2005-02-20 14:27:00 +00:00
|
|
|
|
|
|
|
|
|
|
====
|
|
|
|
|
|
NEWS
|
|
|
|
|
|
====
|
|
|
|
|
|
|
2013-09-27 20:22:12 +00:00
|
|
|
|
- 1.4.34
|
2013-10-13 11:16:55 +00:00
|
|
|
|
* [mod_auth] explicitly link ssl for SHA1 (fixes #2517)
|
2013-10-13 11:34:55 +00:00
|
|
|
|
* [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
|
2013-11-05 15:29:07 +00:00
|
|
|
|
* [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508)
|
2013-11-13 11:43:23 +00:00
|
|
|
|
* [doc] update ssl.cipher-list recommendation
|
2013-11-13 11:43:28 +00:00
|
|
|
|
* [stat-cache] FAM: fix use after free (CVE-2013-4560)
|
2013-11-13 11:43:31 +00:00
|
|
|
|
* [stat-cache] fix FAM cleanup/fdevent handling
|
2013-11-13 11:43:33 +00:00
|
|
|
|
* [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
|
2013-09-27 20:22:12 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.33 - 2013-09-27
|
2013-01-04 13:54:38 +00:00
|
|
|
|
* mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)
|
2013-01-22 13:08:21 +00:00
|
|
|
|
* fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors);
|
|
|
|
|
|
follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
|
2013-03-25 17:22:32 +00:00
|
|
|
|
* [mod_fastcgi,log] support multi line logging (fixes #2252)
|
2013-03-25 17:22:34 +00:00
|
|
|
|
* call ERR_clear_error only for ssl connections in CON_STATE_ERROR
|
2013-03-25 17:22:36 +00:00
|
|
|
|
* reject non ASCII characters in HTTP header names
|
2013-04-29 13:08:23 +00:00
|
|
|
|
* [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)
|
2013-04-29 13:08:25 +00:00
|
|
|
|
* [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better.
|
2013-05-15 10:31:04 +00:00
|
|
|
|
* [mod_auth] fix base64_decode (#2484)
|
2013-05-15 10:31:07 +00:00
|
|
|
|
* fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu)
|
2013-05-15 10:31:09 +00:00
|
|
|
|
* fix undefined stuff found with clang
|
2013-06-29 09:45:23 +00:00
|
|
|
|
* [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
|
2013-06-29 09:45:27 +00:00
|
|
|
|
* [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
|
2013-06-29 09:45:29 +00:00
|
|
|
|
* [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490)
|
2013-06-29 10:07:43 +00:00
|
|
|
|
* [mod_userdir] add userdir.active option, "enabled" by default
|
2013-06-29 10:53:22 +00:00
|
|
|
|
* [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
|
2013-06-29 10:53:24 +00:00
|
|
|
|
* [core] recognize more http methods to forward to backends (fixes #2346)
|
2013-06-29 12:46:00 +00:00
|
|
|
|
* [ssl] use DH only if openssl supports it (fixes #2479)
|
2013-06-29 12:46:02 +00:00
|
|
|
|
* [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470)
|
2013-07-31 20:23:21 +00:00
|
|
|
|
* [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
|
2013-08-30 13:14:48 +00:00
|
|
|
|
* [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
|
2013-08-30 13:14:50 +00:00
|
|
|
|
* [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
|
2013-08-30 13:14:52 +00:00
|
|
|
|
* [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
|
2013-08-30 13:14:56 +00:00
|
|
|
|
* [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436)
|
2013-08-30 13:14:57 +00:00
|
|
|
|
* [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
|
2013-08-30 13:14:59 +00:00
|
|
|
|
* [core] check whether server.chroot exists
|
2013-08-30 13:15:03 +00:00
|
|
|
|
* [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
|
2013-08-30 14:13:43 +00:00
|
|
|
|
* [mod_accesslog] add accesslog.syslog-level option (fixes #2480)
|
2013-08-30 15:02:44 +00:00
|
|
|
|
* [core] allow files to be used as document-root (fixes #2475)
|
2013-08-30 15:46:13 +00:00
|
|
|
|
* [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502)
|
2012-11-21 12:34:49 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.32 - 2012-11-21
|
2012-08-31 14:11:48 +00:00
|
|
|
|
* Code cleanup with clang/sparse (fixes #2437, thx kibi)
|
2012-11-06 17:14:37 +00:00
|
|
|
|
* Ignore EPIPE/ECONNRESET after SSL_shutdown
|
2012-11-07 13:07:00 +00:00
|
|
|
|
* Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx dererkazo)
|
2012-11-07 13:07:02 +00:00
|
|
|
|
* configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino)
|
2012-11-07 13:53:00 +00:00
|
|
|
|
* add PATCH method (fixes #2424)
|
2012-11-07 14:23:00 +00:00
|
|
|
|
* fix :port handling in $HTTP["host"] checks (fixes #2135. thx liming)
|
2012-11-09 14:23:22 +00:00
|
|
|
|
* network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel)
|
2012-11-09 14:23:24 +00:00
|
|
|
|
* detect "x-gzip"/"x-bzip2" as separate encodings, more strict encoding matching (fixes #2443)
|
2012-11-09 14:23:25 +00:00
|
|
|
|
* tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi)
|
2012-11-15 08:44:10 +00:00
|
|
|
|
* mod_extforward: log address of untrusted proxy with debug.log-request-handling
|
2012-11-21 12:01:44 +00:00
|
|
|
|
* fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533)
|
2012-11-21 12:01:46 +00:00
|
|
|
|
* remove whitespace at end of header keys
|
2012-08-31 14:11:37 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.31 - 2012-05-31
|
2012-05-31 15:08:36 +00:00
|
|
|
|
* [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI (thx carpii for reporting)
|
2011-12-25 15:35:01 +00:00
|
|
|
|
* Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373)
