2005-02-20 14:27:00 +00:00
|
|
|
|
|
|
|
|
====
|
|
|
|
|
NEWS
|
|
|
|
|
====
|
|
|
|
|
|
2016-01-03 14:48:04 +00:00
|
|
|
- 1.4.40
|
2016-01-03 14:48:07 +00:00
|
|
|
* [mod_ssi] enhance support for ssi vars (thx fbrosson)
|
2016-01-03 14:48:09 +00:00
|
|
|
* add handling for lua 5.2 and 5.3 (fixes #2674)
|
2016-01-03 14:48:11 +00:00
|
|
|
* use libmemcached instead of deprecated libmemcache
|
2016-01-30 13:59:07 +00:00
|
|
|
* add force_assert for more allocation results
|
2016-02-10 19:33:57 +00:00
|
|
|
* [mod_cgi] use MAP_PRIVATE to mmap temporary file (fixes #2715)
|
2016-02-14 10:44:30 +00:00
|
|
|
* [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711)
|
2016-02-14 10:54:26 +00:00
|
|
|
* [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)
|
2016-01-03 14:48:04 +00:00
|
|
|
|
|
|
|
|
- 1.4.39 - 2016-01-02
|
2015-12-18 21:56:59 +00:00
|
|
|
* [core] fix memset_s call (fixes #2698)
|
2015-12-19 08:28:39 +00:00
|
|
|
* [chunk] fix use after free / double free (fixes #2700)
|
2015-12-05 14:18:38 +00:00
|
|
|
|
|
|
|
|
- 1.4.38 - 2015-12-05
|
2015-09-16 00:18:11 +00:00
|
|
|
* [stat-cache] fix handling of collisions, might have returned wrong data (fixes #2669)
|
2015-09-24 06:03:38 +00:00
|
|
|
* [core] allocate at least 4k buffer for incoming data
|
2015-09-24 06:03:40 +00:00
|
|
|
* [core] fix search for header end if split across chunks (fixes #2670)
|
2015-09-26 10:11:22 +00:00
|
|
|
* [core] check configparserAlloc() result with force_assert
|
2015-09-26 10:11:24 +00:00
|
|
|
* [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero if available (thx loganaden)
|
2015-10-13 19:46:04 +00:00
|
|
|
* [core] don't buffer request bodies smaller than 64k on disk
|
2015-10-16 19:44:06 +00:00
|
|
|
* add force_assert for many allocations and function results
|
2015-10-27 20:50:53 +00:00
|
|
|
* [mod_secdownload] use a hopefully constant time comparison to check hash (fixes #2679)
|
2015-11-07 12:51:11 +00:00
|
|
|
* [config] check config option scope; warn if server option is given in conditional
|
2015-11-07 12:51:14 +00:00
|
|
|
* [core] revert increase of temp file size back to 1MB, provide a configure option "server.upload-temp-file-size" instead (fixes #2680)
|
2015-11-07 15:00:15 +00:00
|
|
|
* [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding
|
2015-11-07 15:00:18 +00:00
|
|
|
* [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss)
|
2015-11-22 22:22:22 +00:00
|
|
|
* [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256"
|
2015-12-04 20:22:42 +00:00
|
|
|
* [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691, thx Kyle J. McKay)
|
2015-12-04 20:48:21 +00:00
|
|
|
* [network] add darwin-sendfile backend (fixes #2687, thx Kyle J. McKay)
|
2015-12-04 20:53:51 +00:00
|
|
|
* [core] show correct crypt support result (fixes #2690, thx Kyle J. McKay)
|
2015-09-15 11:52:35 +00:00
|
|
|
|
|
|
|
|
- 1.4.37 - 2015-08-30
|
2015-08-03 19:43:06 +00:00
|
|
|
* [mod_proxy] remove debug log line from error log (fixes #2659)
|
2015-08-09 13:03:52 +00:00
|
|
|
* [mod_dirlisting] fix dir-listing.set-footer not showing
|
2015-08-13 18:44:27 +00:00
|
|
|
* fix out-of-filedescriptors when uploading "large" files (fixes #2660, thx rmilecki)
|
2015-08-13 18:44:30 +00:00
|
|
|
* increase upload temporary chunk file size from 1MB to 16MB
|
2015-08-22 16:00:56 +00:00
|
|
|
* fix undefined integer shift
|
2015-08-22 16:00:59 +00:00
|
|
|
* rewrite network sendfile/mmap/writev/write backends
|
2015-08-22 16:01:08 +00:00
|
|
|
* fix some unchecked return value warnings
|
2015-08-22 21:39:19 +00:00
|
|
|
* [kqueue] fix kevent call
|
2015-08-22 21:39:24 +00:00
|
|
|
* [autoconf] define HAVE_CRYPT when crypt() is present
|
2015-08-22 23:27:17 +00:00
|
|
|
* [bsd xattr] fix compile break with BSD extended attributes in stat_cache
|
2015-08-23 11:53:48 +00:00
|
|
|
* [mod_cgi] rewrite mmap and generic (post body) send error handling
|
2015-08-23 12:59:07 +00:00
|
|
|
* [mmap] fix mmap alignment
|
2015-08-29 09:28:01 +00:00
|
|
|
* [plugins] when modules are linked statically still only load the modules given in the config
|
2015-08-29 12:23:42 +00:00
|
|
|
* [mmap] handle SIGBUS in network; those get triggered if the file gets smaller during reading
|
2015-08-30 10:16:28 +00:00
|
|
|
* fix some warnings found by coverity ("leak" in setup phase, not catching too long unix socket paths in mod_proxy)
|
2015-07-26 13:02:44 +00:00
|
|
|
|
|
|
|
|
- 1.4.36 - 2015-07-26
|
2014-04-02 10:04:11 +00:00
|
|
|
* use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
|
2014-04-14 16:12:11 +00:00
|
|
|
* fix bad shift in conditional netmask ".../0" handling
|
2014-05-13 13:04:35 +00:00
|
|
|
* add more mime types and a script to generate mime.conf (fixes #2579)
|
2014-05-22 08:30:13 +00:00
|
|
|
* add support for (Free)BSD extended attributes
|
2014-10-16 17:52:10 +00:00
|
|
|
* [build] use fortify flags with "extra-warnings"
|
2014-10-16 17:52:12 +00:00
|
|
|
* [mod_dirlisting,mod_redirect,mod_rewrite] abort config parsing if pcre-compile fails or isn't available
|
2014-10-16 17:52:14 +00:00
|
|
|
* [ssl] disable SSL3.0 by default
|
2015-02-07 11:33:28 +00:00
|
|
|
* fixed typo in example config found by openSUSE user (boo# 907709)
|
2015-02-07 11:33:30 +00:00
|
|
|
* [network] fix compile break in calculation of sockaddr_un size if SUN_LEN is not defined (fixes #2609)
|
