lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1299 lines
65 KiB

====
NEWS
====
- 1.4.40
* [mod_ssi] enhance support for ssi vars (thx fbrosson)
* add handling for lua 5.2 and 5.3 (fixes #2674)
* use libmemcached instead of deprecated libmemcache
* add force_assert for more allocation results
* [mod_cgi] use MAP_PRIVATE to mmap temporary file (fixes #2715)
* [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711)
* [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)
* [mod_cgi] issue trace and exit if execve() fails (closes #2302)
* [configparser] don't continue after parse error (fixes #2717)
* [core] never evaluate else branches until the previous branches are ready (fixes #2598)
* [core] fix conditional cache handling
* [core] improve conditional enabling (thx Gwenlliana, #2598)
* [mod_compress] case-insensitive content-codings (fixes #2645)
* [plugins] don't include dlfcn.h if not needed (fixes #2548)
* [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474)
* [mod_cgi] send 500 if CGI ends and there is no response (fixes #2542)
* [mod_cgi] consolidate CGI cleanup code
* [mod_cgi] simplify mod_cgi_handle_subrequest()
* [mod_cgi] kill CGI if fail to write request body
* [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
* [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
* [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
* [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project)
* [core] improve array API to prevent memory leaks
* [core] refactor array search; raise array size limit to SSIZE_MAX
* [core] fix memory leak in configparser_merge_data
* [core] provide array_extract_element and use it
* [core] configparser: error on duplicate keys in array merge (fixes #2685)
* [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
* [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
* [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
* [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
* restart (some) syscalls after SIGCHLD interrupted them; should fix LDAP problems (fixes #2464)
* [core] log remote address on request timeouts (fixes #652)
* [autobuild] use AC_CANONICAL_HOST instead of AC_CANONICAL_TARGET (fixes #1866)
* [core] fix request_start in keep-alive requests to mark time when received first byte (fixes #2412)
- 1.4.39 - 2016-01-02
* [core] fix memset_s call (fixes #2698)
* [chunk] fix use after free / double free (fixes #2700)
- 1.4.38 - 2015-12-05
* [stat-cache] fix handling of collisions, might have returned wrong data (fixes #2669)
* [core] allocate at least 4k buffer for incoming data
* [core] fix search for header end if split across chunks (fixes #2670)
* [core] check configparserAlloc() result with force_assert
* [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero if available (thx loganaden)
* [core] don't buffer request bodies smaller than 64k on disk
* add force_assert for many allocations and function results
* [mod_secdownload] use a hopefully constant time comparison to check hash (fixes #2679)
* [config] check config option scope; warn if server option is given in conditional
* [core] revert increase of temp file size back to 1MB, provide a configure option "server.upload-temp-file-size" instead (fixes #2680)
* [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding
* [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss)
* [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256"
* [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691, thx Kyle J. McKay)
* [network] add darwin-sendfile backend (fixes #2687, thx Kyle J. McKay)
* [core] show correct crypt support result (fixes #2690, thx Kyle J. McKay)
- 1.4.37 - 2015-08-30
* [mod_proxy] remove debug log line from error log (fixes #2659)
* [mod_dirlisting] fix dir-listing.set-footer not showing
* fix out-of-filedescriptors when uploading "large" files (fixes #2660, thx rmilecki)
* increase upload temporary chunk file size from 1MB to 16MB
* fix undefined integer shift
* rewrite network sendfile/mmap/writev/write backends
* fix some unchecked return value warnings
* [kqueue] fix kevent call
* [autoconf] define HAVE_CRYPT when crypt() is present
* [bsd xattr] fix compile break with BSD extended attributes in stat_cache
* [mod_cgi] rewrite mmap and generic (post body) send error handling
* [mmap] fix mmap alignment
* [plugins] when modules are linked statically still only load the modules given in the config
* [mmap] handle SIGBUS in network; those get triggered if the file gets smaller during reading
* fix some warnings found by coverity ("leak" in setup phase, not catching too long unix socket paths in mod_proxy)
- 1.4.36 - 2015-07-26
* use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
* fix bad shift in conditional netmask ".../0" handling
* add more mime types and a script to generate mime.conf (fixes #2579)
* add support for (Free)BSD extended attributes
* [build] use fortify flags with "extra-warnings"
* [mod_dirlisting,mod_redirect,mod_rewrite] abort config parsing if pcre-compile fails or isn't available