|
2012-01-11 21:59:51 +00:00
|
|
|
|
* [mod_compress] fix handling if etags are disabled but cache-dir is set - may lead to double response
|
2012-02-24 18:34:20 +00:00
|
|
|
|
* disable mmap by default (fixes #2391)
|
2012-04-08 08:02:44 +00:00
|
|
|
|
* buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)
|
2012-04-19 13:02:06 +00:00
|
|
|
|
* Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413)
|
2012-04-19 13:02:08 +00:00
|
|
|
|
* Fix access log escaping of " and \\ (fixes #1551)
|
2012-04-19 13:02:09 +00:00
|
|
|
|
* [mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (fixes #2410)
|
2012-04-19 13:02:11 +00:00
|
|
|
|
* [auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi specific workaround, add fastcgi test case (fixes #889)
|
2012-04-19 13:02:13 +00:00
|
|
|
|
* [mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes #2333, thx simoncpu)
|
2012-05-18 12:56:30 +00:00
|
|
|
|
* Detect multiple -f options: show error message instead of assert (fixes #2416)
|
2012-05-18 13:28:00 +00:00
|
|
|
|
* [mod_extforward] Support ipv6 addresses (fixes #1889)
|
2012-05-30 16:58:34 +00:00
|
|
|
|
* [mod_redirect] Support url.redirect-code option (fixes #2247)
|
2012-05-31 15:08:36 +00:00
|
|
|
|
* Fix --enable-mmap handling in configure.ac
|
2011-12-18 16:35:12 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.30 - 2011-12-18
|
2011-07-30 09:16:03 +00:00
|
|
|
|
* Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
|
2011-08-22 15:32:55 +00:00
|
|
|
|
* Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
|
|
|
|
|
|
* [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
|
2011-08-30 22:13:59 +00:00
|
|
|
|
* Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
|
2011-09-05 09:32:43 +00:00
|
|
|
|
* Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
|
2011-10-05 13:39:50 +00:00
|
|
|
|
* Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
|
2011-11-29 22:27:11 +00:00
|
|
|
|
* [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
|
2011-11-30 18:40:08 +00:00
|
|
|
|
* [ssl] count renegotiations to prevent client renegotiations
|
2011-11-30 19:59:24 +00:00
|
|
|
|
* [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
|
2011-11-30 20:46:49 +00:00
|
|
|
|
* [core] accept dots in ipv6 addresses in host header (fixes #2359)
|
2011-12-05 17:08:17 +00:00
|
|
|
|
* [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
|
2011-12-18 12:58:04 +00:00
|
|
|
|
* [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324)
|
2011-07-03 16:34:59 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.29 - 2011-07-03
|
2010-09-17 16:43:07 +00:00
|
|
|
|
* Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
|
2010-09-17 16:43:11 +00:00
|
|
|
|
* Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
|
2011-03-13 17:44:39 +00:00
|
|
|
|
* mod_cgi: make read buffer as big as incoming data block
|
2011-03-13 17:44:42 +00:00
|
|
|
|
* [build] Fix detection of libev (fixes #2300)
|
2011-03-13 18:00:09 +00:00
|
|
|
|
* ssl: Support for Diffie-Hellman and Elliptic-Curve Diffie-Hellman key exchange (fixes #2301)
|
|
|
|
|
|
add ssl.use-sslv3 (fixes #2246)
|
|
|
|
|
|
load all algorithms (fixes #2239)
|
2011-04-24 16:02:52 +00:00
|
|
|
|
* [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269)
|
2011-04-24 16:02:55 +00:00
|
|
|
|
* [ssl/build] some minor fixes; fix compile without ssl, cleanup ssl config buffers
|
2011-06-12 15:44:26 +00:00
|
|
|
|
* [proc,include_shell] log error if exec shell fails (fixes #2280)
|
2011-06-13 12:22:02 +00:00
|
|
|
|
* [*cgi] Use physical base dir (alias, userdir) as DOCUMENT_ROOT in cgi environments (fixes #2216)
|
2011-06-13 12:55:54 +00:00
|
|
|
|
* [doc] Move docs to outdated/ subdir and refer to wiki instead (fixes #2248)
|
2011-06-13 17:34:57 +00:00
|
|
|
|
* fdevent: add solaris eventports (fixes #2171)
|
2010-08-22 15:37:46 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.28 - 2010-08-22
|
2010-08-22 11:44:49 +00:00
|
|
|
|
* Rename fdevent_event_add to _set to reflect what the function does. Fix some handlers. (fixes #2249)
|
2010-08-22 11:35:12 +00:00
|
|
|
|
* Fix buffer.h to include stdio.h as it is needer for SEGFAULT() (fixes #2250)
|
2010-08-13 11:12:28 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.27 - 2010-08-13
|
2010-02-28 11:48:05 +00:00
|
|
|
|
* Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)
|
2010-04-07 15:34:51 +00:00
|
|
|
|
* Fix mod_proxy HUP handling (send final chunk, fix usage counter)
|
2010-04-07 15:54:28 +00:00
|
|
|
|
* mod_proxy: close connection on write error (fixes #2114)
|
2010-04-13 15:47:29 +00:00
|
|
|
|
* Check uri instead of physical path for directory redirect
|
2010-04-28 13:12:36 +00:00
|
|
|
|
* Fix detecting git repository (fixes #2173, thx ncopa)
|
2010-04-28 13:35:25 +00:00
|
|
|
|
* [mod_compress] Fix segfault when etags are disabled (fixes #2169)
|
2010-04-28 19:08:11 +00:00
|
|
|
|
* Reset uri.authority before TLS servername handling, reset all "keep-alive" data in connection_del (fixes #2125)
|
2010-05-28 15:16:39 +00:00
|
|
|
|
* Print double quotes properly when dumping config file (fixes #1806)
|
2010-05-28 15:54:27 +00:00
|
|
|
|
* Include IP addresses on error log on password failures (fixes #2191)
|
2010-07-04 07:45:13 +00:00
|
|
|
|
* Fix stalls while reading from ssl sockets (fixes #2197)
|
2010-07-04 07:45:17 +00:00
|
|
|
|
* Fix etag formatting on boxes with 32-bit longs
|
2010-07-04 07:45:25 +00:00
|
|
|
|
* Fix two compiler warnings
|
2010-07-04 08:30:48 +00:00
|
|
|
|
* mod_accesslog: fix %p for ipv6 sockets (fixes #2228, thx jo.henke)
|
2010-07-04 08:30:52 +00:00
|
|
|
|
* mod_fastcgi: Send 502 "Bad Gateway" if we couldn't open the file for X-Sendfile (fixes #2226)
|
2010-07-04 08:43:37 +00:00
|
|
|
|
* mod_staticfile: add debug output if we ignore a file with static-file.exclude-extensions (fixes #2215)
|
2010-07-04 10:37:34 +00:00
|
|
|
|
* mod_cgi: fix race condition leaving response not forwarded to client (fixes #2217)
|
2010-07-11 17:18:54 +00:00
|
|
|
|
* mod_accesslog: Fix var declarations mixed in source (fixes #2233)
|
2010-07-11 17:18:59 +00:00
|
|
|
|
* mod_status: Add version to status page (fixes #2219)
|
2010-08-05 19:53:49 +00:00
|
|
|
|
* mod_accesslog: optimize accesslog_append_escaped (fixes #2236, thx crypt)
|
2010-08-05 20:42:18 +00:00
|
|
|
|
* openssl: silence annoying error messages for errno==0 (fixes #2213)
|
2010-08-05 21:08:23 +00:00
|
|
|
|
* array.c: improve array_get_unused_element to check data type; fix mem leak if unused_element didn't find a matching entry (fixes #2145)
|
2010-08-05 22:55:18 +00:00
|
|
|
|
* add check to stop loading plugins twice
|
2010-08-06 21:57:15 +00:00
|
|
|
|
* cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
|
2010-08-06 21:57:19 +00:00
|
|
|
|
* only require FDEVENT_IN bit to be set for listening connections (fixes #2227)
|
2010-08-07 10:46:34 +00:00
|
|
|
|
* add libev fdevent handler: server.event-handler = "libev"
|
2010-08-07 11:41:27 +00:00
|
|
|
|
* mod_proxy: return response as soon as it is available (fixes #2196)
|
2010-08-07 11:56:09 +00:00
|
|
|
|
* don't overwrite global server.force-lowercase-filenames setting (fixes #2042)
|
2010-08-07 13:16:16 +00:00
|
|
|
|
* bind to IPV6-only if ipv6 address was specified (http://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config)
|
2010-02-07 21:02:54 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.26 - 2010-02-07
|
2010-01-30 21:27:38 +00:00
|
|
|
|
* Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)
|
|
|
|
|
|
* Remove dependency on automake >= 1.11 with m4_ifdef check
|
|
|
|
|
|
* mod_accesslog: support %e (fixes #2113, thx presbrey)
|
|
|
|
|
|
* Fix mod_cgi cgi.execute-x-only option in global block
|
|
|
|
|
|
* mod_fastcgi: x-sendfile2 parse error debugging
|
|
|
|
|
|
* Fix mod_proxy dead host detection if connect() fails
|
|
|
|
|
|
* Fix fd leaks in mod_cgi (fds not closed on pipe/fork failures, found by Rodrigo, fixes #2158, #2159)
|
|
|
|
|
|
* Fix segfault with broken rewrite/redirect patterns (fixes #2140, found by crypt)
|
2010-02-07 19:51:52 +00:00
|
|
|
|
* Append to previous buffer in con read, fix DoS/OOM vulnerability (fixes #2147, found by liming, CVE-2010-0295)
|
2010-02-04 10:13:37 +00:00
|
|
|
|
* Fix HUP detection in close-state if event-backend doesn't support FDEVENT_HUP (like select or poll on FreeBSD)
|
2009-11-21 16:08:36 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.25 - 2009-11-21
|
2009-10-26 14:16:15 +00:00
|
|
|
|
* mod_magnet: fix pairs() for normal tables and strings (fixes #1307)
|
2009-10-26 14:16:20 +00:00
|
|
|
|
* mod_magnet: add traceback for printing lua errors
|
2009-10-26 18:48:26 +00:00
|
|
|
|
* mod_rewrite: fix compile error if compiled without pcre
|
2009-10-27 08:46:05 +00:00
|
|
|
|
* disable warning "CLOSE-read" (fixes #2091)
|
2009-10-31 09:54:13 +00:00
|
|
|
|
* mod_rrdtool: fix creating file if it doesn't exist (#1788)
|
2009-11-05 17:32:08 +00:00
|
|
|
|
* reset tlsext_server_name in connection_reset - fixes random hostnames in the $HTTP["host"] conditional
|
2009-11-05 21:46:48 +00:00
|
|
|
|
* export some SSL_CLIENT_* vars for client cert validation (fixes #1288, thx presbrey)
|
2009-11-07 18:24:04 +00:00
|
|
|
|
* mod_fastcgi: fix mod_fastcgi packet parsing
|
2009-11-07 22:00:10 +00:00
|
|
|
|
* mod_fastcgi: Don't reconnect after connect() succeeded (fixes #2096)
|
2009-11-21 15:11:59 +00:00
|
|
|
|
* Fix configure.ac to allow autoreconf, also enables make V=0
|
2009-10-26 14:16:09 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.24 - 2009-10-25
|
2009-06-21 17:25:24 +00:00
|
|
|
|
* Add T_CONFIG_INT for bigger integers from the config (needed for #1966)
|
2009-06-21 17:25:31 +00:00
|
|
|
|
* Use unsigned int (and T_CONFIG_INT) for max_request_size
|
|
|
|
|
|
* Use unsigned int for secdownload.timeout (fixes #1966)
|
2009-06-21 17:25:34 +00:00
|
|
|
|
* Keep url/host values from connection to display information while keep-alive in mod_status (fixes #1202)
|
2009-06-21 17:25:39 +00:00
|
|
|
|
* Add server.breakagelog, a "special" stderr (fixes #1863)
|
2009-07-01 16:04:17 +00:00
|
|
|
|
* Fix config evaluation for debug.log-timeouts option (#1529)
|
2009-07-04 20:23:00 +00:00
|
|
|
|
* Add "cgi.execute-x-only" to mod_cgi, requires +x for cgi scripts (fixes #2013)
|
2009-07-10 16:16:11 +00:00
|
|
|
|
* Fix FD_SETSIZE comparision warnings
|
2009-07-10 16:19:45 +00:00
|
|
|
|
* Add "lua-5.1" to searched pkg-config names for lua
|
2009-07-10 16:23:59 +00:00
|
|
|
|
* Fix unused function webdav_lockdiscovery in mod_webdav
|