2015-02-07 13:32:54 +00:00
|
|
|
* [connections] fix bug in connection state handling
|
2015-02-07 13:32:56 +00:00
|
|
|
* print backtrace in assert logging with libunwind
|
2015-02-08 12:37:10 +00:00
|
|
|
* major refactoring of internal buffer/chunk handling
|
2015-02-12 06:39:39 +00:00
|
|
|
* [mod_auth] use crypt_r instead of crypt if available
|
2015-05-14 09:38:30 +00:00
|
|
|
* fix error message for T_CONFIG_ARRAY config values if an entry value is not a string
|
2015-05-14 09:38:33 +00:00
|
|
|
* fix segfaults in many plugins if they failed configuration
|
2015-05-28 15:47:14 +00:00
|
|
|
* escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp)
|
2015-07-05 16:01:16 +00:00
|
|
|
* fix hex escape in accesslog (fixes #2559)
|
2015-07-05 16:48:27 +00:00
|
|
|
* show extforward re-run warning only with debug.log-request-handling (fixes #2561)
|
2015-07-05 16:59:01 +00:00
|
|
|
* parse If-None-Match for ETag validation (fixes #2578)
|
2015-07-05 21:34:07 +00:00
|
|
|
* fix memory leak in mod_status when no counters are set (found by coverity)
|
2015-07-05 22:00:14 +00:00
|
|
|
* [mod_magnet] fix segfault when accessing not existing lighty.req_env[] entry (found by coverity)
|
2015-07-05 22:00:17 +00:00
|
|
|
* fix segfault when temp file for upload couldn't be created (found by coverity)
|
2015-07-07 17:12:48 +00:00
|
|
|
* mime.conf: add some new mime types, remove .dat, .sha1, .md5, update .vcf
|
2015-07-11 11:20:18 +00:00
|
|
|
* [mod_proxy] add unix domain socket support (fixes #2653)
|
2015-07-19 10:03:12 +00:00
|
|
|
* [configfile] fix reading uninitialized variable (found by Willian B.)
|
2014-04-02 10:04:09 +00:00
|
|
|
|
|
|
|
|
- 1.4.35 - 2014-03-12
|
2014-02-14 21:05:58 +00:00
|
|
|
* [network/ssl] fix build error if TLSEXT is disabled
|
2014-02-14 21:06:00 +00:00
|
|
|
* [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)
|
2014-02-14 21:06:03 +00:00
|
|
|
* [mod_rrdtool] fix invalid read (string not null terminated)
|
2014-02-14 21:06:05 +00:00
|
|
|
* [mod_dirlisting] fix memory leak if pcre fails
|
2014-02-14 21:06:07 +00:00
|
|
|
* [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends
|
2014-02-14 21:06:10 +00:00
|
|
|
* [mod_magnet] fix memory leak
|
2014-02-14 21:06:12 +00:00
|
|
|
* add comments for switch fall throughs
|
2014-02-14 21:06:14 +00:00
|
|
|
* remove logical dead code
|
2014-02-14 21:06:16 +00:00
|
|
|
* [buffer] fix length check in buffer_is_equal_right_len
|
2014-02-14 21:06:19 +00:00
|
|
|
* fix resource leaks in error cases on config parsing and other initializations
|
2014-02-16 13:08:20 +00:00
|
|
|
* add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546)
|
2014-02-16 13:08:27 +00:00
|
|
|
* [mod_cml_lua] fix null pointer dereference
|
2014-02-16 13:08:29 +00:00
|
|
|
* force assertion: setting FD_CLOEXEC must work (if available)
|
2014-02-16 13:08:32 +00:00
|
|
|
* [network] check return value of lseek()
|
2014-02-16 13:08:34 +00:00
|
|
|
* fix unchecked return values from stream_open/stat_cache_get_entry
|
2014-02-16 13:08:36 +00:00
|
|
|
* [mod_webdav] fix logic error in handling file creation error
|
2014-02-16 13:08:43 +00:00
|
|
|
* check length of unix domain socket filenames
|
2014-03-12 12:03:55 +00:00
|
|
|
* fix SQL injection / host name validation (thx Jann Horn)
|
2014-01-20 14:20:06 +00:00
|
|
|
|
2014-04-02 10:04:09 +00:00
|
|
|
- 1.4.34 - 2014-01-20
|
2013-10-13 11:16:55 +00:00
|
|
|
* [mod_auth] explicitly link ssl for SHA1 (fixes #2517)
|
2013-10-13 11:34:55 +00:00
|
|
|
* [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
|
2013-11-05 15:29:07 +00:00
|
|
|
* [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508)
|
2013-11-13 11:43:23 +00:00
|
|
|
* [doc] update ssl.cipher-list recommendation
|
2013-11-13 11:43:28 +00:00
|
|
|
* [stat-cache] FAM: fix use after free (CVE-2013-4560)
|
2013-11-13 11:43:31 +00:00
|
|
|
* [stat-cache] fix FAM cleanup/fdevent handling
|
2013-11-13 11:43:33 +00:00
|
|
|
* [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
|
2013-11-13 17:18:39 +00:00
|
|
|
* [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)
|
2014-01-10 12:04:57 +00:00
|
|
|
* maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places
|
2014-01-10 12:04:59 +00:00
|
|
|
* [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526)
|
2014-01-10 12:05:02 +00:00
|
|
|
* [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533)
|
2014-01-10 12:05:04 +00:00
|
|
|
* [mod_mysql_vhost] fix memory leak on config init (#2530)
|
2014-01-10 12:05:06 +00:00
|
|
|
* [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri)
|
2013-09-27 20:22:12 +00:00
|
|
|
|
|
|
|
|
- 1.4.33 - 2013-09-27
|
2013-01-04 13:54:38 +00:00
|
|
|
* mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)
|
2013-01-22 13:08:21 +00:00
|
|
|
* fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors);
|
|
|
|
|
follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
|
2013-03-25 17:22:32 +00:00
|
|
|
* [mod_fastcgi,log] support multi line logging (fixes #2252)
|
2013-03-25 17:22:34 +00:00
|
|
|
* call ERR_clear_error only for ssl connections in CON_STATE_ERROR
|
2013-03-25 17:22:36 +00:00
|
|
|
* reject non ASCII characters in HTTP header names
|
2013-04-29 13:08:23 +00:00
|
|
|
* [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)
|
2013-04-29 13:08:25 +00:00
|
|
|
* [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better.
