diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 114 |
1 files changed, 113 insertions, 1 deletions
@@ -3,7 +3,119 @@ NEWS ==== -- 1.4.19 - +- 1.4.22 - + * Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533) + * Fix default vhost in mod_simple_vhost (fixes #1905) + * Handle EINTR in mod_rrdtool (fixes #604) + * Fix rrd error after graceful restart (fixes #419) + * Fix EAGAIN handling for freebsd sendfile (fixes #1913, thx AnMaster for spotting the problem) + * Fix segfault in mod_scgi (fixes #1911) + * Treat EPIPE as connection-closed error in network_freebsd_sendfile.c (another fix from #1913) + * Fix useless redirection of stderr in mod_rrdtool, as it gets redirected to /dev/null later. (fixes #1922) + * Fix some problems with more strict compilers (#1923) + * Fix segfault if siginfo_t* is NULL in sigaction handler (fixes #1926) + +- 1.4.21 - 2009-02-16 + + * Fix base64 decoding in mod_auth (#1757, thx guido) + * Fix mod_cgi segfault when bound to unix domain socket (#653) + * Do not rely on ioctl FIONREAD (#673) + * Now really fix mod auth ldap (#1066) + * Fix leaving zombie process with include_shell (#1777) + * Removed debian/, openwrt/ and cygwin/; they weren't kept up-to-date, and we decided to remove dist. specific stuff + * Try to convert string options to shorts for numeric options in config file; allows to use env-vars for numeric options. (#1159, thx andrewb) + * Do not cache default vhost in mod_simple_vhost (#709) + * Trust pcre-config, do not check for pcre manually (#1769) + * Fix fastcgi authorization in subdirectories with check-local=disabled; don't split pathinfo for authorizer. (#963) + * Add possibility to disable methods in mod_compress (#1773) + * Fix duplicate connection keep-alive/transfer-encoding headers (#960) + * Fixed fix for round-robin in mod_proxy (forgot to increment the index) (#1715) + * Fix fastcgi-authorizer handling; Status: 200 is now accepted as the doc requests + * Compare address family in inet_ntop_cache + * Revert CVE-2008-4359 (#1720) fix "encoding+simplifying urls for rewrite/redirect": too many regressions. + * Use FD_CLOEXEC if possible (fixes #1821) + * Optimized buffer usage in mod_proxy (fixes #1850) + * Fix uninitialized value in time struct after strptime + * Do not pass Proxy-Connection: header from client to backend http server in mod_proxy (#1877) + * Fix wrong malloc sizes in mod_accesslog (probably nothing bad happened...) (fixes #1855, thx ycheng) + * Some small buffer.c fixes (closes #1837) + * Remove floating point math from server.c (fixes #1402) + * Disable SSLv2 by default + * Use/enforce sane max-connection values (fixes #1803) + * Allow mod_compress to return 304 (Not Modified); compress ignores the static-file.etags option.(fixes #1884) + * Add option to ignore the "Expect: 100-continue" header instead of returning 417 Expectation failed (closes #1017) + * Use modified etags in mod_compress (fixes #1800) + * Fix max-connection limit handling/100% cpu usage (fixes #1436) + * Fix error handling in freebsd-sendfile (fixes #1813) + * Silenced the annoying "request timed out" warning, enable with the "debug.log-timeouts" option (fixes #1529) + * Allow tabs in header values (fixes #1822) + * Added Language conditional (fixes #1119); patch by petar + * Fix wrong format strings (#1900, thx stepancheg) + +- 1.4.20 - 2008-09-30 + + * Fix mod_compress to compile with old gcc version (#1592) + * Fix mod_extforward to compile with old gcc version (#1591) + * Update documentation for #1587 + * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531) + * Fix mod_magnet: enable "request.method" and "request.protocol" in lighty.env (#1308) + * Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601) + * Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small "memleak" (#1628) + * Don't send empty Server headers (#1620) + * Fix conditional interpretation of core options + * Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: "%%" => "%", "$$" => "$" + * Fix accesslog port (should be port from the connection, not the "server.port") (#1618) + * Fix mod_fastcgi prefix matching: match the prefix always against url, not the absolute filepath (regardless of check-local) + * Overwrite Content-Type header in mod_dirlisting instead of inserting (#1614), patch by Henrik Holst + * Handle EINTR in mod_cgi during write() (#1640) + * Allow all http status codes by default; disable body only for 204,205 and 304; generate error pages for 4xx and 5xx (#1639) + * Fix mod_magnet to set con->mode = p->id if it generates content, so returning 4xx/5xx doesn't append an error page + * Remove lighttpd.spec* from source, fixing all problems with it ;-) + * Do not rely on PATH_MAX (POSIX does not require it) (#580) + * Disable logging to access.log if filename is an empty string + * Implement a clean way to open /dev/null and use it to close stdin/out/err in the needed places (#624) + * merge spawn-fcgi changes from trunk (from @2191) + * let spawn-fcgi propagate exit code from spawned fcgi application + * close connection after redirect in trigger_b4_dl (thx icy) + * close connection in mod_magnet if returned status code + * fix bug with IPv6 in mod_evasive (#1579) + * fix scgi HTTP/1.* status parsing (#1638), found by met@uberstats.com + * [tests] fixed system, use foreground daemons and waitpid + * [tests] removed pidfile from test system + * [tests] fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi) + * fixed typo in mod_accesslog (#1699) + * replaced buffer_{append,copy}_string with the _len variant where possible (#1732) (thx crypt) + * case insensitive match for secdownload md5 token (#1710) + * Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile) (#1687) + * fixed mod_secdownload problem with unsigned time_t (#1688) + * handle EAGAIN and EINTR for freebsd sendfile (#1675) + * Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to /dev/null (#1716) + * fixed round-robin balancing in mod_proxy (#1715) + * fixed EINTR handling for waitpid in mod_fastcgi + * mod_{fast,s}cgi: overwrite environment variables (#1722) + * inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn't (#631) + * fixed url encoding to encode more characters (#266) + * allow digits in [s]cgi env vars (#1712) + * fixed dropping last character of evhost pattern (#161) + * print helpful error message on conditionals in global block (#1550) + * decode url before matching in mod_rewrite (#1720) -- (reverted for 1.4.21) + * fixed conditional patching of ldap filter (#1564) + * Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server) [2281] + * fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" (CVE-2008-4360) + * fixed format string bugs in mod_accesslog for SYSLOG + * replaced fprintf with log_error_write in fastcgi debug + * fixed mem leak in ssi expression parser (#1753), thx Take5k + * hide some ssl errors per default, enable them with debug.log-ssl-noise (#397) + * do not send content-encoding for 304 (#1754), thx yzlai + * fix segfault for stat_cache(fam) calls with relative path (without '/', can be triggered by x-sendfile) (#1750) + * fix splitting of auth-ldap filter + * workaround ldap connection leak if a ldap connection failed (restarting ldap) + * fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie) + * fix memleak in request header parsing (#1774, thx qhy) (CVE-2008-4298) + * fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!) + * use decoded url for matching in mod_redirect (#1720) (CVE-2008-4359) -- (reverted for 1.4.21) + +- 1.4.19 - 2008-03-10 * added support for If-Range: <date> (#1346) * added support for matching $HTTP["scheme"] in configs |