* [ssl] disable SSL3.0 by default
* fixed typo in example config found by openSUSE user (boo# 907709)
* [network] fix compile break in calculation of sockaddr_un size if SUN_LEN is not defined (fixes #2609)
* [connections] fix bug in connection state handling
* print backtrace in assert logging with libunwind
fix buffer, chunk and http_chunk API * remove unused structs and functions (buffer_array, read_buffer) * change return type from int to void for many functions, as the return value (indicating error/success) was never checked, and the function would only fail on programming errors and not on invalid input; changed functions to use force_assert instead of returning an error. * all "len" parameters now are the real size of the memory to be read. the length of strings is given always without the terminating 0. * the "buffer" struct still counts the terminating 0 in ->used, provide buffer_string_length() to get the length of a string in a buffer. unset config "strings" have used == 0, which is used in some places to distinguish unset values from "" (empty string) values. * most buffer usages should now use it as string container. * optimise some buffer copying by "moving" data to other buffers * use (u)intmax_t for generic int-to-string functions * remove unused enum values: UNUSED_CHUNK, ENCODING_UNSET * converted BUFFER_APPEND_SLASH to inline function (no macro feature needed) * refactor: create chunkqueue_steal: moving (partial) chunks into another queue * http_chunk: added separate function to terminate chunked body instead of magic handling in http_chunk_append_mem(). http_chunk_append_* now handle empty chunks, and never terminate the chunked body. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2975 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
* major refactoring of internal buffer/chunk handling
* [mod_auth] use crypt_r instead of crypt if available
* fix error message for T_CONFIG_ARRAY config values if an entry value is not a string
* fix segfaults in many plugins if they failed configuration
* escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp)
* fix hex escape in accesslog (fixes #2559)
* show extforward re-run warning only with debug.log-request-handling (fixes #2561)
* parse If-None-Match for ETag validation (fixes #2578)
* fix memory leak in mod_status when no counters are set (found by coverity)
* [mod_magnet] fix segfault when accessing not existing lighty.req_env[] entry (found by coverity)
* fix segfault when temp file for upload couldn't be created (found by coverity)
* mime.conf: add some new mime types, remove .dat, .sha1, .md5, update .vcf
* [mod_proxy] add unix domain socket support (fixes #2653)
* [configfile] fix reading uninitialized variable (found by Willian B.)
- 1.4.35 - 2014-03-12
* [network/ssl] fix build error if TLSEXT is disabled
* [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)
* [mod_rrdtool] fix invalid read (string not null terminated)
* [mod_dirlisting] fix memory leak if pcre fails
* [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends
* [mod_magnet] fix memory leak
* add comments for switch fall throughs
* remove logical dead code
* [buffer] fix length check in buffer_is_equal_right_len
* fix resource leaks in error cases on config parsing and other initializations
* add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546)
* [mod_cml_lua] fix null pointer dereference
* force assertion: setting FD_CLOEXEC must work (if available)
* [network] check return value of lseek()
* fix unchecked return values from stream_open/stat_cache_get_entry
* [mod_webdav] fix logic error in handling file creation error
* check length of unix domain socket filenames
* fix SQL injection / host name validation (thx Jann Horn)
- 1.4.34 - 2014-01-20
* [mod_auth] explicitly link ssl for SHA1 (fixes #2517)
* [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
* [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508)
* [doc] update ssl.cipher-list recommendation
* [stat-cache] FAM: fix use after free (CVE-2013-4560)
* [stat-cache] fix FAM cleanup/fdevent handling
* [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
* [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)
* maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places
* [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526)
* [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533)
* [mod_mysql_vhost] fix memory leak on config init (#2530)
* [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri)
- 1.4.33 - 2013-09-27
* mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)
* fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors);
follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
* [mod_fastcgi,log] support multi line logging (fixes #2252)
* call ERR_clear_error only for ssl connections in CON_STATE_ERROR
* reject non ASCII characters in HTTP header names
* [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)
* [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better.
* [mod_auth] fix base64_decode (#2484)
* fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu)
* fix undefined stuff found with clang
* [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
* [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
* [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490)
* [mod_userdir] add userdir.active option, "enabled" by default
* [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
* [core] recognize more http methods to forward to backends (fixes #2346)
* [ssl] use DH only if openssl supports it (fixes #2479)
* [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470)
* [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
* [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
* [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
* [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
* [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436)
* [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
* [core] check whether server.chroot exists
* [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
* [mod_accesslog] add accesslog.syslog-level option (fixes #2480)
* [core] allow files to be used as document-root (fixes #2475)
* [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502)
- 1.4.32 - 2012-11-21
* Code cleanup with clang/sparse (fixes #2437, thx kibi)
* Ignore EPIPE/ECONNRESET after SSL_shutdown
* Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx dererkazo)
* configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino)
* add PATCH method (fixes #2424)
* fix :port handling in $HTTP["host"] checks (fixes #2135. thx liming)
* network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel)
* detect "x-gzip"/"x-bzip2" as separate encodings, more strict encoding matching (fixes #2443)
* tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi)
* mod_extforward: log address of untrusted proxy with debug.log-request-handling
* fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533)
* remove whitespace at end of header keys
- 1.4.31 - 2012-05-31
* [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI (thx carpii for reporting)
* Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373)
* [mod_compress] fix handling if etags are disabled but cache-dir is set - may lead to double response
* disable mmap by default (fixes #2391)
* buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)
* Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413)
* Fix access log escaping of " and \\ (fixes #1551)
* [mod_auth] Fix digest "md5-sess" implementation (Errata ID 1649, RFC 2617) (fixes #2410)
* [auth] Add "AUTH_TYPE" environment (for *cgi), remove fastcgi specific workaround, add fastcgi test case (fixes #889)
* [mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes #2333, thx simoncpu)
* Detect multiple -f options: show error message instead of assert (fixes #2416)
* [mod_extforward] Support ipv6 addresses (fixes #1889)
* [mod_redirect] Support url.redirect-code option (fixes #2247)
* Fix --enable-mmap handling in configure.ac
- 1.4.30 - 2011-12-18
* Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331)
* Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
* [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
* Add static-file.disable-pathinfo option to prevent handling of urls like .../secret.php/image.jpg as static file
* Don't overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
* Fix mod_status bug: always showed "0/0" in the "Read" column for uploads (fixes #2351)
* [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
* [ssl] count renegotiations to prevent client renegotiations
* [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
* [core] accept dots in ipv6 addresses in host header (fixes #2359)
* [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
* [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324)
- 1.4.29 - 2011-07-03
* Fix mod_proxy waiting for response even if content-length is 0 (fixes #2259)
* Silence annoying "connection closed: poll() -> ERR" error.log message (fixes #2257)
* mod_cgi: make read buffer as big as incoming data block
* [build] Fix detection of libev (fixes #2300)
* ssl: Support for Diffie-Hellman and Elliptic-Curve Diffie-Hellman key exchange (fixes #2301)
