enabled by default
disable using server.feature-flags += ("server.pcre_jit" => "disable")
Available since pcre-8.20 (2011), and improved in pcre-8.32 (2012),
PCRE_STUDY_JIT_COMPILE can greatly speed up repeated execution of PCRE
lighttpd continues to use pcre_exec() instead of pcre_jit_exec(),
even though doing so does not realize all of the performance increase
potentially available with PCRE_STUDY_JIT_COMPILE and pcre_jit_exec().
pcre_jit_exec() is available with PCRE 8.32 and later, if PCRE is
compiled with --enable-jit, but lighttpd does not currently use
pcre_jit_exec() since the PCRE library might not have been compiled
with --enable-jit (though this could be solved with a weak symbol).
Similarly, lighttpd does not currently configure the pcre_jit_stack.
(Using pcre_jit_exec() may be revisited in the future.)
"add support for pcre JIT"
server.http-parseopts = ( ... ) URL normalization options
Note: *not applied* to CONNECT method
Note: In a future release, URL normalization likely enabled by default
(normalize URL, reject control chars, remove . and .. path segments)
To prepare for this change, lighttpd.conf configurations should
explicitly select desired behavior by enabling or disabling:
server.http-parseopts = ( "url-normalize" => "enable", ... )
server.http-parseopts = ( "url-normalize" => "disable" )
"lighttpd ... compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data."
"Rewrite/redirect rules and URL encoding"
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers