Lighttpd 1.4.53 已发布。Lighttpd 是一个开源 Web 服务器软件,旨在提供一个专门针对高性能网站,安全、快速、兼容性好并且灵活的 Web Server 环境。具有非常低的内存开销,CPU 占用率低,效能好,以及丰富的模块等特点。
重要更新
支持 TLS-ALPN-01,systemd socket activation,bug 修复
未来预期变化 (Q1 2019)
2019 年第一季度开始,lighttpd 默认对 HTTP 请求进行有限的 URL 规范化。
从 lighttpd 1.4.50 开始,这个 URL 规范就可用于 server.http-parseopts <https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetAIls>。除非已经对 lighttpd 配置做了明确设置,lighttpd 默认配置是 server.http-parseopts = (“url-normalize-unreserved” => “enable”, “url-path-2f-decode” => “enable”) 。默认开启 URL 规范会为 mod_redirect 和 mod_rewrite 带来更一致的行为,而这些行为会与(url 编码的) URL 请求更加匹配。然而,出于对一致性需要的默认情况下解码 %2F,对那些在 url-path 中解码 URLs、并且依赖 “/” 作为分隔符的用户,可能是个重大变化。对于这部分用户,可以在 lighttpd 配置中明确设置 “url-path-2f-decode” => “disable”。
https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
server.http-parseopts 推荐设置如下:
server.http-parseopts = ( "header-strict" => "enable", "host-strict" => "enable", "host-normalize" => "enable", "url-normalize" => "enable", "url-normalize-unreserved" => "enable", "url-normalize-required" => "enable", "url-ctrls-reject" => "enable", "url-path-2f-decode" => "enable", "url-path-dotseg-remove" => "enable", "url-query-20-plus" => "enable" )
下载地址
lighttpd-1.4.53.tar.gz (GPG signature)
SHA256: 423b3951f212e3a30511eb86f4662a1848c6e857074289ff23fc310eef520266
lighttpd-1.4.53.tar.xz (GPG signature)
SHA256: 3bdfce1cf3e9650a556a8c26fb15342c5717c63f530c54693db632b0371dcb78
自 1.4.52 以来的更改
[mod_cml,mod_flv_streaming] fix NULL ptr deref
[mod_simple_vhost] t/test_mod_simple_vhost
[mod_evhost] split uri handler func for testing
[mod_evhost] restructure for unit tests
[mod_evhost] t/test_mod_evhost
[mod_access] restructure for unit tests
[mod_access] t/test_mod_access
[tests] include first.h and NDEBUG early
[core] use kill_signal for gw_proc_kill()
[tests] t/test_keyvalue
[tests] some test config cleanup
[tests] update skip count in mod-fastcgi.t
[multiple] reduce initial buffer sz if large POST (fixes #2922)
[mod_fastcgi] fix NULL ptr deref from bugfix #2922 (fixes #2923)
[tests] more test config cleanup
[core] perf: incremental hash of pathname w/o copy
[core] perf: reuse buffer to redirect to directory
[core] do not free() reused buffer
[core] use connected sock port in dir redirect
[core] http_response_buffer_append_authority()
[core] use con→server_name for dir redir
[core] memeq compare rounded to 64, not next 1M
[core] define MD5_DIGEST_LENGTH 16
[mod_auth] permit additional auth backends to load
[core] send Connection: close if reqbody not read (fixes #2924)
[core] cache rev DNS for localhost for dir redir
[doc/conf] resolve some mime type conflicts from debian buster, regenerate mime.conf
[core] move winsock init to network_init()
[core] move /dev/stdin graceful restart handling
[core] network_srv_sockets_append() shared code
[core] systemd socket activation support
[build] autotools: try MySQLclient.pc and mariadb.pc (fixes #2925)
[mod_expire] look up expire fallback "" explicitly
[multiple] calloc match ptr type (clang —analyze)
[multiple] quiet clang —analyze where trivial
[mod_webdav] compare COPY, MOVE Destination scheme
[core] con→uri.scheme is maintained lowercase
[mod_openssl] ALPN and acme-tls/1 (fixes #2931)
[core] Fix recursive include_shell invocations
[mod_openssl] ssl.privkey directive (optional)