add ssl.use-sslv3 (fixes #2246)
load all algorithms (fixes #2239)
* [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269)
* [ssl/build] some minor fixes; fix compile without ssl, cleanup ssl config buffers
* [proc,include_shell] log error if exec shell fails (fixes #2280)
* [*cgi] Use physical base dir (alias, userdir) as DOCUMENT_ROOT in cgi environments (fixes #2216)
* [doc] Move docs to outdated/ subdir and refer to wiki instead (fixes #2248)
* fdevent: add solaris eventports (fixes #2171)
- 1.4.28 - 2010-08-22
* Rename fdevent_event_add to _set to reflect what the function does. Fix some handlers. (fixes #2249)
* Fix buffer.h to include stdio.h as it is needer for SEGFAULT() (fixes #2250)
- 1.4.27 - 2010-08-13
* Fix handling return value of SSL_CTX_set_options (fixes #2157, thx mlcreech)
* Fix mod_proxy HUP handling (send final chunk, fix usage counter)
* mod_proxy: close connection on write error (fixes #2114)
* Check uri instead of physical path for directory redirect
* Fix detecting git repository (fixes #2173, thx ncopa)
* [mod_compress] Fix segfault when etags are disabled (fixes #2169)
* Reset uri.authority before TLS servername handling, reset all "keep-alive" data in connection_del (fixes #2125)
* Print double quotes properly when dumping config file (fixes #1806)
* Include IP addresses on error log on password failures (fixes #2191)
* Fix stalls while reading from ssl sockets (fixes #2197)
* Fix etag formatting on boxes with 32-bit longs
* Fix two compiler warnings
* mod_accesslog: fix %p for ipv6 sockets (fixes #2228, thx jo.henke)
* mod_fastcgi: Send 502 "Bad Gateway" if we couldn't open the file for X-Sendfile (fixes #2226)
* mod_staticfile: add debug output if we ignore a file with static-file.exclude-extensions (fixes #2215)
* mod_cgi: fix race condition leaving response not forwarded to client (fixes #2217)
* mod_accesslog: Fix var declarations mixed in source (fixes #2233)
* mod_status: Add version to status page (fixes #2219)
* mod_accesslog: optimize accesslog_append_escaped (fixes #2236, thx crypt)
* openssl: silence annoying error messages for errno==0 (fixes #2213)
* array.c: improve array_get_unused_element to check data type; fix mem leak if unused_element didn't find a matching entry (fixes #2145)
* add check to stop loading plugins twice
* cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
* only require FDEVENT_IN bit to be set for listening connections (fixes #2227)
* add libev fdevent handler: server.event-handler = "libev"
* mod_proxy: return response as soon as it is available (fixes #2196)
* don't overwrite global server.force-lowercase-filenames setting (fixes #2042)
* bind to IPV6-only if ipv6 address was specified (http://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config)
- 1.4.26 - 2010-02-07
* Fix request parser to handle packets with splitted \r\n\r\n (fixes #2105)
* Remove dependency on automake >= 1.11 with m4_ifdef check
* mod_accesslog: support %e (fixes #2113, thx presbrey)
* Fix mod_cgi cgi.execute-x-only option in global block
* mod_fastcgi: x-sendfile2 parse error debugging
* Fix mod_proxy dead host detection if connect() fails
* Fix fd leaks in mod_cgi (fds not closed on pipe/fork failures, found by Rodrigo, fixes #2158, #2159)
* Fix segfault with broken rewrite/redirect patterns (fixes #2140, found by crypt)
* Append to previous buffer in con read, fix DoS/OOM vulnerability (fixes #2147, found by liming, CVE-2010-0295)
* Fix HUP detection in close-state if event-backend doesn't support FDEVENT_HUP (like select or poll on FreeBSD)
- 1.4.25 - 2009-11-21
* mod_magnet: fix pairs() for normal tables and strings (fixes #1307)
* mod_magnet: add traceback for printing lua errors
* mod_rewrite: fix compile error if compiled without pcre
* disable warning "CLOSE-read" (fixes #2091)
* mod_rrdtool: fix creating file if it doesn't exist (#1788)
* reset tlsext_server_name in connection_reset - fixes random hostnames in the $HTTP["host"] conditional
* export some SSL_CLIENT_* vars for client cert validation (fixes #1288, thx presbrey)
* mod_fastcgi: fix mod_fastcgi packet parsing
* mod_fastcgi: Don't reconnect after connect() succeeded (fixes #2096)
* Fix configure.ac to allow autoreconf, also enables make V=0
- 1.4.24 - 2009-10-25