|
2013-05-15 10:31:04 +00:00
|
|
|
* [mod_auth] fix base64_decode (#2484)
|
2013-05-15 10:31:07 +00:00
|
|
|
* fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu)
|
2013-05-15 10:31:09 +00:00
|
|
|
* fix undefined stuff found with clang
|
2013-06-29 09:45:23 +00:00
|
|
|
* [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
|
2013-06-29 09:45:27 +00:00
|
|
|
* [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
|
2013-06-29 09:45:29 +00:00
|
|
|
* [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490)
|
2013-06-29 10:07:43 +00:00
|
|
|
* [mod_userdir] add userdir.active option, "enabled" by default
|
2013-06-29 10:53:22 +00:00
|
|
|
* [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
|
2013-06-29 10:53:24 +00:00
|
|
|
* [core] recognize more http methods to forward to backends (fixes #2346)
|
2013-06-29 12:46:00 +00:00
|
|
|
* [ssl] use DH only if openssl supports it (fixes #2479)
|
2013-06-29 12:46:02 +00:00
|
|
|
* [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470)
|
2013-07-31 20:23:21 +00:00
|
|
|
* [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
|
2013-08-30 13:14:48 +00:00
|
|
|
* [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
|
2013-08-30 13:14:50 +00:00
|
|
|
* [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
|
2013-08-30 13:14:52 +00:00
|
|
|
* [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
|
2013-08-30 13:14:56 +00:00
|
|
|
* [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436)
|
2013-08-30 13:14:57 +00:00
|
|
|
* [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
|
2013-08-30 13:14:59 +00:00
|
|
|
* [core] check whether server.chroot exists
|
2013-08-30 13:15:03 +00:00
|
|
|
* [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
|
2013-08-30 14:13:43 +00:00
|
|
|
* [mod_accesslog] add accesslog.syslog-level option (fixes #2480)
|
2013-08-30 15:02:44 +00:00
|
|
|
* [core] allow files to be used as document-root (fixes #2475)
|
2013-08-30 15:46:13 +00:00
|
|
|
* [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502)
|
2012-11-21 12:34:49 +00:00
|
|
|
|
|
|
|
|
- 1.4.32 - 2012-11-21
|
2012-08-31 14:11:48 +00:00
|
|
|
* Code cleanup with clang/sparse (fixes #2437, thx kibi)
|
2012-11-06 17:14:37 +00:00
|
|
|
* Ignore EPIPE/ECONNRESET after SSL_shutdown
|
2012-11-07 13:07:00 +00:00
|
|
|
* Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx dererkazo)
|
2012-11-07 13:07:02 +00:00
|
|
|
* configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino)
|
2012-11-07 13:53:00 +00:00
|
|
|
* add PATCH method (fixes #2424)
|
2012-11-07 14:23:00 +00:00
|
|
|
* fix :port handling in $HTTP["host"] checks (fixes #2135. thx liming)
|
2012-11-09 14:23:22 +00:00
|
|
|
* network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel)
|
2012-11-09 14:23:24 +00:00
|
|
|
* detect "x-gzip"/"x-bzip2" as separate encodings, more strict encoding matching (fixes #2443)
|
2012-11-09 14:23:25 +00:00
|
|
|
* tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi)
|
2012-11-15 08:44:10 +00:00
|
|
|
* mod_extforward: log address of untrusted proxy with debug.log-request-handling
|
2012-11-21 12:01:44 +00:00
|
|
|
* fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533)
|
2012-11-21 12:01:46 +00:00
|
|
|
* remove whitespace at end of header keys
|
2012-08-31 14:11:37 +00:00
|
|
|
|
|
|
|
|
- 1.4.31 - 2012-05-31
|
2012-05-31 15:08:36 +00:00
|
|
|
* [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI (thx carpii for reporting)
|
2011-12-25 15:35:01 +00:00
|
|
|
* Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373)
|
2012-01-11 21:59:51 +00:00
|
|
|
* [mod_compress] fix handling if etags are disabled but cache-dir is set - may lead to double response
|
2012-02-24 18:34:20 +00:00
|
|
|
* disable mmap by default (fixes #2391)
|
2012-04-08 08:02:44 +00:00
|
|
|
* buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)
|
2012-04-19 13:02:06 +00:00
|
|
|
* Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413)
|
2012-04-19 13:02:08 +00:00
|
|
|
* Fix access log escaping of " and \\ (fixes #1551)
|
2012-04-19 13:02:09 +00:00
|
|
|
* [mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (fixes #2410)
|
2012-04-19 13:02:11 +00:00
|
|
|
* [auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi specific workaround, add fastcgi test case (fixes #889)
|
2012-04-19 13:02:13 +00:00
|
|
|
* [mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes #2333, thx simoncpu)
|
2012-05-18 12:56:30 +00:00
|
|
|
* Detect multiple -f options: show error message instead of assert (fixes #2416)
|
2012-05-18 13:28:00 +00:00
|
|
|
* [mod_extforward] Support ipv6 addresses (fixes #1889)
|
2012-05-30 16:58:34 +00:00
|
|
|
* [mod_redirect] Support url.redirect-code option (fixes #2247)
|
2012-05-31 15:08:36 +00:00
|
|
|
* Fix --enable-mmap handling in configure.ac
|
2011-12-18 16:35:12 +00:00
|
|
|
|
|
|
|
|
- 1.4.30 - 2011-12-18
|
2011-07-30 09:16:03 +00:00
|
|
|
* Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
|
2011-08-22 15:32:55 +00:00
|
|
|
* Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
|
|
|
|
|
* [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
|
2011-08-30 22:13:59 +00:00
|
|
|
* Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
|
2011-09-05 09:32:43 +00:00
|
|
|
* Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
|
2011-10-05 13:39:50 +00:00
|
|
|
* Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
|
2011-11-29 22:27:11 +00:00
|
|
|
* [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
|
2011-11-30 18:40:08 +00:00
|
|
|
* [ssl] count renegotiations to prevent client renegotiations
|
2011-11-30 19:59:24 +00:00
|
|
|
* [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
|
2011-11-30 20:46:49 +00:00
|
|
|
* [core] accept dots in ipv6 addresses in host header (fixes #2359)
|
2011-12-05 17:08:17 +00:00
|
|
|
* [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
|
2011-12-18 12:58:04 +00:00
|
|
|
* [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324)
|
2011-07-03 16:34:59 +00:00
|
|
|
|
|
|
|
|
- 1.4.29 - 2011-07-03
|
2010-09-17 16:43:07 +00:00
|
|
|
* Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
|
2010-09-17 16:43:11 +00:00
|
|
|
* Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
|
2011-03-13 17:44:39 +00:00
|
|
|
* mod_cgi: make read buffer as big as incoming data block
|
2011-03-13 17:44:42 +00:00
|
|
|
* [build] Fix detection of libev (fixes #2300)
|
2011-03-13 18:00:09 +00:00
|
|
|
* ssl: Support for Diffie-Hellman and Elliptic-Curve Diffie-Hellman key exchange (fixes #2301)
|
|
|
|
|
add ssl.use-sslv3 (fixes #2246)
|
|
|
|
|
load all algorithms (fixes #2239)
|
2011-04-24 16:02:52 +00:00
|
|
|
* [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269)
|
2011-04-24 16:02:55 +00:00
|
|
|
* [ssl/build] some minor fixes; fix compile without ssl, cleanup ssl config buffers
|
2011-06-12 15:44:26 +00:00
|
|
|
* [proc,include_shell] log error if exec shell fails (fixes #2280)
|
2011-06-13 12:22:02 +00:00
|
|
|
* [*cgi] Use physical base dir (alias, userdir) as DOCUMENT_ROOT in cgi environments (fixes #2216)
|
2011-06-13 12:55:54 +00:00
|
|
|
* [doc] Move docs to outdated/ subdir and refer to wiki instead (fixes #2248)
|
2011-06-13 17:34:57 +00:00
|
|
|
* fdevent: add solaris eventports (fixes #2171)
|
2010-08-22 15:37:46 +00:00
|
|
|
|
|
|
|
|
- 1.4.28 - 2010-08-22
|
2010-08-22 11:44:49 +00:00
|
|
|
* Rename fdevent_event_add to _set to reflect what the function does. Fix some handlers. (fixes #2249)
|
2010-08-22 11:35:12 +00:00
|
|
|
* Fix buffer.h to include stdio.h as it is needer for SEGFAULT() (fixes #2250)
|
2010-08-13 11:12:28 +00:00
|
|
|
|
|
|
|
|
- 1.4.27 - 2010-08-13
|
2010-02-28 11:48:05 +00:00
|
|
|
* Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)
|
2010-04-07 15:34:51 +00:00
|
|
|
* Fix mod_proxy HUP handling (send final chunk, fix usage counter)
|
2010-04-07 15:54:28 +00:00
|
|
|
* mod_proxy: close connection on write error (fixes #2114)
|
2010-04-13 15:47:29 +00:00
|
|
|
* Check uri instead of physical path for directory redirect
|
2010-04-28 13:12:36 +00:00
|
|
|
* Fix detecting git repository (fixes #2173, thx ncopa)
|
2010-04-28 13:35:25 +00:00
|
|
|
* [mod_compress] Fix segfault when etags are disabled (fixes #2169)
|
2010-04-28 19:08:11 +00:00
|
|
|
* Reset uri.authority before TLS servername handling, reset all "keep-alive" data in connection_del (fixes #2125)
|
2010-05-28 15:16:39 +00:00
|
|
|
* Print double quotes properly when dumping config file (fixes #1806)
|
2010-05-28 15:54:27 +00:00
|
|
|
* Include IP addresses on error log on password failures (fixes #2191)
|
2010-07-04 07:45:13 +00:00
|
|
|
* Fix stalls while reading from ssl sockets (fixes #2197)
|
2010-07-04 07:45:17 +00:00
|
|
|
* Fix etag formatting on boxes with 32-bit longs
|
2010-07-04 07:45:25 +00:00
|
|
|
* Fix two compiler warnings
|
2010-07-04 08:30:48 +00:00
|
|
|
* mod_accesslog: fix %p for ipv6 sockets (fixes #2228, thx jo.henke)
|
2010-07-04 08:30:52 +00:00
|
|
|
* mod_fastcgi: Send 502 "Bad Gateway" if we couldn't open the file for X-Sendfile (fixes #2226)
|
2010-07-04 08:43:37 +00:00
|
|
|
* mod_staticfile: add debug output if we ignore a file with static-file.exclude-extensions (fixes #2215)
|
2010-07-04 10:37:34 +00:00
|
|
|
* mod_cgi: fix race condition leaving response not forwarded to client (fixes #2217)
|
2010-07-11 17:18:54 +00:00
|
|
|
* mod_accesslog: Fix var declarations mixed in source (fixes #2233)
|
2010-07-11 17:18:59 +00:00
|
|
|
* mod_status: Add version to status page (fixes #2219)
|
2010-08-05 19:53:49 +00:00
|
|
|
* mod_accesslog: optimize accesslog_append_escaped (fixes #2236, thx crypt)
|
2010-08-05 20:42:18 +00:00
|
|
|
* openssl: silence annoying error messages for errno==0 (fixes #2213)