2009-07-10 16:36:36 +00:00
|
|
|
|
* cmake: Fix crypt lib check
|
2009-07-10 16:46:04 +00:00
|
|
|
|
* cmake: Add -export-dynamic to link flags, fixes build on FreeBSD
|
2009-07-11 09:01:18 +00:00
|
|
|
|
* Set FD_CLOEXEC for bound sockets before pipe-logger forks (fixes #2026)
|
2009-07-13 13:41:44 +00:00
|
|
|
|
* Reset ignored signals to SIG_DFL before exec() in fastcgi/scgi (fixes #2029)
|
2009-07-13 13:48:29 +00:00
|
|
|
|
* Show "no uri specified -> 400" error only when "debug.log-request-header-on-error" is enabled (fixes #2030)
|
2009-07-13 14:13:52 +00:00
|
|
|
|
* Fix hanging connection in mod_scgi (fixes #2024)
|
2009-07-14 12:57:27 +00:00
|
|
|
|
* Allow digits in hostnames in more places (fixes #1148)
|
2009-07-14 13:15:38 +00:00
|
|
|
|
* Use connection_reset instead of handle_request_done for cleanup callbacks
|
2009-07-23 23:37:46 +00:00
|
|
|
|
* Change mod_expire to append Cache-Control instead of overwriting it (fixes #1997)
|
2009-07-16 23:23:08 +00:00
|
|
|
|
* Allow all comparisons for $SERVER["socket"] - only bind for "=="
|
2009-07-21 08:52:33 +00:00
|
|
|
|
* Remove strptime failed message (fixes #2031)
|
2009-07-21 20:35:27 +00:00
|
|
|
|
* Fix issues found with clang analyzer
|
2009-07-23 13:01:38 +00:00
|
|
|
|
* Try to fix server.tag issue with localized svnversion
|
2009-07-23 21:42:24 +00:00
|
|
|
|
* Fix handling network-write return values (#2024)
|
2009-07-23 21:42:59 +00:00
|
|
|
|
* Use disable-time in fastcgi for all disables after errors, default is 1sec (fixes #2040)
|
2009-07-23 21:43:07 +00:00
|
|
|
|
* Remove adaptive spawning code from fastcgi (was disabled for a long time)
|
2009-07-24 20:26:17 +00:00
|
|
|
|
* Allow mod_mysql_vhost to use stored procedures (fixes #2011, thx Ben Brown)
|
2009-07-27 16:12:36 +00:00
|
|
|
|
* Fix ipv6 in mod_proxy (fixes #2043)
|
2009-07-30 18:15:04 +00:00
|
|
|
|
* Print errors from include_shell to stderr
|
2009-08-06 08:33:19 +00:00
|
|
|
|
* Set tm.tm_isdst = 0 before mktime() (fixes #2047)
|
2009-08-12 18:27:18 +00:00
|
|
|
|
* Use linux-epoll by default if available (fixes #2021, thx Olaf van der Spek)
|
2009-08-28 19:30:48 +00:00
|
|
|
|
* Print an error if you use too many captures in a regex pattern (fixes #2059)
|
2009-09-21 13:15:57 +00:00
|
|
|
|
* Combine Cache-Control header value in mod_expire to existing HTTP header if header already added by other modules (fixes #2068)
|
2009-10-11 19:11:45 +00:00
|
|
|
|
* Remember keep-alive-idle in separate variable (fixes #1988)
|
|
|
|
|
|
* Fix header inclusion order, always include "config.h" before any system header
|
|
|
|
|
|
* mod_webdav: Patch to skip login information for domain part of Destination field (fixes #1793)
|
|
|
|
|
|
* mod_webdav: Delete old properties before updating new for MOVE (fixes #1317)
|
|
|
|
|
|
* Read hostname from absolute uris in the request line (fixes #1937)
|
|
|
|
|
|
* mod_fastcgi: don't disable backend if disable-time is 0 (fixes #1825)
|
2009-10-11 19:27:55 +00:00
|
|
|
|
* mod_compress: match partial+full content-type (fixes #1552)
|
2009-10-11 19:46:32 +00:00
|
|
|
|
* mod_fastcgi: fix is_local detection, respawn backends if bin-path is set (fixes #897)
|
2009-10-11 20:36:49 +00:00
|
|
|
|
* Fix linger-on-close behaviour to avoid rare failure conditions (was r2636, fixes #657)
|
2009-10-11 21:54:50 +00:00
|
|
|
|
* mod_fastcgi: restart local procs immediately after they terminated, fix local procs handling
|
2009-10-12 08:48:08 +00:00
|
|
|
|
* Fix segfault on invalid config "duplicate else conditions" (fixes #2065)
|
2009-10-12 09:35:01 +00:00
|
|
|
|
* mod_usertrack: Use T_CONFIG_INT for max-age, solves range problem (#1455)
|
2009-10-12 10:13:01 +00:00
|
|
|
|
* mod_accesslog: configurable timestamp logging (fixes #1479)
|
2009-10-12 10:39:36 +00:00
|
|
|
|
* always define _GNU_SOURCE
|
2009-10-12 19:49:43 +00:00
|
|
|
|
* Add some iterators for mod_magnet (fixes #1307)
|
2009-10-12 20:59:38 +00:00
|
|
|
|
* Fix close_timeout_ts trigger (should finally fix lingering close)
|
2009-10-12 21:49:09 +00:00
|
|
|
|
* mod_rewrite: add url.rewrite-[repeat-]if-not-file to rewrite if file doesn't exist or is not a regular file (fixes #985, thx lucas aerbeydt)
|
2009-10-14 13:39:59 +00:00
|
|
|
|
* Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg <peter@colberg.org>)
|
2009-10-14 18:19:19 +00:00
|
|
|
|
* Add SSL Client Certificate verification (#1288)
|
2009-10-16 09:02:41 +00:00
|
|
|
|
* mod_fastcgi: Fix host->active_procs counter, return 503 if connect wasn't successful after 5 tries (fixes #1825)
|
2009-10-16 16:43:28 +00:00
|
|
|
|
* mod_accesslog: escape special characters (fixes #1551, thx icy)
|
2009-10-17 14:06:37 +00:00
|
|
|
|
* fix mod_webdav crash from #1793 (fixes #2084, thx hiroya)
|
2009-10-16 22:06:22 +00:00
|
|
|
|
* Don't print ssl error if client didn't support TLS SNI
|
2009-10-19 13:26:01 +00:00
|
|
|
|
* Fix linger close timeout handling, drop timeout to 5 seconds (fixes #2086)
|
2009-10-20 07:32:40 +00:00
|
|
|
|
* Fix broken return values from int to enum in mod_fastcgi
|
2009-06-19 20:26:45 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.23 - 2009-06-19
|
2009-03-07 21:05:37 +00:00
|
|
|
|
* Added some extra warning options in cmake and fix the resulting warnings (unused/static functions)
|
2009-03-07 21:05:41 +00:00
|
|
|
|
* New lighttpd man page (moved it to section 8) (fixes #1875)
|
2009-03-11 21:45:17 +00:00
|
|
|
|
* Create rrd file for empty rrdfile in mod_rrdtool (#1788)
|
2009-04-01 17:35:17 +00:00
|
|
|
|
* Fix workaround for incorrect path info/scriptname if fastcgi prefix is "/" (fixes #729)
|
2009-04-03 22:41:02 +00:00
|
|
|
|
* Finally removed spawn-fcgi
|
2009-04-05 19:36:39 +00:00
|
|
|
|
* Allow xattr to overwrite mime type (fixes #1929)
|
2009-04-05 21:50:56 +00:00
|
|
|
|
* Remove link from errormsg about fastcgi apps (fixes #1942)
|
2009-04-09 16:51:36 +00:00
|
|
|
|
* Strip trailing dot from "Host:" header
|
2009-04-09 16:51:44 +00:00
|
|
|
|
* Remove the optional port info from SERVER_NAME (thx Mr_Bond)
|
2009-04-09 16:51:46 +00:00
|
|
|
|
* Fix mod_proxy RoundRobin (off by one problem if only one backend is up)
|
2009-04-09 16:51:50 +00:00
|
|
|
|
* Rename configure.in to configure.ac, with small cleanups (fixes #1932)
|
2009-04-09 16:51:52 +00:00
|
|
|
|
* Add proper SUID bit detection (fixes #416)
|
2009-04-09 16:51:56 +00:00
|
|
|
|
* Check for regular file in mod_cgi, so we don't try to start directories
|
2009-04-09 17:39:20 +00:00
|
|
|
|
* Include mmap.h from chunk.h to fix some problems with #define mmap mmap64 (fixes #1923)
|
2009-04-10 10:50:51 +00:00
|
|
|
|
* Add support for pipe logging for server.errorlog (fixes #296)
|
2009-04-10 17:35:19 +00:00
|
|
|
|
* Add revision number to package version for svn/git checkouts
|
2009-04-11 12:48:27 +00:00
|
|
|
|
* Use server.tag for SERVER_SOFTWARE if configured (fixes #357)
|
2009-04-15 22:33:30 +00:00
|
|
|
|
* Fix trailing zero char in REQUEST_URI after "strip-request-uri" in mod_fastcgi
|
2009-04-15 22:33:34 +00:00
|
|
|
|
* mod_magnet: Add env["request.remote-ip"] (fixes #1740)
|
2009-04-15 22:33:36 +00:00
|
|
|
|
* mod_magnet: Add env["request.path-info"]
|
2009-04-16 12:14:00 +00:00
|
|
|
|
* Change name/version separator back to "/" (affects every place where the version is printed)
|
2009-04-24 19:22:16 +00:00
|
|
|
|
* Fix bug with FastCGI request id overflow under high load; just use always id 1 as we don't use multiplexing. (thx jgray)
|
2009-04-26 16:40:55 +00:00
|
|
|
|
* Add some dirlisting enhancements (fixes #1458)
|
2009-04-26 17:59:55 +00:00
|
|
|
|
* Add option to enable TCP_DEFER_ACCEPT (fixes #1447)
|
2009-04-26 18:29:09 +00:00
|
|
|
|
* Limit amount of bytes read for one read-event (fixes #1070)
|
2009-04-26 18:29:14 +00:00
|
|
|
|
* Add evasive.silent option (fixes #1438)
|
2009-04-26 19:43:22 +00:00
|
|
|
|
* Make mod_extforward headers configurable (fixes #1545)
|
2009-04-26 20:19:31 +00:00
|
|
|
|
* Add '%_' pattern for complete hostname in mod_evhost (fixes #1737)
|
2009-04-26 21:02:16 +00:00
|
|
|
|
* Add IPv6 support to mod_proxy (fixes #1537)
|
2009-04-27 09:28:45 +00:00
|
|
|
|
* mod_ssi printenv: print cgi env, add environment vars to cgi env (fixes #1713)
|
2009-04-27 09:28:48 +00:00
|
|
|
|
* Fix error message if no auth backend was set
|
2009-04-28 18:26:23 +00:00
|
|
|
|
* Fix SERVER_NAME port stripping (fixes #1968)
|
2009-04-28 18:28:13 +00:00
|
|
|
|
* Fix x-sendfile 2gb limiting (fixes #1970)
|
2009-04-28 18:32:03 +00:00
|
|
|
|
* Fix mod_cgi environment keys mangling (fixes #1969)
|
2009-04-29 14:51:35 +00:00
|
|
|
|
* Fix workaround for incorrect path info/scriptname if scgi prefix is "/" (fixes #729)
|
2009-05-10 12:20:19 +00:00
|
|
|
|
* Fix max-age value in mod_expire for 'modification' (fixes #1978)
|
2009-05-12 06:47:00 +00:00
|
|
|
|
* Fix evasive.silent option (#1438)
|
2009-05-19 18:39:44 +00:00
|
|
|
|
* Fix mod-fastcgi counters
|
2009-06-03 16:07:20 +00:00
|
|
|
|
* Modify fastcgi error message
|
2009-06-03 16:44:37 +00:00
|
|
|
|
* Backup errno for later usage (reported by Guido Reina via mailinglist)
|
2009-06-07 17:46:11 +00:00
|
|
|
|
* Improve FastCGI performance (fixes #1999)
|
2009-06-07 19:07:31 +00:00
|
|
|
|
* Workaround broken operating systems: check for trailing '/' in filenames (fixes #1989)
|
2009-06-07 19:31:24 +00:00
|
|
|
|
* Allow using pcre with cross-compiling (pcre-config got fixed; fixes #1986)
|
2009-06-10 13:08:15 +00:00
|
|
|
|
* Add "lighty.req_env" table to mod_magnet for setting/getting environment values for cgi (fixes #1967, thx presbrey)
|
2009-06-10 14:31:06 +00:00
|
|
|
|
* Fix segfault in mod_expire after failed config parsing (fixes #1992)
|
2009-06-10 14:50:42 +00:00
|
|
|
|
* Add ssi.content-type option (default text/html, fixes #615)
|
2009-06-11 09:53:34 +00:00
|
|
|
|
* Add support for "real" entropy from /dev/[u]random (fixes #1977)
|
2009-06-11 10:09:14 +00:00
|
|
|
|
* Adding support for additional chars in LDAP usernames (fixes #1941)
|
2009-06-11 10:18:36 +00:00
|
|
|
|
* Ignore multiple "If-None-Match" headers (only use first one, fixes #753)
|
2009-06-11 14:04:57 +00:00
|
|
|
|
* Fix 100% cpu usage if time() < 0 (thx to gaspa and cate, fixes #1964)
|
2009-06-11 14:09:25 +00:00
|
|
|
|
* Allow max-keep-alive-requests to depend on conditional (fixes #1881)
|
2009-06-16 13:47:15 +00:00
|
|
|
|
* Make dependency on svnversion/git optional (for devel versionstamp, fixes #2009)
|
2009-03-07 15:46:23 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.22 - 2009-03-07
|
2009-02-17 13:38:22 +00:00
