==== NEWS ==== - 1.4.15 - 2007-04-13 * fixed broken Set-Cookie headers - 1.4.14 - 2007-04-13 * fix crash if gethostbyaddr() failed on redirect [1718] * properly handle 206 responses generated by *cgi scripts. (#755) [1716] * added HTTPS=on to the environment of cgi scripts (#861) [1684] * fix handling of 303 (#1045) [1678] * made the configure check for lua more portable [1677] * added mod_extforward module [1665] * references to the fam stat cache engine should be conditional (#1039) [1664] * fix http 500 errors (colin.stephen/at/o2.com) #1041 [1663] * prevent wrong pidfile unlinking on graceful restart (Chris Webb) [1656] * ignore empty packets from STDERR stream. #998 * fix a crash for files with an mtime of 0 reported by cubiq on irc [1519] CVE-2007-1870 * allow empty passwords with ldap (Jörg Sonnenberger) [1516] * mod_scgi.c segfault fix #964 [1501] * Added round-robin support to mod_fastcgi [1500] * Handle DragonFlyBSD the same way as Freebsd (Jörg Sonnenberger) [1492,1676] * added now and weeks support to mod_expire. #943 * fix cpu hog in certain requests [1473] CVE-2007-1869 * fix for handling hostnames with trailing dot [1406] * fixed header-injection via server.tag (#1106) * disabled caching of files without a content-type to solve the aggressive caching of FF * remove trailing white-spaces from HTTP-requests before parsing (#1098) * fixed accesslog.use-syslog in a conditional and the caching of the accesslog for files (fixes #1064) * fixed various crashes at startup on broken accesslog.format strings (#1000) * fixed handling of %% in accesslog.format * fixed conditional dir-listing.exclude (#930) * reduced default PATH_MAX to 255 (#826) * ECONNABORTED is not known on cygwin (#863) * fixed crash on url.redirect and url.rewrite if %0 is used in a global context (#800) * fixed possible crash in debug-message in mod_extforward * fixed compilation of mod_extforward on glibc < 2.3.4 * fixed include of empty in the configfiles (#1076) * send SIGUSR1 to fastcgi children before SIGTERM. libfcgi wants SIGUSR1. (#737) * fixed missing AUTH_TYPE entry in the fastcgi environment. (#889) * fixed compilation in network_writev.c on MacOS X 10.3.9 (#903) * added kill-signal as another setting for fastcgi backends. See the wiki for more. - 1.4.13 - 2006-10-09 * added initgroups in spawn-fcgi (#871) * added apr1 support htpasswd in mod-auth (#870) * added lighty.stat() to mod_magnet * fixed segfault in splitted CRLF CRLF sequences (introduced in 1.4.12) (#876) * fixed compilation of LOCK support in mod-webdav * fixed fragments in request-URLs (#869) * fixed pkg-config check for lua5.1 on debian * fixed Content-Length = 0 on HEAD requests without a known Content-Length (#119) * fixed mkdir() forcing 0700 (#884) * fixed writev() on FreeBSD 4.x and older (#875) * removed warning about a 404-error-handler returned 404 * backported and fixed the buildsystem changes for webdav locks * fixed plugin loading so we can finally load lua extensions in mod_magnet scripts * fixed large uploads if xattr is enabled - 1.4.12 - 2006-09-23 * added experimental LOCK support for webdav * added Content-Range support for PUT in webdav * added support for += on empty arrays in config-files * added ssl.cipher-list and ssl.use-sslv2 * added $HTTP["querystring"] conditional * added mod_magnet as long-term replacement for mod_cml * added work-around for a Opera Bug with SSL + Chunked-Encoding * changed --print-config to print to stdout instead of stderr * changed no longer use 0600 for new files with webdav. umask is honored. Make sure you have set a proper umask. * fixed upload hangs with SSL * fixed connection drops with SSL (aka bad retry) * fixed path traversal with \ on cygwin * fixed mem-leak in mod_flv_streaming * fixed required trailing newline in configfiles (#142) * fixed quoting the autoconf files (#466) * fixed empty Host: + $HTTP["host"] handling (#458) * fixed handling of If-Modified-Since if ETag is not set * fixed default-shell if SHELL is not set (#441) * fixed appending and assigning of env.* vars * fixed empty FCGI_STDERR packets * fixed conditional server.allow-http-11 * fixed handling of follow-symlink + lstat() * fixed SIGHUP handling if max-workers is used * fixed "Software caused connection abort" messages on FreeBSD - 1.4.11 - 2006-03-09 * added ability to specify which ip address spawn-fci listens on (agkr/at/pobox.com) * added mod_flv_streaming to streaming Flash Movies efficiently * fixed handling of error codes returned by mod_dav_svn behing a mod_proxy * fixed error-messages in mod_auth and mod_fastcgi * fixed re-enabling overloaded local fastcgi backends * fixed handling of deleted files in linux-sendfile * fixed compilation on BSD and MacOSX * fixed $SERVER["socket"] on a already bound socket * fixed local source retrieval on windows (secunia) * fixed hanging cgi if remote side is dieing while reading from the pipe (sandy/at/meebo.com) - 1.4.10 - 2006-02-08 * added docs for mod_dirlisting * added fastcgi.map-extensions to mod_fastcgi * fixed load balancing for mod_fastcgi * fixed extra newline for syslog() in mod_accesslog * fixed user-track cookie for IE in mod_usertrack * fixed crash in digest handling in mod_auth * fixed handling of 301 response-bodies from a mod_proxy backend * fixed loading of base modules if server.modules is not set * fixed broken cgi if mod_scgi is loaded - 1.4.9 - 2006-01-14 * added server.core-files option (sandy ) * added docs for mod_status * added mod_evasive to limit the number of connections by IP () * added the power-magnet to mod_cml * added internal statistics to mod_fastcgi * added server.statistics-url to get internal statistics from mod_status * added support for conditional range-requests through If-Range * added static building via scons * fixed 100% cpu loops in mod_cgi ("sandy" ) * fixed handling for secure-download.timeout (jamis/at/37signals.com) * fixed IE bug in content-charset in the output of mod_dirlisting (sniper/at/php.net) * fixed typos and language in the docs (ryan-2005/at/ryandesign.com) * fixed assertion in mod_cgi on HEAD request is Content-Length () * fixed handling if equal but duplicate If-Modified-Since request headers * fixed endless loops in mod_fastcgi if backend is dead * fixed Depth: 1 handling in PROPFIND requests on empty dirs * fixed encoding of UTF8 encoded dirlistings (Jani Taskinen ) * fixed initial bind to a unix-domain socket through server.bind * fixed handling of lowercase filesystems * fixed duplicate request headers cause by mod_setenv - 1.4.8 - 2005-11-23 * added auto-reconnect to ldap-server in mod_auth (joerg/at/netbsd.org) * changed auth.ldap-cafile to be optional (joerg/at/netbsd.org) * added strip_request_uri in mod_fastcgi * added more X-* headers to mod_proxy (Ben Grimm ) * added 'debug' to simple-vhost to suppress the (mod_simple_vhost.c.157) No such file or directory /servers/ww.lighttpd.net/pages/ messages by default * added support to let the server listen on UNIX-socket * changed default stat-cache-engine to 'simple' * removed debian/ dir from source package on request by packager * fixed max-age timestamps in mod_expire * fixed encoding the filenames in PROPFIND in mod_webdav * fixed range request handling in network_writev * fixed retry on connect error in mod_fastcgi (Robert G. Jakabosky ) * fixed possible crash in mod_webdav if sqlite3 support is available but not use * fixed fdvent-handler init if server.max-worker was used (Siddharth Vijayakrishnan ) * fixed missing cleanup in mysql_vhost * fixed assert() in "connections.c:962: connection_handle_read_state: Assertion 'c->mem->used' failed." * fixed 64bit issue in md5 * fixed crash in mod_status * fixed duplicate headers in mod_proxy * fixed Content-Length in HEAD request in mod_proxy * fixed unsigned/signed comparisions * fixed streaming in mod_cgi * fixed possible overflow in password-salt handling (reported on slashdot by james-web/at/and.org) * fixed server-traffic-limit if connection limit is not set - 1.4.7 - 2005-11-02 * added FD_CLOEXEC to fds which are kept open for a longer time * added smaller, moving mmaped windows to network_writev * added madvise() to instruct the kernel the do proper read-ahead in network_writev * added support for %I in mod_accesslog * added better compat to Apache for ?auto in mod_status * added support for userdirs without a entry in /etc/passwd in mod_userdir (rob/at/inversepath.com) * added startup-time selectable network-backend * added location of upload-files to config as array * added webdav.log-xml for logging xml-content in mod_webdav * added Cache-Control: max-age to mod_expire * workaround missing client-bug by assuming we received a close-notify on non-keep-alive requests in SSL request * disabled kerberos5 support by default to fix compilation on RHEL * fixed order of library checks to fix compilation on Solaris 9 * fixed open file-descriptors on read-error * fixed crash if /var/tmp is not writable - 1.4.6 - 2005-10-09 * fixed compilation on MacOS X and cygwin * fixed compressed output if caching was disabled (seen in IE and Opera) * fixed range-request option * fixed mysql-vhost module (was broken in 1.4.5) * fixed false positive in the detection of case-insensitive FS - 1.4.5 - 2005-10-02 * added all DeltaV methods as known methods * added buffer-to-disk of request content * added warning for unused variables in conditionals * added global index-generators to mod_indexfile * fixed caching for remote-ip conditionals with keep-alive * fixed redirects with content * fixed infinite loop in exec-cmd in mod_ssi * fixed segfault in config handling for mod_mysql_vhost * fixed segfault on FIFOs/Sockets * fixed possible crash on uninit memory if If-Modified-Since was too long * fixed accounting of mem-chunks * fixed starving of connections on high load * fixed crc errors in mod_compress on 64bit platforms * fixed handling of overlapping fastcgi packets (bug added in 1.4.4) * fixed logic of conditionals if a header was not set * fixed a segfault in mod_rewrite if %1 references were used * fixed handling of empty request URIs in HTTP requests - 1.4.4 - 2005-09-16 * added support for %V in mod_accesslog * added a option for a FastCGI responser to send static files * added md5 and blowfish hashes to htpasswd * fixed METHOD in mod_accesslog of WebDAV methods * fixed check for permission before files in sent * fixed mod-proxy and content for non-POST requests * fixed compilation of mod_cml on MacOS X * fixed SSL errmsg after accept() * fixed memleak in stat-cache * fixed aborted connections if file was moved while in transfer * fixed mem-usage for large FastCGI transfers - 1.4.3 - 2005-09-01 * added gracefull shutdown * added server.max-connections * fixed compilation on all BSD platforms * fixed init of kqueue and /dev/poll after daemonize * fixed segfault if select() is event-handler and more than FD_SETSIZE fds are opened * fixed compilation of mod_cml * fixed bin-copy-env in mod_fastcgi - 1.4.2 - 2005-08-29 * fixed mimetype detection on uppercase extensions * fixed memleak in stat-cache * fixed infinite loop in mod_cgi * fixed alignment crashes on sparc64 and alpha64 * fixed test system for gentoo ebuild * fixed infinite loop in SSL * fixed range request for files > 2Gb - 1.4.1 - 2005-08-22 * added a complete Class 1 complient mod_webdav * fixed ssl support (especially on OpenBSD) * fixed response header in body problem in mod_cgi * fixed numbers before body problem * fixed compilation on Solaris and FreeBSD * fixed conditional options in mod_dirlisting * fixed segfault in mod_dirlisting for NFS directories * fixed check for docroot in change-root environments - 1.4.0 - 2005-08-17 * added nested conditionals * added remote-ip to $HTTP * added support for stat-cache via FAM * added a read-only WebDAV module * fixed cleanup in mod_proxy and mod_fastcgi * fixed