAMMonitorDirectory() fails
[core] option to propagate TCP FIN to backend host
mod_sockproxy – socket forwarding
[core] workaround Coverity cov-build bug with gcc7
[build] add missing file for test_burl
[core] quell insignificant coverity warning
[core] extend server.http-parseopts
[mod_alias] security: path traversal in mod_alias (in some use cases) (fixes #2898)
[core] security: use-after-free after invalid Range request (fixes #2899)