|
|
|
|
* Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533)
|
2009-02-17 22:45:44 +00:00
|
|
|
|
* Fix default vhost in mod_simple_vhost (fixes #1905)
|
2009-02-19 13:13:58 +00:00
|
|
|
|
* Handle EINTR in mod_rrdtool (fixes #604)
|
2009-02-19 13:14:02 +00:00
|
|
|
|
* Fix rrd error after graceful restart (fixes #419)
|
2009-02-24 13:31:26 +00:00
|
|
|
|
* Fix EAGAIN handling for freebsd sendfile (fixes #1913, thx AnMaster for spotting the problem)
|
2009-02-28 20:54:10 +00:00
|
|
|
|
* Fix segfault in mod_scgi (fixes #1911)
|
2009-02-28 21:38:50 +00:00
|
|
|
|
* Treat EPIPE as connection-closed error in network_freebsd_sendfile.c (another fix from #1913)
|
2009-03-03 10:41:06 +00:00
|
|
|
|
* Fix useless redirection of stderr in mod_rrdtool, as it gets redirected to /dev/null later. (fixes #1922)
|
2009-03-07 13:54:10 +00:00
|
|
|
|
* Fix some problems with more strict compilers (#1923)
|
2009-03-07 13:58:25 +00:00
|
|
|
|
* Fix segfault if siginfo_t* is NULL in sigaction handler (fixes #1926)
|
2009-02-17 09:01:37 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.21 - 2009-02-16
|
2008-09-30 11:20:31 +00:00
|
|
|
|
|
2008-09-30 13:48:45 +00:00
|
|
|
|
* Fix base64 decoding in mod_auth (#1757, thx guido)
|
2008-09-30 14:20:59 +00:00
|
|
|
|
* Fix mod_cgi segfault when bound to unix domain socket (#653)
|
2008-09-30 14:28:12 +00:00
|
|
|
|
* Do not rely on ioctl FIONREAD (#673)
|
2008-09-30 15:30:06 +00:00
|
|
|
|
* Now really fix mod auth ldap (#1066)
|
2008-09-30 19:42:29 +00:00
|
|
|
|
* Fix leaving zombie process with include_shell (#1777)
|
2008-09-30 21:13:42 +00:00
|
|
|
|
* Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff
|
2008-10-01 13:24:19 +00:00
|
|
|
|
* Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb)
|
2008-10-01 16:49:15 +00:00
|
|
|
|
* Do not cache default vhost in mod_simple_vhost (#709)
|
2008-10-01 16:49:19 +00:00
|
|
|
|
* Trust pcre-config, do not check for pcre manually (#1769)
|
2008-10-01 20:08:23 +00:00
|
|
|
|
* Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
|
2008-10-03 10:05:33 +00:00
|
|
|
|
* Add possibility to disable methods in mod_compress (#1773)
|
2008-10-04 16:10:29 +00:00
|
|
|
|
* Fix duplicate connection keep-alive/transfer-encoding headers (#960)
|
2008-10-05 22:46:47 +00:00
|
|
|
|
* Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715)
|
2008-10-16 12:42:18 +00:00
|
|
|
|
* Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests
|
2008-10-16 12:42:22 +00:00
|
|
|
|
* Compare address family in inet_ntop_cache
|
2008-12-07 15:22:42 +00:00
|
|
|
|
* Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions.
|
2008-12-07 15:22:49 +00:00
|
|
|
|
* Use FD_CLOEXEC if possible (fixes #1821)
|
2008-12-18 22:12:11 +00:00
|
|
|
|
* Optimized buffer usage in mod_proxy (fixes #1850)
|
2008-12-18 22:23:26 +00:00
|
|
|
|
* Fix uninitialized value in time struct after strptime
|
2009-01-19 12:32:37 +00:00
|
|
|
|
* Do not pass Proxy-Connection: header from client to backend http server in mod_proxy (#1877)
|
2009-02-03 20:16:20 +00:00
|
|
|
|
* Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng)
|
2009-02-03 20:59:03 +00:00
|
|
|
|
* Some small buffer.c fixes (closes #1837)
|
2009-02-03 21:02:18 +00:00
|
|
|
|
* Remove floating point math from server.c (fixes #1402)
|
2009-02-03 22:10:25 +00:00
|
|
|
|
* Disable SSLv2 by default
|
2009-02-03 22:53:23 +00:00
|
|
|
|
* Use/enforce sane max-connection values (fixes #1803)
|
2009-02-04 10:27:42 +00:00
|
|
|
|
* Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884)
|
2009-02-04 15:16:29 +00:00
|
|
|
|
* Add option to ignore the "Expect: 100-continue" header instead of returning 417 Expectation failed (closes #1017)
|
2009-02-04 17:30:18 +00:00
|
|
|
|
* Use modified etags in mod_compress (fixes #1800)
|
2009-02-05 10:53:24 +00:00
|
|
|
|
* Fix max-connection limit handling/100% cpu usage (fixes #1436)
|
2009-02-05 11:45:02 +00:00
|
|
|
|
* Fix error handling in freebsd-sendfile (fixes #1813)
|
2009-02-05 21:54:47 +00:00
|
|
|
|
* Silenced the annoying "request timed out" warning, enable with the "debug.log-timeouts" option (fixes #1529)
|
2009-02-05 22:07:59 +00:00
|
|
|
|
* Allow tabs in header values (fixes #1822)
|
2009-02-05 22:36:58 +00:00
|
|
|
|
* Added Language conditional (fixes #1119); patch by petar
|
2009-02-16 13:42:38 +00:00
|
|
|
|
* Fix wrong format strings (#1900, thx stepancheg)
|
2008-09-30 11:20:31 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.20 - 2008-09-30
|
2008-03-13 15:33:06 +00:00
|
|
|
|
|
2008-03-13 15:34:10 +00:00
|
|
|
|
* Fix mod_compress to compile with old gcc version (#1592)
|
2008-03-13 15:34:28 +00:00
|
|
|
|
* Fix mod_extforward to compile with old gcc version (#1591)
|
2008-03-13 15:34:46 +00:00
|
|
|
|
* Update documentation for #1587
|
2008-03-30 15:01:50 +00:00
|
|
|
|
* Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531)
|
2008-03-26 13:51:33 +00:00
|
|
|
|
* Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308)
|
2008-03-30 15:01:50 +00:00
|
|
|
|
* Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601)
|
2008-04-05 20:00:21 +00:00
|
|
|
|
* Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628)
|
2008-04-10 10:54:27 +00:00
|
|
|
|
* Don't send empty Server headers (#1620)
|
2008-04-23 12:38:32 +00:00
|
|
|
|
* Fix conditional interpretation of core options
|
2008-04-23 13:00:15 +00:00
|
|
|
|
* Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$"
|
2008-04-23 13:04:21 +00:00
|
|
|
|
* Fix accesslog port (should be port from the connection, not the "server.port") (#1618)
|
2008-04-23 13:08:13 +00:00
|
|
|
|
* Fix mod_fastcgi prefix matching: match the prefix always against url, not the absolute filepath (regardless of check-local)
|
2008-04-23 13:20:55 +00:00
|
|
|
|
* Overwrite Content-Type header in mod_dirlisting instead of inserting (#1614), patch by Henrik Holst
|
2008-04-23 15:05:50 +00:00
|
|
|
|
* Handle EINTR in mod_cgi during write() (#1640)
|
2008-04-23 19:10:42 +00:00
|
|
|
|
* Allow all http status codes by default; disable body only for 204,205 and 304; generate error pages for 4xx and 5xx (#1639)
|
2008-04-23 19:27:12 +00:00
|
|
|
|
* Fix mod_magnet to set con->mode = p->id if it generates content, so returning 4xx/5xx doesn't append an error page
|
2008-04-23 19:54:35 +00:00
|
|
|
|
* Remove lighttpd.spec* from source, fixing all problems with it ;-)
|
2008-04-29 11:03:41 +00:00
|
|
|
|
* Do not rely on PATH_MAX (POSIX does not require it) (#580)
|
2008-04-29 20:59:18 +00:00
|
|
|
|
* Disable logging to access.log if filename is an empty string
|
2008-04-29 20:59:39 +00:00
|
|
|
|
* Implement a clean way to open /dev/null and use it to close stdin/out/err in the needed places (#624)
|
2008-07-14 14:26:20 +00:00
|
|
|
|
* merge spawn-fcgi changes from trunk (from @2191)
|
2008-07-14 15:45:05 +00:00
|
|
|
|
* let spawn-fcgi propagate exit code from spawned fcgi application
|
2008-07-20 12:58:18 +00:00
|
|
|
|
* close connection after redirect in trigger_b4_dl (thx icy)
|
2008-07-20 17:55:14 +00:00
|
|
|
|
* close connection in mod_magnet if returned status code
|
2008-07-28 08:43:19 +00:00
|
|
|
|
* fix bug with IPv6 in mod_evasive (#1579)
|
2008-07-28 08:43:23 +00:00
|
|
|
|
* fix scgi HTTP/1.* status parsing (#1638), found by met@uberstats.com
|
2008-07-29 21:21:34 +00:00
|
|
|
|
* [tests] fixed system, use foreground daemons and waitpid
|
2008-07-29 21:22:13 +00:00
|
|
|
|
* [tests] removed pidfile from test system
|
2008-07-29 21:22:28 +00:00
|
|
|
|
* [tests] fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi)
|
2008-07-30 16:42:14 +00:00
|
|
|
|
* fixed typo in mod_accesslog (#1699)
|
2008-07-30 19:38:32 +00:00
|
|
|
|
* replaced buffer_{append,copy}_string with the _len variant where possible (#1732) (thx crypt)
|
2008-07-30 21:16:25 +00:00
|
|
|
|
* case insensitive match for secdownload md5 token (#1710)
|
2008-07-30 21:37:30 +00:00
|
|
|
|
* Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile) (#1687)
|
2008-07-31 10:28:18 +00:00
|
|
|
|
* fixed mod_secdownload problem with unsigned time_t (#1688)
|
2008-07-31 10:28:20 +00:00
|
|
|
|
* handle EAGAIN and EINTR for freebsd sendfile (#1675)
|
2008-07-31 10:28:22 +00:00
|
|
|
|
* Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to /dev/null (#1716)
|
2008-07-31 10:28:24 +00:00
|
|
|
|
* fixed round-robin balancing in mod_proxy (#1715)
|
2008-07-31 20:45:31 +00:00
|
|
|
|
* fixed EINTR handling for waitpid in mod_fastcgi
|
2008-07-31 20:45:36 +00:00
|
|
|
|
* mod_{fast,s}cgi: overwrite environment variables (#1722)
|
2008-08-01 16:13:34 +00:00
|
|
|
|
* inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631)
|
2008-08-01 17:54:04 +00:00
|
|
|
|
* fixed url encoding to encode more characters (#266)
|
2008-08-01 18:35:12 +00:00
|
|
|
|
* allow digits in [s]cgi env vars (#1712)
|
2008-08-01 19:29:27 +00:00
|
|
|
|
* fixed dropping last character of evhost pattern (#161)
|
2008-08-01 20:31:43 +00:00
|
|
|
|
* print helpful error message on conditionals in global block (#1550)
|
2008-12-07 15:22:42 +00:00
|
|
|
|
* decode url before matching in mod_rewrite (#1720) -- (reverted for 1.4.21)
|
2008-08-04 13:58:37 +00:00
|
|
|
|
* fixed conditional patching of ldap filter (#1564)
|
2008-10-13 14:14:13 +00:00
|
|
|
|
* Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) [2281]
|
2008-10-04 21:21:09 +00:00
|
|
|
|
* fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" (CVE-2008-4360)
|
2008-08-19 16:41:36 +00:00
|
|
|
|
* fixed format string bugs in mod_accesslog for SYSLOG
|
2008-08-19 16:41:49 +00:00
|
|
|
|
* replaced fprintf with log_error_write in fastcgi debug
|
2008-08-19 16:42:01 +00:00
|
|
|
|
* fixed mem leak in ssi expression parser (#1753), thx Take5k
|
2008-08-19 17:40:42 +00:00
|
|
|
|
* hide some ssl errors per default, enable them with debug.log-ssl-noise (#397)
|
2008-08-20 16:44:51 +00:00
|
|
|
|
* do not send content-encoding for 304 (#1754), thx yzlai
|
2008-08-27 15:59:50 +00:00
|
|
|
|
* fix segfault for stat_cache(fam) calls with relative path (without '/', can be triggered by x-sendfile) (#1750)
|
2008-09-17 14:25:39 +00:00
|
|
|
|
* fix splitting of auth-ldap filter
|
2008-09-17 14:25:42 +00:00
|
|
|
|
* workaround ldap connection leak if a ldap connection failed (restarting ldap)
|
2008-09-19 16:02:34 +00:00
|
|
|
|
* fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
|
2008-10-04 21:21:09 +00:00
|
|
|
|
* fix memleak in request header parsing (#1774, thx qhy) (CVE-2008-4298)
|
2008-09-21 15:33:52 +00:00
|
|
|
|
* fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!)
|
2008-12-07 15:22:42 +00:00
|
|
|
|
* use decoded url for matching in mod_redirect (#1720) (CVE-2008-4359) -- (reverted for 1.4.21)
|
2008-03-13 15:33:06 +00:00
|
|
|
|
|
|
|
|
|
|
- 1.4.19 - 2008-03-10
|
2007-09-09 21:31:27 +00:00
|
|
|
|
|
2007-09-09 23:00:53 +00:00
|
|
|
|
* added support for If-Range: <date> (#1346)
|
2007-11-04 17:21:24 +00:00
|
|
|
|
* added support for matching $HTTP["scheme"] in configs
|
2007-11-10 16:12:55 +00:00
|
|
|
|
* fixed initgroups() called after chroot (#1384)
|
2007-11-23 15:23:35 +00:00
|
|
|
|
* fixed case-sensitive check for Auth-Method (#1456)
|
2007-11-12 16:04:13 +00:00
|
|
|
|
* execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
|
2008-01-16 00:26:12 +00:00
|
|
|
|
* fixed a bug that made /-prefixed extensions being handled also when
|
|
|
|
|
|
matching the end of the uri in fcgi,scgi and proxy modules (#1489)
|
2008-01-16 01:00:32 +00:00
|
|
|
|
* print error if X-LIGHTTPD-send-file cannot be done; reset header
|
2008-02-27 09:35:19 +00:00
|
|
|
|
Content-Length for send-file. Patches by Stefan Buehler
|
2008-01-16 01:00:32 +00:00
|
|
|
|
* prevent crash in certain php-fcgi configurations (#841)
|
2008-01-17 09:54:00 +00:00
|
|
|
|
* add IdleServers and Scoreboard directives in ?auto mode for mod_status (#1507)
|
2008-01-17 12:29:47 +00:00
|
|
|
|
* open log immediately after daemonizing, fixes SIGPIPEs on startup (#165)
|
2008-01-18 09:07:54 +00:00
|
|
|
|
* HTTPS env var should be "on" when using mod_extforward and the X-Forwarded-Proto header is set. (#1499)
|
2008-01-18 09:21:07 +00:00
|
|
|
|
* generate ETag and Last-Modified headers for mod_ssi based on newest modified include (#1491)
|
2008-01-18 12:50:09 +00:00
|
|
|
|
* support letterhomes in mod_userdir (#1473)
|
2008-01-21 08:21:20 +00:00
|
|
|
|
* support chained proxies in mod_extforward (#1528)
|
2008-01-28 07:02:11 +00:00
|
|
|
|
* fixed bogus "cgi died ?" if we kill the CGI process on shutdown
|
|
|
|
|
|
* fixed ECONNRESET handling in network-openssl
|
2008-02-10 18:49:39 +00:00
|
|
|
|
* fixed handling of EAGAIN in network-linux-sendfile (#657)
|
2008-02-27 09:35:19 +00:00
|
|
|
|
* reset conditional cache (#1164)
|
|
|
|
|
|
* create directories in mod_compress (was broken with alias/userdir) (#1027)
|
2008-03-10 15:54:38 +00:00
|
|
|
|
* fixed out of range access in fd array (#1562, #372) (CVE-2008-0983)
|
2008-02-27 09:35:19 +00:00
|
|
|
|
* mod_compress should check if the request is already handled, e.g. by fastcgi (#1565)
|
|
|
|
|
|
* remove broken workaround for buggy Opera version with ssl/chunked encoding (#285)
|
|
|
|
|
|
* generate etag/last-modified header for on-the-fly-compressed files (#1171)
|
|
|
|
|
|
* req-method OPTIONS: do not insert default response if request was denied, do not deny OPTIONS by default (#1324)
|
|
|
|
|
|
* fixed memory leak on windows (#1347)
|
|
|
|
|
|
* fixed building outside of the src dir (#1349)
|
|
|
|
|
|
* fixed including of stdint.h/inttypes.h in etag.c (#1413)
|
|
|
|
|
|
* do not add Accept-Ranges header if range-request is disabled (#1449)
|
|
|
|
|
|
* log the ip of failed auth tries in error.log (enhancement #1544)
|
|
|
|
|
|
* fixed RoundRobin in mod_proxy (#516)
|
|
|
|
|
|
* check for symlinks after successful pathinfo matching (#1574)
|
|
|
|
|
|
* fixed mod-proxy.t to run with a builddir outside of the src dir
|
2008-02-27 11:10:33 +00:00
|
|
|
|
* do not suppress content on "307 Temporary Redirect" (#1412)
|
2008-02-27 12:15:38 +00:00
|
|
|
|
* fixed Content-Length header if response body gets removed in connections.c (#1412, part 2)
|
2008-02-27 18:35:42 +00:00
|
|
|
|
* do not generate a "Content-Length: 0" header for HEAD requests, added test too
|
2008-02-27 19:36:34 +00:00
|
|
|
|
* remove compress cache file if compression or write failed (#1150)
|
2008-02-27 23:42:22 +00:00
|
|
|
|
* fixed body handling of status 300 requests
|
2008-02-28 12:19:34 +00:00
|
|
|
|
* spawn-fcgi: only try to connect to unix socket (not tcp) before spawning (#1575)
|
2008-03-10 15:54:38 +00:00
|
|
|
|
* fix sending source of cgi script instead of 500 error if fork fails (CVE-2008-1111)
|
2008-02-28 22:19:03 +00:00
|
|
|
|
* fix min-procs handling in mod_scgi.c, just set to max-procs (patch from #623)
|
2008-03-01 19:10:47 +00:00
|
|
|
|
* fix sending "408 - Timeout" instead of "410 - Gone" for timedout urls in mod_secdownload (#1440)
|
2008-03-10 21:28:30 +00:00
|
|
|
|
* workaround #1587: require userdir.path to be set to enable mod_userdir (empty string allowed) (CVE-2008-1270)
|
2008-03-10 19:15:27 +00:00
|
|
|
|
* make configure checks for --with-pcre, --with-zlib and --with-bzip2 failing if the headers aren't found
|
2008-03-10 19:20:27 +00:00
|
|
|
|
* fixed handling of waitpid() == EINTR mod_ssi on solaris
|
2007-09-09 21:31:27 +00:00
|
|
|
|
|
|
|