handling of filenames on case-insensitive filesystems - 1.3.16 - 2005-07-31 * added Date: headers to dynamic HTTP/1.0 requests * added support for OPTION * HTTP/1.1 * added support for accesslog to syslog * added support for PATH_INFO guessing if check-local is disabled in mod_fastcgi * added switch to disable range-requests * added valid-user option for mod_auth (tigger at gentoo.org) * added JavaScript based sorting to mod_status (erik) * added selective TCP_CORK (Christian von Roques) * break up endless loops with Status: 500 * fixed endless loops in mod_rewrite * mapped url.rewrite and url.rewrite-final to uri.rewrite-once * fixed compilation for mod_trigger_b4_dl * fixed 'can't reach host' in mod_proxy * error-handler-404 defaults to Status: 200 and static files work now - 1.3.15 - 2005-07-15 * added mod_cml * added mod_trigger_b4_dl * added encoding to mod_dirlisting * added ?auto to mod_status * relaxed handling of characters in URIs even more * fixed detection of sendfile() on Linux 2.4.x * fixed comparision of buffers for short strings * server.errorfile-prefix is now conditional * fixed mod_rrdtool to close STDERR - 1.3.14 - 2005-06-15 * added SCGI support via mod_scgi * added hash-based and round-robin load balancing to mod_proxy * fixed range requests larger than 2Gb * fixed compilation on Solaris * fixed endless loops in mod_fastcgi, mod_cgi and mod_proxy * fixed handling of URIs for '+' and characters > 127 - 1.3.13 - 2005-03-06 * added customizable directory listings * fixed compile error on all BSD unixes * fixed PATHINFO handling for FastCGI * fixed handling of remote-close on FreeBSD and OpenSSL - 1.3.12 - 2005-03-02 * added ssl.ca-file * added support for \n\n as terminator * rewrote test-framework and added more tests * fixed cgi.assign with empty handler * fixed segfault in debug-code * fixed mod_expire if modification-timestamps are used * fixed segfault on duplication Host-headers * fixed endless loop in mod_fastcgi * fixed handling of dead fastcgi-processes - 1.3.11 - 2005-02-20 * added REMOTE_PORT and SERVER_ADDR to CGI-env * relaxed handling of newlines before keep-alive requests * relaxed uri-parser again * fixed PHP_SELF for php * fixed compilation on MacOS X * fixed handling of EPIPE and ECONNRESET * fixed crash in mod_auth if config-options are missing * fixed handling of missing trailing / in mod_userdir * fixed conditional secdownload.secret * fixed REPORT ME error due to failed reconnects in mod_fastcgi * fixed cmdline handling in mod_fastcgi - 1.3.10 - 2005-02-06 * added support for full commandline in spawn-fcgi * fixed missing check for IP-address in mod_fastcgi * fixed compile error with openssl in mod_fastcgi * removed a debug-message from network-functions - 1.3.9 - 2005-02-06 * added a stricter URI parser * added a check to the CGI spawner if the cgi-handler exists * added documentation for SSL and mod_status * added handling of startup environment to FastCGI * improved performance in FastCGI in buildind the FastCGI header * fixed min-procs and max-procs in FastCGI on PowerPC * fixed crash in setenv.add-response-header * fixed handling of nph-scripts in CGI * fixed accidently sending out physical file in CGI on error * fixed cygwin support * fixed handling of missing files * fixed HEAD requests for dynamic requests - 1.3.8 - 2005-01-30 * added traffic shaping by remote host and virtual server * added auto-spawning of FastCGI process on demand * added virtual host based on MySQL * added mod_setenv to add envirnoment and http headers on the fly * added support for syslog in mod_accesslog * improved output of mod_status * improved debug output in request handling * fixed build problems on netbsd 1.4.x and 1.5.x * fixed status.url configuration * fixed handling of != and !~ in configutation * fixed special cases in keep-alive handling * fixed timeout handling in handling POST requests * fixed mode AUTHORIZER in FastCGI * fixed handling if internal redirects if no Host: is supplied * fixed mod_alias + pathinfo * fixed directory indexes and permissions * enabled sending errorlog to syslog again - 1.3.7 - 2004-12-11 * added retries for a fastcgi connect if a php-childs dies at startup * update the debian directory * added setgroups() to drop all group-privs * added native port to windows via mingw32 * added server.tag = '...' * added support for ${...} in mod_ssi * ported all plugins to conditional support * fixed multipart handling in cgi * fixed kqueue event-handler * fixed wrap-around in mod_status * fixed crash with SSL + FastCGI * fixed detection of SSL headers * fixed handling of dangling SSL_shutdown * fixed detection of keep-alive of Firefox - 1.3.6 - 2004-11-03 * added spawn-fcgi to the distribution * added support in fastcgi module to spawn fastcgi processes itself * fixed logfile cycling if external logging is used * fixed connection handling in fastcgi if no chunk encoding is used * fixed internal redirects on directories if a query string is supplied * fixed cgi-module for POST request above 4k * fixed mod_alias and follow-symlink - 1.3.5 - 2004-10-31 * added mod_alias * added mod_userdir * added the exec command to the SSI handler * added a switch to disable follow-symlinks * added a switch to disable IPv6 at compile-time * fixed compilation on FreeBSD and NetBSD 1.3.x * fixed segfault in pipelining * fixed a segfault in writev() handler if LFS is used - 1.3.4 - 2004-10-24 * added limiter for open files * added logging of user supplied data to accesslogs * added build target for OpenWRT * added plain backend support for auth-digest * fixed handling the external accesslog processes * fixed SERVER_NAME in CGI and FastCGI - 1.3.3 - 2004-10-16 * added support for NL terminators in CGI-scripts * added support for conditionals in mod_auth, mod_simple_vhost and mod_evhost * added a error-handler for 404 codes * fixed request counter in the rrdtool module * fixed log-file cycling * fixed seg-fault - 1.3.2 - 2004-09-30 * fixed file-cache - 1.3.1 - 2004-09-30 * fixed file-cache * fixed parsing of IPv6 adresses * fixed cgi for cygwin * fixed test-suite for FreeBSD and IRIX * fixed handling of shrinked files * fixed handling of REQUEST_URI after rewrite - 1.3.0 - 2004-09-17 * added build for MacOS X and Cygwin * added handling of more than one socket * added config-conditions for User-Agent and Referer * added final rewrite-rules - 1.2.8 - 2004-09-11 * added a cache for mimetypes * added X-Forwarded-For for mod_proxy * fixed handling of comments in If-Modified-Since * fixed error handling in FastCGI code * fixed expire plugin for second Expire header - 1.2.7 - 2004-09-04 * added mod_rrdtool for internal statistics * added xattr support * added user-controlable timeouts * improved documentation for many plugins * fixed POST requests for mod_proxy * fixed rare hang with CGI * fixed seg-fault if no configfile is specified * fixed rare problem in FastCGI header generation - 1.2.6 - 2004-08-26 * added apache-like accesslog definition * enabled timestamp cache again * improved performance in the string compare functions * fixed double-free in fastcgi handler * fixed error-handling in cgi handler - 1.2.5 - 2004-08-10 * added skeleton for solaris 10 port-API * added compression support even if no cachedir is set * added conditional configoptions * fixed compilation on OpenBSD * fixed kqueue support * fixed pipelining bug * fixed parallel build (triggered by Gentoo) * updated debian postinst - 1.2.4 - 2004-07-31 * added kqueue support * added server-side includes (mod_ssi) * fixed large post uploads in fastcgi * fixed rt-signals handling of delayed events - 1.2.3 - 2004-07-10 * added a proxy module for Java and friends * added support to pass accesslog through an external programm * added mimetypes for text/css and text/javascript * fixed index-files for FastCGI if webserver is in chroot * fixed error messages of CGI process fails to exec() * fixed detection of pcre on IRIX and FreeBSD * fixed timestamps in Last-Modified checks * fixed 64bit builds * fixed mmap-caching of large files * relaxed the HTTP parser on empty headerfields - 1.2.2 - 2004-06-15 * added support for unix domain sockets in FastCGI * fixed mmap caching * fixed compile-time check for linux sendfile() * fixed check for pcre.h on Fedora Core 2 - 1.2.1 - 2004-05-30 * added experimental support for AIX send_file() * added an mmap cache to the filehandle cache * enabled FreeBSD sendfile support again * added support for calling CGI binaries directly * fixed pipelining for POST requests * fixed some seg-faults if no configfile is used - 1.2.0 - 2004-05-17 * added conforming Expect: handling * added a module for secure and fast downloading * rewrote the event handling interface * fixed array handling which might lead to 'missing header' * fixed pipelining support * fixed build of the localizer extension * fixed cgi handling for headers which are flushed to often * fixed compilation on Solaris 2.5 - 1.1.9 - 2004-04-29 * added AUTHORIZER mode to the FastCGI module * added 'check-local' option to disable local stat() in the FastCGI module * added prefix-notation for FastCGI module * added 'mod_usertrack' * improved CGI/FastCGI spec conformance * more code cleanup * fixed HTTP/1.1 chunk headers * fixed POST handling * fixed SSL network handler * fixed writev() network handler - 1.1.8 - 2004-04-16 * code cleanup * limiting the size of the request-body and the request-header * minor speed improvements * tightend the HTTP-Parser again - 1.1.7 - 2004-04-12 * added REMOTE_USER to the Server->FastCGI parameters * added bzip2 compression * improved the error-messages from the new configfile parser * fixed accesslog writing for errornous requests * fixed LFS (64bit filesizes) handling * fixed Content-Length for HEAD requests * fixed some memory leaks in the configfile parser - 1.1.6 - 2004-04-10 * tightend the HTTP-Parser * rewrote the configfile parser (based on lemon) * fixed openssl support * fixed mmap+write support * use localtime in accesslog if possible - 1.1.5 - 2004-04-07 * added ldap backend to the auth * added a mod_expire * added debian packaging structure * merged redhat and suse spec-file * fixed eventhandler for solaris * fixed 64bit fileoffsets * fixed permissions of the PID-file - 1.1.4 - 2004-04-04 * added server.pid-file * added support for solaris /dev/poll and solaris sendfilev() * added support for writev() * added PATHINFO support (again) * fixed CLF logfile writing - 1.1.3 - 2004-03-25 * set default event-handler to 'poll' * fixed logcycling in chroot() * fixed hostname detection * added syslog() as fallback for error-logging - 1.1.2 - 2004-03-22 * added a "docroot" setting for fastcgi processes * performance improvements * improved configure script * rewrote the fastcgi config parser * added a rc-script for RedHat * added epoll() support for Linux 2.6.x - 1.1.1 - 2004-03-15 * added localizer module * performance improvements * code cleanup - 1.1.0 - 2004-03-06 * changed some configuration keys for better readability * moved the virtual-host code to mod_simple_vhost * added enhanced virtual host plugin from Christian Kruse * added two new auth-backends (htpasswd, htdigest) * fixed and improved authentification * stricter parsing of the Host: field * added a warning for unused configuration keys * improved FastCGI documentation - 1.0.3 - 2004-02-13 * a startup script has been added (LSB compliant) * HEAD requests were submitting the content like a GET request * the virtual directory listing got a face-lifting and fixes * request-headers are now handled case-in-sensitive as required by the standard. this fixes POST requests for w3m and some Proxies. - 1.0.2 - 2004-02-07 * rearrangement of the default configfile * some updates in the documentation * a entry in the error-log for a 404 * stdout is no longer the default for the accesslog