|
2010-08-05 21:08:23 +00:00
|
|
|
* array.c: improve array_get_unused_element to check data type; fix mem leak if unused_element didn't find a matching entry (fixes #2145)
|
2010-08-05 22:55:18 +00:00
|
|
|
* add check to stop loading plugins twice
|
2010-08-06 21:57:15 +00:00
|
|
|
* cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
|
2010-08-06 21:57:19 +00:00
|
|
|
* only require FDEVENT_IN bit to be set for listening connections (fixes #2227)
|
2010-08-07 10:46:34 +00:00
|
|
|
* add libev fdevent handler: server.event-handler = "libev"
|
2010-08-07 11:41:27 +00:00
|
|
|
* mod_proxy: return response as soon as it is available (fixes #2196)
|
2010-08-07 11:56:09 +00:00
|
|
|
* don't overwrite global server.force-lowercase-filenames setting (fixes #2042)
|
2010-08-07 13:16:16 +00:00
|
|
|
* bind to IPV6-only if ipv6 address was specified (http://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config)
|
2010-02-07 21:02:54 +00:00
|
|
|
|
|
|
|
|
- 1.4.26 - 2010-02-07
|
2010-01-30 21:27:38 +00:00
|
|
|
* Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)
|
|
|
|
|
* Remove dependency on automake >= 1.11 with m4_ifdef check
|
|
|
|
|
* mod_accesslog: support %e (fixes #2113, thx presbrey)
|
|
|
|
|
* Fix mod_cgi cgi.execute-x-only option in global block
|
|
|
|
|
* mod_fastcgi: x-sendfile2 parse error debugging
|
|
|
|
|
* Fix mod_proxy dead host detection if connect() fails
|
|
|
|
|
* Fix fd leaks in mod_cgi (fds not closed on pipe/fork failures, found by Rodrigo, fixes #2158, #2159)
|
|
|
|
|
* Fix segfault with broken rewrite/redirect patterns (fixes #2140, found by crypt)
|
2010-02-07 19:51:52 +00:00
|
|
|
* Append to previous buffer in con read, fix DoS/OOM vulnerability (fixes #2147, found by liming, CVE-2010-0295)
|
2010-02-04 10:13:37 +00:00
|
|
|
* Fix HUP detection in close-state if event-backend doesn't support FDEVENT_HUP (like select or poll on FreeBSD)
|
2009-11-21 16:08:36 +00:00
|
|
|
|
|
|
|
|
- 1.4.25 - 2009-11-21
|
2009-10-26 14:16:15 +00:00
|
|
|
* mod_magnet: fix pairs() for normal tables and strings (fixes #1307)
|
2009-10-26 14:16:20 +00:00
|
|
|
* mod_magnet: add traceback for printing lua errors
|
2009-10-26 18:48:26 +00:00
|
|
|
* mod_rewrite: fix compile error if compiled without pcre
|
2009-10-27 08:46:05 +00:00
|
|
|
* disable warning "CLOSE-read" (fixes #2091)
|
2009-10-31 09:54:13 +00:00
|
|
|
* mod_rrdtool: fix creating file if it doesn't exist (#1788)
|
2009-11-05 17:32:08 +00:00
|
|
|
* reset tlsext_server_name in connection_reset - fixes random hostnames in the $HTTP["host"] conditional
|
2009-11-05 21:46:48 +00:00
|
|
|
* export some SSL_CLIENT_* vars for client cert validation (fixes #1288, thx presbrey)
|
2009-11-07 18:24:04 +00:00
|
|
|
* mod_fastcgi: fix mod_fastcgi packet parsing
|
2009-11-07 22:00:10 +00:00
|
|
|
* mod_fastcgi: Don't reconnect after connect() succeeded (fixes #2096)
|
2009-11-21 15:11:59 +00:00
|
|
|
* Fix configure.ac to allow autoreconf, also enables make V=0
|
2009-10-26 14:16:09 +00:00
|
|
|
|
|
|
|
|
- 1.4.24 - 2009-10-25
|
2009-06-21 17:25:24 +00:00
|
|
|
* Add T_CONFIG_INT for bigger integers from the config (needed for #1966)
|
2009-06-21 17:25:31 +00:00
|
|
|
* Use unsigned int (and T_CONFIG_INT) for max_request_size
|
|
|
|
|
* Use unsigned int for secdownload.timeout (fixes #1966)
|
2009-06-21 17:25:34 +00:00
|
|
|
* Keep url/host values from connection to display information while keep-alive in mod_status (fixes #1202)
|
2009-06-21 17:25:39 +00:00
|
|
|
* Add server.breakagelog, a "special" stderr (fixes #1863)
|
2009-07-01 16:04:17 +00:00
|
|
|
* Fix config evaluation for debug.log-timeouts option (#1529)
|
2009-07-04 20:23:00 +00:00
|
|
|
* Add "cgi.execute-x-only" to mod_cgi, requires +x for cgi scripts (fixes #2013)
|
2009-07-10 16:16:11 +00:00
|
|
|
* Fix FD_SETSIZE comparision warnings
|
2009-07-10 16:19:45 +00:00
|
|
|
* Add "lua-5.1" to searched pkg-config names for lua
|
2009-07-10 16:23:59 +00:00
|
|
|
* Fix unused function webdav_lockdiscovery in mod_webdav
|
2009-07-10 16:36:36 +00:00
|
|
|
* cmake: Fix crypt lib check
|
2009-07-10 16:46:04 +00:00
|
|
|
* cmake: Add -export-dynamic to link flags, fixes build on FreeBSD
|
2009-07-11 09:01:18 +00:00
|
|
|
* Set FD_CLOEXEC for bound sockets before pipe-logger forks (fixes #2026)
|
2009-07-13 13:41:44 +00:00
|
|
|
* Reset ignored signals to SIG_DFL before exec() in fastcgi/scgi (fixes #2029)
|
2009-07-13 13:48:29 +00:00
|
|
|
* Show "no uri specified -> 400" error only when "debug.log-request-header-on-error" is enabled (fixes #2030)
|
2009-07-13 14:13:52 +00:00
|
|
|
* Fix hanging connection in mod_scgi (fixes #2024)
|
2009-07-14 12:57:27 +00:00
|
|
|
* Allow digits in hostnames in more places (fixes #1148)
|
2009-07-14 13:15:38 +00:00
|
|
|
* Use connection_reset instead of handle_request_done for cleanup callbacks
|
2009-07-23 23:37:46 +00:00
|
|
|
* Change mod_expire to append Cache-Control instead of overwriting it (fixes #1997)
|
2009-07-16 23:23:08 +00:00
|
|
|
* Allow all comparisons for $SERVER["socket"] - only bind for "=="
|
2009-07-21 08:52:33 +00:00
|
|
|
* Remove strptime failed message (fixes #2031)
|
2009-07-21 20:35:27 +00:00
|
|
|
* Fix issues found with clang analyzer
|
2009-07-23 13:01:38 +00:00
|
|
|
* Try to fix server.tag issue with localized svnversion
|
2009-07-23 21:42:24 +00:00
|
|
|
* Fix handling network-write return values (#2024)
|
2009-07-23 21:42:59 +00:00
|
|
|
* Use disable-time in fastcgi for all disables after errors, default is 1sec (fixes #2040)
|
2009-07-23 21:43:07 +00:00
|
|
|
* Remove adaptive spawning code from fastcgi (was disabled for a long time)
|
2009-07-24 20:26:17 +00:00
|
|
|
* Allow mod_mysql_vhost to use stored procedures (fixes #2011, thx Ben Brown)
|
2009-07-27 16:12:36 +00:00
|
|
|
* Fix ipv6 in mod_proxy (fixes #2043)
|
2009-07-30 18:15:04 +00:00
|
|
|
* Print errors from include_shell to stderr
|
2009-08-06 08:33:19 +00:00
|
|
|
* Set tm.tm_isdst = 0 before mktime() (fixes #2047)
|
2009-08-12 18:27:18 +00:00
|
|
|
* Use linux-epoll by default if available (fixes #2021, thx Olaf van der Spek)
|
2009-08-28 19:30:48 +00:00
|
|
|
* Print an error if you use too many captures in a regex pattern (fixes #2059)
|
2009-09-21 13:15:57 +00:00
|
|
|
* Combine Cache-Control header value in mod_expire to existing HTTP header if header already added by other modules (fixes #2068)
|
2009-10-11 19:11:45 +00:00
|
|
|
* Remember keep-alive-idle in separate variable (fixes #1988)
|
|
|
|
|
* Fix header inclusion order, always include "config.h" before any system header
|
|
|
|
|
* mod_webdav: Patch to skip login information for domain part of Destination field (fixes #1793)
|
|
|
|
|
* mod_webdav: Delete old properties before updating new for MOVE (fixes #1317)
|
|
|
|
|
* Read hostname from absolute uris in the request line (fixes #1937)
|
|
|
|
|
* mod_fastcgi: don't disable backend if disable-time is 0 (fixes #1825)
|
2009-10-11 19:27:55 +00:00
|
|
|
* mod_compress: match partial+full content-type (fixes #1552)
|
2009-10-11 19:46:32 +00:00
|
|
|
* mod_fastcgi: fix is_local detection, respawn backends if bin-path is set (fixes #897)
|
2009-10-11 20:36:49 +00:00
|
|
|
* Fix linger-on-close behaviour to avoid rare failure conditions (was r2636, fixes #657)
|
2009-10-11 21:54:50 +00:00
|
|
|
* mod_fastcgi: restart local procs immediately after they terminated, fix local procs handling
|
2009-10-12 08:48:08 +00:00
|
|
|
* Fix segfault on invalid config "duplicate else conditions" (fixes #2065)
|
2009-10-12 09:35:01 +00:00
|
|
|
* mod_usertrack: Use T_CONFIG_INT for max-age, solves range problem (#1455)
|
2009-10-12 10:13:01 +00:00
|
|
|
* mod_accesslog: configurable timestamp logging (fixes #1479)
|
2009-10-12 10:39:36 +00:00
|
|
|
* always define _GNU_SOURCE
|
2009-10-12 19:49:43 +00:00
|
|
|
* Add some iterators for mod_magnet (fixes #1307)
|
2009-10-12 20:59:38 +00:00
|
|
|
* Fix close_timeout_ts trigger (should finally fix lingering close)
|
2009-10-12 21:49:09 +00:00
|
|
|
* mod_rewrite: add url.rewrite-[repeat-]if-not-file to rewrite if file doesn't exist or is not a regular file (fixes #985, thx lucas aerbeydt)
|
2009-10-14 13:39:59 +00:00
|
|
|
* Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg <peter@colberg.org>)
|
2009-10-14 18:19:19 +00:00
|
|
|
* Add SSL Client Certificate verification (#1288)
|
2009-10-16 09:02:41 +00:00
|
|
|
* mod_fastcgi: Fix host->active_procs counter, return 503 if connect wasn't successful after 5 tries (fixes #1825)
|
2009-10-16 16:43:28 +00:00
|
|
|
* mod_accesslog: escape special characters (fixes #1551, thx icy)
|
2009-10-17 14:06:37 +00:00
|
|
|
* fix mod_webdav crash from #1793 (fixes #2084, thx hiroya)
|
2009-10-16 22:06:22 +00:00
|
|
|
* Don't print ssl error if client didn't support TLS SNI
|
2009-10-19 13:26:01 +00:00
|
|
|
* Fix linger close timeout handling, drop timeout to 5 seconds (fixes #2086)
|
2009-10-20 07:32:40 +00:00
|
|
|
* Fix broken return values from int to enum in mod_fastcgi
|
2009-06-19 20:26:45 +00:00
|
|
|
|
|
|
|
|
- 1.4.23 - 2009-06-19
|
2009-03-07 21:05:37 +00:00
|
|
|
* Added some extra warning options in cmake and fix the resulting warnings (unused/static functions)
|
2009-03-07 21:05:41 +00:00
|
|
|
* New lighttpd man page (moved it to section 8) (fixes #1875)
|
2009-03-11 21:45:17 +00:00
|
|
|
* Create rrd file for empty rrdfile in mod_rrdtool (#1788)
|
2009-04-01 17:35:17 +00:00
|
|
|
* Fix workaround for incorrect path info/scriptname if fastcgi prefix is "/" (fixes #729)
|
2009-04-03 22:41:02 +00:00
|
|
|
* Finally removed spawn-fcgi
|
2009-04-05 19:36:39 +00:00
|
|
|
* Allow xattr to overwrite mime type (fixes #1929)
|
2009-04-05 21:50:56 +00:00
|
|
|
* Remove link from errormsg about fastcgi apps (fixes #1942)
|
2009-04-09 16:51:36 +00:00
|
|
|
* Strip trailing dot from "Host:" header
|
2009-04-09 16:51:44 +00:00
|
|
|
* Remove the optional port info from SERVER_NAME (thx Mr_Bond)
|
2009-04-09 16:51:46 +00:00
|
|
|
* Fix mod_proxy RoundRobin (off by one problem if only one backend is up)
|
2009-04-09 16:51:50 +00:00
|
|
|
* Rename configure.in to configure.ac, with small cleanups (fixes #1932)
|
2009-04-09 16:51:52 +00:00
|
|
|
* Add proper SUID bit detection (fixes #416)
|
2009-04-09 16:51:56 +00:00
|
|
|
* Check for regular file in mod_cgi, so we don't try to start directories
|
2009-04-09 17:39:20 +00:00
|
|
|
* Include mmap.h from chunk.h to fix some problems with #define mmap mmap64 (fixes #1923)
|
2009-04-10 10:50:51 +00:00
|
|
|
* Add support for pipe logging for server.errorlog (fixes #296)
|
2009-04-10 17:35:19 +00:00
|
|
|
* Add revision number to package version for svn/git checkouts
|
2009-04-11 12:48:27 +00:00
|
|
|
* Use server.tag for SERVER_SOFTWARE if configured (fixes #357)
|
2009-04-15 22:33:30 +00:00
|
|
|
* Fix trailing zero char in REQUEST_URI after "strip-request-uri" in mod_fastcgi
|
2009-04-15 22:33:34 +00:00
|
|
|
* mod_magnet: Add env["request.remote-ip"] (fixes #1740)
|
2009-04-15 22:33:36 +00:00
|
|
|
* mod_magnet: Add env["request.path-info"]
|
2009-04-16 12:14:00 +00:00
|
|
|
* Change name/version separator back to "/" (affects every place where the version is printed)
|
2009-04-24 19:22:16 +00:00
|
|
|
* Fix bug with FastCGI request id overflow under high load; just use always id 1 as we don't use multiplexing. (thx jgray)
|
2009-04-26 16:40:55 +00:00
|
|
|
* Add some dirlisting enhancements (fixes #1458)
|
2009-04-26 17:59:55 +00:00
|
|
|
* Add option to enable TCP_DEFER_ACCEPT (fixes #1447)
|
2009-04-26 18:29:09 +00:00
|
|
|
* Limit amount of bytes read for one read-event (fixes #1070)
|
2009-04-26 18:29:14 +00:00
|
|
|
* Add evasive.silent option (fixes #1438)
|
2009-04-26 19:43:22 +00:00
|
|
|
* Make mod_extforward headers configurable (fixes #1545)
|
2009-04-26 20:19:31 +00:00
|
|
|
* Add '%_' pattern for complete hostname in mod_evhost (fixes #1737)
|
2009-04-26 21:02:16 +00:00
|
|
|
* Add IPv6 support to mod_proxy (fixes #1537)
|
2009-04-27 09:28:45 +00:00
|
|
|
* mod_ssi printenv: print cgi env, add environment vars to cgi env (fixes #1713)
|
2009-04-27 09:28:48 +00:00
|
|
|
* Fix error message if no auth backend was set
|
2009-04-28 18:26:23 +00:00
|
|
|
* Fix SERVER_NAME port stripping (fixes #1968)
|
2009-04-28 18:28:13 +00:00
|
|
|
* Fix x-sendfile 2gb limiting (fixes #1970)
|
2009-04-28 18:32:03 +00:00
|
|
|
* Fix mod_cgi environment keys mangling (fixes #1969)
|
2009-04-29 14:51:35 +00:00
|
|
|
* Fix workaround for incorrect path info/scriptname if scgi prefix is "/" (fixes #729)
|
2009-05-10 12:20:19 +00:00
|
|
|
* Fix max-age value in mod_expire for 'modification' (fixes #1978)
|
2009-05-12 06:47:00 +00:00
|
|
|
* Fix evasive.silent option (#1438)
|
2009-05-19 18:39:44 +00:00
|
|
|
* Fix mod-fastcgi counters
|
2009-06-03 16:07:20 +00:00
|
|
|
* Modify fastcgi error message
|
2009-06-03 16:44:37 +00:00
|
|
|
* Backup errno for later usage (reported by Guido Reina via mailinglist)
|
2009-06-07 17:46:11 +00:00
|
|
|
* Improve FastCGI performance (fixes #1999)
|
2009-06-07 19:07:31 +00:00
|
|
|
* Workaround broken operating systems: check for trailing '/' in filenames (fixes #1989)
|
2009-06-07 19:31:24 +00:00
|
|
|
* Allow using pcre with cross-compiling (pcre-config got fixed; fixes #1986)
|
2009-06-10 13:08:15 +00:00
|
|
|
* Add "lighty.req_env" table to mod_magnet for setting/getting environment values for cgi (fixes #1967, thx presbrey)
|
2009-06-10 14:31:06 +00:00
|
|
|
* Fix segfault in mod_expire after failed config parsing (fixes #1992)
|
2009-06-10 14:50:42 +00:00
|
|
|
* Add ssi.content-type option (default text/html, fixes #615)
|
2009-06-11 09:53:34 +00:00
|
|
|
* Add support for "real" entropy from /dev/[u]random (fixes #1977)
|
2009-06-11 10:09:14 +00:00
|
|
|
* Adding support for additional chars in LDAP usernames (fixes #1941)
|
2009-06-11 10:18:36 +00:00
|
|
|
* Ignore multiple "If-None-Match" headers (only use first one, fixes #753)
|
2009-06-11 14:04:57 +00:00
|
|
|
* Fix 100% cpu usage if time() < 0 (thx to gaspa and cate, fixes #1964)
|
2009-06-11 14:09:25 +00:00
|
|
|
* Allow max-keep-alive-requests to depend on conditional (fixes #1881)
|
2009-06-16 13:47:15 +00:00
|
|
|
* Make dependency on svnversion/git optional (for devel versionstamp, fixes #2009)
|
2009-03-07 15:46:23 +00:00
|
|
|
|
|
|
|
|
- 1.4.22 - 2009-03-07
|
2009-02-17 13:38:22 +00:00
|
|
|
* Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533)
|
2009-02-17 22:45:44 +00:00
|
|
|
* Fix default vhost in mod_simple_vhost (fixes #1905)
|
2009-02-19 13:13:58 +00:00
|
|
|
* Handle EINTR in mod_rrdtool (fixes #604)
|
2009-02-19 13:14:02 +00:00
|
|
|
* Fix rrd error after graceful restart (fixes #419)
|
2009-02-24 13:31:26 +00:00
|
|
|
* Fix EAGAIN handling for freebsd sendfile (fixes #1913, thx AnMaster for spotting the problem)
|
2009-02-28 20:54:10 +00:00
|
|
|
* Fix segfault in mod_scgi (fixes #1911)
|
2009-02-28 21:38:50 +00:00
|
|
|
* Treat EPIPE as connection-closed error in network_freebsd_sendfile.c (another fix from #1913)
|
2009-03-03 10:41:06 +00:00
|
|
|
* Fix useless redirection of stderr in mod_rrdtool, as it gets redirected to /dev/null later. (fixes #1922)
|
2009-03-07 13:54:10 +00:00
|
|
|
* Fix some problems with more strict compilers (#1923)
|
2009-03-07 13:58:25 +00:00
|
|
|
* Fix segfault if siginfo_t* is NULL in sigaction handler (fixes #1926)
|
2009-02-17 09:01:37 +00:00
|
|
|
|
|
|
|
|
- 1.4.21 - 2009-02-16
|
2008-09-30 11:20:31 +00:00
|
|
|
|
2008-09-30 13:48:45 +00:00
|
|
|
* Fix base64 decoding in mod_auth (#1757, thx guido)
|
2008-09-30 14:20:59 +00:00
|
|
|
* Fix mod_cgi segfault when bound to unix domain socket (#653)
|
2008-09-30 14:28:12 +00:00
|
|
|
* Do not rely on ioctl FIONREAD (#673)
|
2008-09-30 15:30:06 +00:00
|
|
|
* Now really fix mod auth ldap (#1066)
|
2008-09-30 19:42:29 +00:00
|
|
|
* Fix leaving zombie process with include_shell (#1777)
|
2008-09-30 21:13:42 +00:00
|
|
|
* Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff
|
2008-10-01 13:24:19 +00:00
|
|
|
* Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb)
|
2008-10-01 16:49:15 +00:00
|
|
|
* Do not cache default vhost in mod_simple_vhost (#709)
|
2008-10-01 16:49:19 +00:00
|
|
|
* Trust pcre-config, do not check for pcre manually (#1769)
|
2008-10-01 20:08:23 +00:00
|
|
|
* Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963)
|
2008-10-03 10:05:33 +00:00
|
|
|
* Add possibility to disable methods in mod_compress (#1773)
|
2008-10-04 16:10:29 +00:00
|
|
|
* Fix duplicate connection keep-alive/transfer-encoding headers (#960)
|
2008-10-05 22:46:47 +00:00
|
|
|
* Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715)
|
2008-10-16 12:42:18 +00:00
|
|
|
* Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests
|
2008-10-16 12:42:22 +00:00
|
|
|
* Compare address family in inet_ntop_cache
|
2008-12-07 15:22:42 +00:00
|
|
|
* Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions.
|
2008-12-07 15:22:49 +00:00
|
|
|
* Use FD_CLOEXEC if possible (fixes #1821)
|
2008-12-18 22:12:11 +00:00
|
|
|
* Optimized buffer usage in mod_proxy (fixes #1850)
|
2008-12-18 22:23:26 +00:00
|
|
|
* Fix uninitialized value in time struct after strptime
|
2009-01-19 12:32:37 +00:00
|
|
|
* Do not pass Proxy-Connection: header from client to backend http server in mod_proxy (#1877)
|
2009-02-03 20:16:20 +00:00
|
|
|
* Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng)
|
2009-02-03 20:59:03 +00:00
|
|
|
* Some small buffer.c fixes (closes #1837)
|
2009-02-03 21:02:18 +00:00
|
|
|
* Remove floating point math from server.c (fixes #1402)
|
2009-02-03 22:10:25 +00:00
|
|
|
* Disable SSLv2 by default
|
2009-02-03 22:53:23 +00:00
|
|
|
* Use/enforce sane max-connection values (fixes #1803)
|
2009-02-04 10:27:42 +00:00
|
|
|
* Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884)
|
2009-02-04 15:16:29 +00:00
|
|
|
* Add option to ignore the "Expect: 100-continue" header instead of returning 417 Expectation failed (closes #1017)
|
2009-02-04 17:30:18 +00:00
|
|
|
* Use modified etags in mod_compress (fixes #1800)
|
2009-02-05 10:53:24 +00:00
|
|
|
* Fix max-connection limit handling/100% cpu usage (fixes #1436)
|
2009-02-05 11:45:02 +00:00
|
|
|
* Fix error handling in freebsd-sendfile (fixes #1813)
|
2009-02-05 21:54:47 +00:00
|
|
|
* Silenced the annoying "request timed out" warning, enable with the "debug.log-timeouts" option (fixes #1529)
|
2009-02-05 22:07:59 +00:00
|
|
|
* Allow tabs in header values (fixes #1822)
|
2009-02-05 22:36:58 +00:00
|
|
|
* Added Language conditional (fixes #1119); patch by petar
|
2009-02-16 13:42:38 +00:00
|
|
|
* Fix wrong format strings (#1900, thx stepancheg)
|
2008-09-30 11:20:31 +00:00
|
|
|
|
|
|
|
|
- 1.4.20 - 2008-09-30
|
2008-03-13 15:33:06 +00:00
|
|
|
|
2008-03-13 15:34:10 +00:00
|
|
|
* Fix mod_compress to compile with old gcc version (#1592)
|
2008-03-13 15:34:28 +00:00
|
|
|
* Fix mod_extforward to compile with old gcc version (#1591)
|
2008-03-13 15:34:46 +00:00
|
|
|
* Update documentation for #1587
|
2008-03-30 15:01:50 +00:00
|
|
|
* Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531)
|
2008-03-26 13:51:33 +00:00
|
|
|
* Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308)
|
2008-03-30 15:01:50 +00:00
|
|
|
* Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601)
|
2008-04-05 20:00:21 +00:00
|
|