* Add T_CONFIG_INT for bigger integers from the config (needed for #1966)
* Use unsigned int (and T_CONFIG_INT) for max_request_size
* Use unsigned int for secdownload.timeout (fixes #1966)
* Keep url/host values from connection to display information while keep-alive in mod_status (fixes #1202)
* Add server.breakagelog, a "special" stderr (fixes #1863)
* Fix config evaluation for debug.log-timeouts option (#1529)
* Add "cgi.execute-x-only" to mod_cgi, requires +x for cgi scripts (fixes #2013)
* Fix FD_SETSIZE comparision warnings
* Add "lua-5.1" to searched pkg-config names for lua
* Fix unused function webdav_lockdiscovery in mod_webdav
* cmake: Fix crypt lib check
* cmake: Add -export-dynamic to link flags, fixes build on FreeBSD
* Set FD_CLOEXEC for bound sockets before pipe-logger forks (fixes #2026)
* Reset ignored signals to SIG_DFL before exec() in fastcgi/scgi (fixes #2029)
* Show "no uri specified -> 400" error only when "debug.log-request-header-on-error" is enabled (fixes #2030)
* Fix hanging connection in mod_scgi (fixes #2024)
* Allow digits in hostnames in more places (fixes #1148)
* Use connection_reset instead of handle_request_done for cleanup callbacks
* Change mod_expire to append Cache-Control instead of overwriting it (fixes #1997)
* Allow all comparisons for $SERVER["socket"] - only bind for "=="
* Remove strptime failed message (fixes #2031)
* Fix issues found with clang analyzer
* Try to fix server.tag issue with localized svnversion
* Fix handling network-write return values (#2024)
* Use disable-time in fastcgi for all disables after errors, default is 1sec (fixes #2040)
* Remove adaptive spawning code from fastcgi (was disabled for a long time)
* Allow mod_mysql_vhost to use stored procedures (fixes #2011, thx Ben Brown)
* Fix ipv6 in mod_proxy (fixes #2043)
* Print errors from include_shell to stderr
* Set tm.tm_isdst = 0 before mktime() (fixes #2047)
* Use linux-epoll by default if available (fixes #2021, thx Olaf van der Spek)
* Print an error if you use too many captures in a regex pattern (fixes #2059)
* Combine Cache-Control header value in mod_expire to existing HTTP header if header already added by other modules (fixes #2068)
* Remember keep-alive-idle in separate variable (fixes #1988)
* Fix header inclusion order, always include "config.h" before any system header
* mod_webdav: Patch to skip login information for domain part of Destination field (fixes #1793)
* mod_webdav: Delete old properties before updating new for MOVE (fixes #1317)
* Read hostname from absolute uris in the request line (fixes #1937)
* mod_fastcgi: don't disable backend if disable-time is 0 (fixes #1825)
* mod_compress: match partial+full content-type (fixes #1552)
* mod_fastcgi: fix is_local detection, respawn backends if bin-path is set (fixes #897)
* Fix linger-on-close behaviour to avoid rare failure conditions (was r2636, fixes #657)
* mod_fastcgi: restart local procs immediately after they terminated, fix local procs handling
* Fix segfault on invalid config "duplicate else conditions" (fixes #2065)
* mod_usertrack: Use T_CONFIG_INT for max-age, solves range problem (#1455)
* mod_accesslog: configurable timestamp logging (fixes #1479)
* always define _GNU_SOURCE
* Add some iterators for mod_magnet (fixes #1307)
* Fix close_timeout_ts trigger (should finally fix lingering close)
* mod_rewrite: add url.rewrite-[repeat-]if-not-file to rewrite if file doesn't exist or is not a regular file (fixes #985, thx lucas aerbeydt)
* Add TLS servername indication (SNI) support (fixes #386, thx Peter Colberg <peter@colberg.org>)
* Add SSL Client Certificate verification (#1288)
* mod_fastcgi: Fix host->active_procs counter, return 503 if connect wasn't successful after 5 tries (fixes #1825)
* mod_accesslog: escape special characters (fixes #1551, thx icy)
* fix mod_webdav crash from #1793 (fixes #2084, thx hiroya)
* Don't print ssl error if client didn't support TLS SNI
* Fix linger close timeout handling, drop timeout to 5 seconds (fixes #2086)
* Fix broken return values from int to enum in mod_fastcgi
- 1.4.23 - 2009-06-19
* Added some extra warning options in cmake and fix the resulting warnings (unused/static functions)
* New lighttpd man page (moved it to section 8) (fixes #1875)
