RFC 7231 forbids partial PUT. However, historical versions of
lighttpd mod_webdav did provide this (mis-)feature. Therefore,
provide *deprecated* unsafe partial PUT support for compatibility
with historical lighttpd mod_webdav (prior to mod_webdav rewrite),
but require new config option to enable this compatible behavior:
webdav.opts = ( "deprecated-unsafe-partial-put" => "enable" )
The partial PUT support implemented by historical lighttpd mod_webdav
makes no effort to account for shrinkage or growth of range replaced.
The request body is splat into the *existing* file at the offset
provided which is quite unsafe and can cause corruption in data sent
to concurrent download requests.
Use of this (mis-)feature is discouraged, and support may be removed
in the future, without any further notice.
200 for OPTIONS /non-existent/path HTTP/1.1 when a module,
such as mod_webdav, has set Allow response header
"OPTIONS should return 2xx status for non-existent resources if Allow is set"
(occurred 3 years ago on experimental branch, and now ported forward)
robustness and performance improvements, including atomic updates on
individual files (e.g. for PUT, COPY, MOVE)
exclusive locks are fully supported
shared locks are partly supported
"add RFC-compliant LOCK support to mod_webdav"
fix abort in server.http-parseopts with url-path-2f-decode enabled
"Security - SIGABRT during GET request handling with url-path-2f-decode enabled"
'-' in char class should be at beginning or end, or escaped with \-
so that it does not signify a char range in the char class
(In the prior regex, the misuse permitted matching the comma char,
which while mostly harmless, was not what was intended)
"incorrect behaviour of create-mime.assign.pl"