lighttpd 1.4.20 released

数度のプレリリースを経て、lighttpdの最新バージョン1.4.20がリリースされています。

多くのセキュリティ対応や不具合を修正したバージョンとなっているみたいなので、1.4系を利用されている方はバージョンアップを検討したほうが良さそうです。


変更内容も貼り付けておきます。ご参考まで。

  • Fix mod_compress to compile with old gcc version (#1592)
  • Fix mod_extforward to compile with old gcc version (#1591)
  • Update documentation for #1587
  • Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls (CVE-2008-1531)
  • Fix mod_magnet: enable “request.method” and “request.protocol” in lighty.env (#1308)
  • Fix segfault for appending matched parts if there was no regex matching (just give empty strings) (#1601)
  • Use data_response_init in mod_fastcgi x-sendfile handling for response.headers, fix a small “memleak” (#1628)
  • Don’t send empty Server headers (#1620)
  • Fix conditional interpretation of core options
  • Enable escaping of % and $ in redirect/rewrite; only two cases changed their behaviour: “%” => “”, ”$$” => ”$”
  • Fix accesslog port (should be port from the connection, not the “server.port”) (#1618)
  • Fix mod_fastcgi prefix matching: match the prefix always against url, not the absolute filepath (regardless of check-local)
  • Overwrite Content-Type header in mod_dirlisting instead of inserting (#1614), patch by Henrik Holst
  • Handle EINTR in mod_cgi during write() (#1640)
  • Allow all http status codes by default; disable body only for 204,205 and 304; generate error pages for 4xx and 5xx (#1639)
  • Fix mod_magnet to set con->mode = p->id if it generates content, so returning 4xx/5xx doesn’t append an error page
  • Remove lighttpd.spec* from source, fixing all problems with it ;-)
  • Do not rely on PATH_MAX (POSIX does not require it) (#580)
  • Disable logging to access.log if filename is an empty string
  • Implement a clean way to open /dev/null and use it to close stdin/out/err in the needed places (#624)
  • merge spawn-fcgi changes from trunk (from @2191)
  • let spawn-fcgi propagate exit code from spawned fcgi application
  • close connection after redirect in trigger_b4_dl (thx icy)
  • close connection in mod_magnet if returned status code
  • fix bug with IPv6 in mod_evasive (#1579)
  • fix scgi HTTP/1.* status parsing (#1638), found by met@uberstats.com
  • [tests] fixed system, use foreground daemons and waitpid
  • [tests] removed pidfile from test system
  • [tests] fixed tests needing php running (if not running on port 1026, search php in env[PHP] or /usr/bin/php-cgi)
  • fixed typo in mod_accesslog (#1699)
  • replaced buffer_{append,copy}_string with the _len variant where possible (#1732) (thx crypt)
  • case insensitive match for secdownload md5 token (#1710)
  • Handle only HEAD, GET and POST in mod_dirlisting (same as in staticfile) (#1687)
  • fixed mod_secdownload problem with unsigned time_t (#1688)
  • handle EAGAIN and EINTR for freebsd sendfile (#1675)
  • Use filedescriptor 0 for mod_scgi spawn socket, redirect STDERR to /dev/null (#1716)
  • fixed round-robin balancing in mod_proxy (#1715)
  • fixed EINTR handling for waitpid in mod_fastcgi
  • mod_{fast,s}cgi: overwrite environment variables (#1722)
  • inserted many con->mode checks; they should prevent two modules to handle the same request if they shouldn’t (#631)
  • fixed url encoding to encode more characters (#266)
  • allow digits in [s]cgi env vars (#1712)
  • fixed dropping last character of evhost pattern (#161)
  • print helpful error message on conditionals in global block (#1550)
  • decode url before matching in mod_rewrite (#1720)
  • fixed conditional patching of ldap filter (#1564)
  • Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
  • fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by “anders1”
  • fixed format string bugs in mod_accesslog for SYSLOG
  • replaced fprintf with log_error_write in fastcgi debug
  • fixed mem leak in ssi expression parser (#1753), thx Take5k
  • hide some ssl errors per default, enable them with debug.log-ssl-noise (#397)
  • do not send content-encoding for 304 (#1754), thx yzlai
  • fix segfault for stat_cache(fam) calls with relative path (without ’/’, can be triggered by x-sendfile) (#1750)
  • fix splitting of auth-ldap filter
  • workaround ldap connection leak if a ldap connection failed (restarting ldap)
  • fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
  • fix memleak in request header parsing (#1774, thx qhy)
  • fix mod_rewrite memleak/endless loop detection (#1775, thx phy – again!)
  • use decoded url for matching in mod_redirect (#1720)

http://www.lighttpd.net/2008/9/30/1-4-20-Otherwise-the-terrorists-win

参考


Railsデプロイ

Railsデプロイ

  • 作者: Ezra Zygmuntowicz,Bruce A. Tate,Clinton Begin,前田修吾(監訳),橋本将(監訳),小倉正充(監訳),牧野聡
  • 出版社/メーカー: オライリージャパン
  • 発売日: 2009/03/16
  • メディア: 大型本
  • 購入: 25人 クリック: 209回
  • この商品を含むブログ (31件) を見る