* Create rrd file for empty rrdfile in mod_rrdtool (#1788)
* Fix workaround for incorrect path info/scriptname if fastcgi prefix is "/" (fixes #729)
* Finally removed spawn-fcgi
* Allow xattr to overwrite mime type (fixes #1929)
* Remove link from errormsg about fastcgi apps (fixes #1942)
* Strip trailing dot from "Host:" header
* Remove the optional port info from SERVER_NAME (thx Mr_Bond)
* Fix mod_proxy RoundRobin (off by one problem if only one backend is up)
* Rename configure.in to configure.ac, with small cleanups (fixes #1932)
* Add proper SUID bit detection (fixes #416)
* Check for regular file in mod_cgi, so we don't try to start directories
* Include mmap.h from chunk.h to fix some problems with #define mmap mmap64 (fixes #1923)
* Add support for pipe logging for server.errorlog (fixes #296)
* Add revision number to package version for svn/git checkouts
* Use server.tag for SERVER_SOFTWARE if configured (fixes #357)
* Fix trailing zero char in REQUEST_URI after "strip-request-uri" in mod_fastcgi
* mod_magnet: Add env["request.remote-ip"] (fixes #1740)
* mod_magnet: Add env["request.path-info"]
* Change name/version separator back to "/" (affects every place where the version is printed)
* Fix bug with FastCGI request id overflow under high load; just use always id 1 as we don't use multiplexing. (thx jgray)
* Add some dirlisting enhancements (fixes #1458)
* Add option to enable TCP_DEFER_ACCEPT (fixes #1447)
* Limit amount of bytes read for one read-event (fixes #1070)
* Add evasive.silent option (fixes #1438)
* Make mod_extforward headers configurable (fixes #1545)
* Add '%_' pattern for complete hostname in mod_evhost (fixes #1737)
* Add IPv6 support to mod_proxy (fixes #1537)
* mod_ssi printenv: print cgi env, add environment vars to cgi env (fixes #1713)
* Fix error message if no auth backend was set
* Fix SERVER_NAME port stripping (fixes #1968)
* Fix x-sendfile 2gb limiting (fixes #1970)
* Fix mod_cgi environment keys mangling (fixes #1969)
* Fix workaround for incorrect path info/scriptname if scgi prefix is "/" (fixes #729)
* Fix max-age value in mod_expire for 'modification' (fixes #1978)
* Fix evasive.silent option (#1438)
* Fix mod-fastcgi counters
* Modify fastcgi error message
* Backup errno for later usage (reported by Guido Reina via mailinglist)
* Improve FastCGI performance (fixes #1999)
* Workaround broken operating systems: check for trailing '/' in filenames (fixes #1989)
* Allow using pcre with cross-compiling (pcre-config got fixed; fixes #1986)
* Add "lighty.req_env" table to mod_magnet for setting/getting environment values for cgi (fixes #1967, thx presbrey)
* Fix segfault in mod_expire after failed config parsing (fixes #1992)
* Add ssi.content-type option (default text/html, fixes #615)
* Add support for "real" entropy from /dev/[u]random (fixes #1977)
* Adding support for additional chars in LDAP usernames (fixes #1941)
* Ignore multiple "If-None-Match" headers (only use first one, fixes #753)
* Fix 100% cpu usage if time() < 0 (thx to gaspa and cate, fixes #1964)
* Allow max-keep-alive-requests to depend on conditional (fixes #1881)
* Make dependency on svnversion/git optional (for devel versionstamp, fixes #2009)
- 1.4.22 - 2009-03-07
* Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533)
* Fix default vhost in mod_simple_vhost (fixes #1905)
* Handle EINTR in mod_rrdtool (fixes #604)
* Fix rrd error after graceful restart (fixes #419)
* Fix EAGAIN handling for freebsd sendfile (fixes #1913, thx AnMaster for spotting the problem)
* Fix segfault in mod_scgi (fixes #1911)
* Treat EPIPE as connection-closed error in network_freebsd_sendfile.c (another fix from #1913)
* Fix useless redirection of stderr in mod_rrdtool, as it gets redirected to /dev/null later. (fixes #1922)
* Fix some problems with more strict compilers (#1923)
* Fix segfault if siginfo_t* is NULL in sigaction handler (fixes #1926)
- 1.4.21 - 2009-02-16
* Fix base64 decoding in mod_auth (#1757, thx guido)
* Fix mod_cgi segfault when bound to unix domain socket (#653)
* Do not rely on ioctl FIONREAD (#673)
* Now really fix mod auth ldap (#1066)
* Fix leaving zombie process with include_shell (#1777)
* Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff