LiteSpeed Web Server Release Log

LiteSpeed Web Server is constantly updated with new features and bug fixes.

VersionRelease DateType
Click here for older releases
LSWS 4.2.22 3-17-2015 Feature improvements and bug fixes
  • Improvement: Added option to select default DH Key size to avoid SSL handshake error with older Java clients.
  • Improvement: Apache configuration compatibility with SuexecUserGroup and SSLInsecureRenegotiation directives.
  • Improvement: Avoid parsing bad shtml files that can cause server memory problem.
  • Bug Fix: <DirectoryMatch...> causes PHP suEXEC malfunction.
  • Bug Fix: Slow memory leak in ModSecurity engine.
  • Bug Fix: Crash caused by long variable value in mod_security engine.
  • Other minor improvements and bug fixes.
LSWS 5.0 RC3 3-11-2015 HTTP/2 support, feature improvements, and bug fixes
  • Added HTTP/2 draft 14-17 implementation.
  • ESI engine and LSCache improved to better support partial page caching.
  • Fixed a bug in bandwidth throttling.
  • All improvements and bugs fixed in 4.2.15-4.2.21 releases.
LSWS 4.2.21 1-15-2015 Feature improvement and bug fixes
  • Improved DirectAdmin compatibility — added ability to change user ID inside context of Apache configuration.
  • Fixed bugs in Server Side Include engine.
  • Fixed a bug causing Apache Header directive to not work properly when used inside a directive.
  • Fixed a bug in HTTP authentication using Apache htpasswd generated password hash.
  • Fixed a bug in handling MIME-type strings with upper-case letters.
  • Fixed a bug in AIO logging causing an infinity loop.
  • Fixed a bug in Aho-Corasick string search implementation.
LSWS 4.2.20 12-19-2014 Feature improvement and bug fixes
  • New feature: Automatically redirect to HTTPS if a HTTPS port is accessed as HTTP.
  • Fixed a bug in Apache configuration parsing that disables mod_secuirty engine.
  • Fixed Apache httpd wrapper script bug that causes problem with cPanel 11.46 ModSecurity Tools.
  • Fixed a bug that creates swap directory with wrong permission mask.
  • Fixed a bug that causes trouble for serving cached gzipped content to Facebook Crawler.
LSWS 4.2.19 11-12-2014 Improvements for high I/O wait and bug fixes
  • New features to improve server performance when I/O wait is high: asynchronous logging mode and start external process in asynchronous mode through CGI daemon.
  • Improved ModSecurity engine to allow using variables in depricatevar and expirevar actions.
  • Fixed a bug in HTTPS proxy that causes 503 errors.
  • Fixed a bug that causes GZIP compression not to be used for certain dynamic pages.
  • Fixed a bug in parsing CacheEnable/CacheDisable directives.
LSWS 4.2.18 10-15-2014 Security update and minor improvements and bug fixes
  • Upgraded OpenSSL to 1.0.1j to address vulnerabilities in 1.0.1i.
  • SSLv3 turned off by default for HTTPS virtual hosts.
  • Improved bandwidth logging by combining write() system calls.
  • Improved autoindexing script.
  • Fixed systemd unit description script.
  • Fixed minor bug in ModSecurity engine.
LSWS 4.2.17 10-3-2014 Bug fixes
  • Added more CGI environment variables for SSL Client authentication.
  • Fixed a bug that breaks "Require user user1 user2" Apache directive.
  • Fixed a bug causing 403 error for Server Side Include pages.
  • Fixed a bug causing issues when one user misses a </limit> tag in one .htaccess file.
  • Fixed a bug causing Smart Keep-Alive feature to not work for js files with MIME type application/javascript.
  • Fixed a bug in MP4 random seek.
  • Removed an OpenSSL patch which broke SSL handshake with some clients.
LSWS 4.2.16 9-25-2014 Security patch
  • Addresses Shellshock Bash vulnerability (CVE-2014-6271 and CVE-2014-7169).
LSWS 5.0 RC2 9-23-2014 Virtual host-level bandwidth throttling, improved stability, and bug fixes
  • Added virtual host-level bandwidth throttling.
  • Improved stability of ESI and SPDY implementation
  • Fixed a bug that turns off gzip compression for FireFox when SPDY is in use.
  • All bugs fixed in 4.2.8-4.2.15 releases.
LSWS 4.2.15 9-23-2014 Improved efficiency and bug fixes
  • Improved Apache configuration parsing speed and memory efficiency.
  • Default SSL cipher list has been tuned to score an "A" on online SSL tests.
  • Added suffix 'php6' to available PHP suEXEC suffixes.
  • Fixed a bug in OCSP stapling result verification.
  • Fixed a bug in HTTP range request handling.
  • Minor bug fixes and fine tunings.
LSWS 4.2.14 8-6-2014 Bug fix
  • Improvement: Added support for Apache mod_env and mod_setenvif.
  • Bug fix: Fixed bug causing cPanel account suspension to erroneously apply to accounts partially matching suspended account name.
LSWS 4.2.13 7-28-2014 Feature enhancements and bug fix
  • Improvement: Rewrite engine can add a local proxy target automatically if called for in rewrite rules. Node.js hosting on a local server no longer requires manual set up.
  • Improvement: LiteSpeed-specific LSPHP_MaxWaitQ directive added. Specifies PHP external application wait queue limit. Exceeding this limit triggers a 508 "Resource Limit Has Been Reached" error.
  • Improvement: IndexIgnore directive for directory autoindexing is now supported.
  • Improvement: "SetEnv PHPRC=<path_to_php_runtime_config>" can be used to customize php.ini path in Apache vhost configuration files.
  • Improvement: Fixed issues with mod_userdir caused by cPanel 11.44.
  • Bug Fix: Fixed mod_security bug that caused server crash.
LSWS 4.2.12 6-9-2014 Security update with feature enhancements and bug fixes
  • Security: Updated statically linked OpenSSL library to 1.0.1h to address newly discovered vulnerability in OpenSSL 1.0.1g.
  • Improved LSCache module: Cache storage directory can be set at vhost level.
  • Improved compatibility with Apache configuration when Include directive is used inside a <Files...> or <Location...> context.
  • Improved static file handling in NFS to avoid trouble caused by silly rename.
  • Improved HTTPS proxy with client SNI support.
  • Fixed a bug causing a slow memory leak.
  • Fixed a bug in the ModSecurity engine ipMatchFromFile directive. Comments in IP list configuration file are ignored now.
  • Fixed a bug in tracking children processes in FreeBSD when "start through CGI daemon" is used.
  • Fixed a bug in HTTPS proxy which failed to properly handle HTTP/1.0 style connection close to end a response.
  • Other minor bug fixes based on isolated bug reports.
LSWS 4.2.11 5-13-2014 Bug fixes
  • Fixed a bug with HTTP proxying introduced in 4.2.10 while adding support for HTTPS targets.
  • Fixed a bug with Apache AddType directive introduced in 4.2.10.
  • Fixed a bug with processing of Apache <IfDefine ...> tag.
  • Workaround added for FreeBSD security feature that prevented LSWS server process from checking status of PHP processes when sysctrl security.bsd.see_other_uids was turned off.
LSWS 4.2.10 5-5-2014 Feature enhancements and bug fixes
  • New feature: Added support for HTTPS proxy backend. (cPanel proxy subdomains over HTTPS work.)
  • New feature: Added logic to tolerate missing "-" at the beginning or ending of an SSL certificate and key file.
  • New feature: Added logic to escape special characters in access log following Apache's method.
  • New feature: Added support for <IfDefined> context in Apache httpd.conf.
  • Improved detection of HTTPS request to an HTTP port. Reduces blocking due to "Bad Request".
  • Fixed bug: Running LiteSpeed process could not apply new expiration date for an updated license key.
  • Fixed bug: Apache and LiteSpeed have different values for SERVER_PORT behind an HTTP proxy.
  • Fixed bug: Block Bad Request setting could not be turned off from WebAdmin console.
LSWS 4.2.9 4-8-2014 Critical security patch
  • Security patch to fix OpenSSL Heartbleed bug.
LSWS 4.2.8 3-28-2014 Feature enhancements and minor bug fixes
  • Added IP-based licensing.
  • Added ability to purchase LiteSpeed Cache as an add-on. (Coming soon!)
  • Enhanced "external application no abort" feature to allow uninterrupted PHP script execution during server restarts.
  • Updated default error template.
  • Fixed minor bugs in rewrite engine.
  • Fixed bug: Expires headers could not be added to dynamic response.
LSWS 5.0 RC1 2-18-2014 Major feature enhancements
  • Added SPDY/2, 3, and 3.1 support.
  • Added ESI support.
  • Added WebSocket proxy functionality.
  • Added CPU Affinity setting.
LSWS 4.2.7 1-24-2014 Feature enhancements
  • Allow root owned file in PHP suEXEC mode.
  • Improved mod_security compatibility.
  • Enabled custom php.ini via PP_CUSTOM_PHP_INI environment variable (used in Plesk PHP-FPM Apache configuration).
  • Added support for VH_USER variable in external application environment variable configuration.
  • Apache binary wrapper will remove itself if LSWS is uninstalled.
  • Improved SSI engine.
  • Minor Apache .htaccess compatibility fixes.
LSWS 4.2.6 11-22-2013 Feature enhancement and minor bug fixes
  • Improved handling of resource limits to avoid generating 508 error pages when possible. After resource limits have been reached, requests will instead be re-queued until resources become available.
  • Fixed bug: Failure to detect all IPv6 addresses.
  • Fixed bug: Multiple <Files ...> <FilesMatch ...> directives in different .htaccess files along a path were processed in the wrong order.
  • Fixed bug: Server crash when an .htaccess file has been updated while it is still referenced by a long running request.
  • Fixed bug: suEXEC ProcessGroup mode set at the virtual host level fails to override server level suEXEC Daemon mode.
LSWS 4.2.5 10-30-2013 Major feature enhancements and minor bug fixes
  • Added just in time Apache vhost configuration to improve server startup speed.
  • Major improvements and bug fixes and in mod_security engine: added more transform functions, better variable collection handling, added IP match operators, added MATCHED_VARS support.
  • Added new PHP suEXEC ProcessGroup mode to create per-account process groups using the LiteSpeed-specific Apache-style directives "LSPHP_ProcessGroup" and "LSPHP_Workers". It is PHP selector-compatible and opcode caching friendly.
  • Improved CloundLinux compatibility — return 508 error page when resource limit has been reached.
  • Rack/Rails: added per-application environment configurations for Rack/Rails context to better support RVM gemset setup.
  • Bundled OpenSSL library has been upgraded to 1.0.1e with support for TLSv1.1 & TLSv1.2 ciphers.
  • Automatically detect and skip very large .htaccess file that can stall server processes.
  • Enabled skipping "File Not Found" logging in error log via rewrite environment variable "dontlog".
  • Added support for "Charset" in Content-Type header for autoindex pages.
  • Fixed bug in handling symbolic race condition when "Strict File Ownership" (equivalent to CloudLinux SecureLink) is enabled. (Special thanks to Rack911.)
  • Fixed bug allowing create/overwrite arbitrary file as root user via crafted symbolic link. (Special thanks to Rack911.)
  • Fixed bug in handling IPv6 address used in Apache httpd.conf.
  • Fixed bug in SSI engine causing LAST_MODIFIED variable to use wrong timestamp.
  • Fixed bug in rewrite engine with URL encoding.
LSWS 4.2.4 8-6-2013 Major feature enhancements and minor bug fixes
  • Added Python WSGI support (Apache mod_wsgi equivalent).
  • LSWS will now switch back to Apache automatically when license expires.
  • Added OCSP stapling support for SSL.
  • Added a feature that moves realtime status reports to the RAM disk to avoid blocking lshttpd process in high I/O wait situations.
  • Automatically restart PHP suEXEC daemon if killed or crashed to avoid 503 errors.
  • OpenSSL AESNI hardware acceleration enabled for x86_64-Linux platform.
  • LSAPI STDERR logging is now disabled when STDERR logging is disabled in configuration.
  • Improved Redirect directive processing to make "Redirect 301/..." work in sub-directory .htaccess files.
  • Fixed a bug causing authentication failure when password is blank.
  • Fixed a bug in IPv4 Access Control configuration causing the smaller subnet to overshadow the larger subnet when two subnets overlapped.
  • Fixed a bug in STDERR logging, which may cause interlocking between lscgid and lshttpd worker processes.
  • Fixed a bug causing MIME types such as "text/css; charset=..." to not be gzipped when GZIP is enabled for "text/*".
  • Fixed a bug in SecRuleRemoveById directive.
  • Fixed a bug in ModSec engine when handling collections directives.
  • Fixed a bug in graceful restarting with over 1000 listeners.
  • Fixed a bug causing log rotation not to be disabled when rotating limit is set to 0.
LSWS 4.2.3 5-22-2013 Feature enhancements and minor bug fixes
  • Added setting to hide the LiteSpeed signature in the default error pages.
  • Added ability to use sendfile() to send back dynamic responses.
  • Updated in-GUI settings explanations.
  • Added option (External Application Abort) to stop the server from aborting external application processes even when the client connection has been broken.
  • Added PHP suEXEC daemon ability to kill runaway child processes.
  • Reserved connections for the WebAdmin console to ensure accessibility regardless of the current number of connections.
  • Added CGI daemon ability to log processes killed by signals to stderr.
  • Fixed FileETag directive and rewrite rule incompatibility.
  • Fixed FreeBSD realtime stats error.
  • Updated PHP build utility to support up to PHP 5.3.25 and 5.4.15.
  • Discontinued support for Solaris SPARC.
LSWS 4.2.2 1-30-2013 Feature enhancements and minor bug fixes
  • Added HTTP "PATCH" method support.
  • FileEtag directives have been fully supported.
  • Added "Cache-Control:no-cache, no-store, must-revalidate" response header to 302 response.
  • Improved Ruby Rack/Rails support along with new ruby-lsapi 4.1. "RewindableInput" interface has been natively implemented to maximize Rack performance.
  • LiteSpeed Cache improvement: added max-stale age support, stale cache copy can be served while updating the cache; added "REFRESH" method to serve existing cached copy while updating the cache.
  • Improved mod_security compatibility with gotroot ruleset.
  • Fixed CageFS mount point issue with litespeed.
  • Fixed rewrite variable "%{TIME}" parsing error.
  • Updated PHP build utility to include PHP 5.4.11 and 5.3.21.
LSWS 4.2.1 11-21-2012 Feature enhancements and minor bug fixes
  • PHP suEXEC daemon mode will be auto disabled when different php.ini required via PHPRC or PHPIniDir due to internal limitation of PHP engine.
  • Improved error handling in case of LSWS swap directory out of space.
  • Fixed a bug in SSI encoding.
  • Updated PHP build utility to include PHP 5.4.8 and 5.3.18.
LSWS 4.2 9-10-2012 Major feature enhancements
  • Added support for PHP suEXEC daemon mode to improve performance and memory efficiency (LSAPI 6.0 required).
  • Improved compatibility of Apache mod_security by adding support for variable collections.
  • Improved symbolic link security for shared hosting by introducing LiteSpeed specific directives "DisableSymlinkOverride" and "VhostRestrained".
  • Updated PHP build utility to include PHP 5.4.6 and 5.3.16.
LSWS 4.1.13 6-27-2012 Feature enhancements, security update and minor bug fixes
  • Improved compatibility of Apache mod_rewrite.
  • Improved compatibility of Apache mod_security.
  • Fixed a bug that will bypass URL security check when rewrite rule is triggered.
  • Enforce RC4 cipher to get around SSL BEAST attack.
  • Added a script tool for cache purge.
  • cPanel whm plugin: Added a script to build matching php from command line.
  • Updated openssl to 0.9.8x.
  • Updated PHP build utility to include PHP 5.4.4 and 5.3.14.
LSWS 4.1.12 3-26-2012 Feature enhancements, security update and minor bug fixes
  • Fixed a XSS security issue in Real-time graphs of Web Admin Console.
  • Fixed a bug in .htaccess handling that may cause server crash.
  • Fixed a bug in rewrite rules when handling encoding/decoding url.
  • Added 2 commonly used configurations in cPanel WHM plugin – Configure LiteSpeed.
  • Improved performance and reduced cost of PHP process start-up.
  • Improved compatibility/bug fix of mod_security related to skip-after action handling.
  • Added flag B support in rewrite rules.
  • Added no-cache-domains support in cache configuration.
  • Updated PHP build utility to include PHP 5.4.0.
LSWS 4.1.11 2-22-2012 Feature enhancements and minor bug fixes
  • Added a security feature of “Force Strict Ownership Checking”, similar to “Secure Link” in Cloud Linux.
  • Added version management in cPanel WHM plugin.
  • Fixed a bug that may cause frequent crash when trying to detect Mime-type based on file suffix.
  • Updated openssl to 0.9.8t.
  • Updated PHP build utility to include PHP 5.3.10.
LSWS 4.1.10 1-6-2012 Feature enhancements and minor bug fixes
  • Fixed wordpress garbage output when SuperCache GZIP compression is enabled.
  • Lifted the limit for Max Request Body Size for 64Bit OS.
  • Updated openssl to 0.9.8s.
LSWS 4.1.9 12-17-2011 Feature enhancements and minor bug fixes
  • Fixed a bug that causes random 503 error.
  • Improved mod_security audit logging.
LSWS 4.1.8 11-18-2011 Feature enhancements and minor bug fixes
  • Fixed a bug that causes 100% CPU utilization once connection limit has been reached.
  • Added command line upgrade script admin/misc/ .
  • Added license status information in version managment page of web console
LSWS 4.1.7 10-28-2011 Feature enhancements and minor bug fixes
  • Fixed a bug that may cause 100% CPU utilization randomly.
  • Added a feature to throttle the number of SSL handshakes that can be made by a client. This is anti-DDoS enhancement against SSL negotiation DDoS attack.
LSWS 4.1.6 10-17-2011 Minor bug fixes
  • Fixed bugs that introduced in 4.1.5 release such as 403 error, access log permission issue.
  • Security feature of suphp-like file permission introduced in 4.1.5 has been turned off by default. User can manually turn it on if needed.
LSWS 4.1.5 10-6-2011 Feature enhancements and minor bug fixes
  • Added an option to prevent serving unsafe scripts.
  • Fixed a bug related to userdir URL and suEXEC.
  • Fixed a bug that causes periodic 100% cpu usage by lshttpd.
  • Improved licensing by accessing a second license server if the primary fails.
LSWS 4.1.4 8-22-2013 Minor bug fixes
  • Fixed a bug that cause LSWS crash when cache is enabled.
  • Fixed a bug in SSI engine.
  • PHP 5.3.8 has been added to PHP build utility.
LSWS 4.1.3 8-2-2011 Minor bug fixes
  • Improved IPv6 support when loading Apache httpd.conf.
  • Improved bad request detection to avoid accidentally blocking IP while accessing non-configured HTTPS web site.
  • Fixed a bug that causes problem when uploading a large file.
  • Fixed a bug that causes file descriptor leak when page cache is in use.
  • Fixed a bug in SSI engine.
  • Fixed a bug in tracking HTTPS connections in-use.
  • Fixed bugs in real-time statistics.
LSWS 4.1.2 7-14-2011 Feature enhancements and minor bug fixes
  • Improved cache hash algorithm.
  • Fixed various bugs reported from 4.1.1 release.
LSWS 4.1.1 5-20-2011 Feature enhancements and minor bug fixes
  • Added private cache support.
  • Display cache related statistics in real-time status report.
  • Fixed various bugs reported from 4.1 release.
LSWS 4.1 4-13-2011 Major feature enhancements
  • Added support for AIO (Asynchronized disk I/O) to greatly improve performance for servers with heavy Disk I/O.
  • Added support for HTTPS SNI (Server Name Indication), allowing multiple secured sites sharing one IP.
  • Added support for mod_security 2.5 rule sets.
  • Added connection level detailed status in real-time status page of web admin console.
  • Compatible with upload progress bar.
  • Added support for H.264 streaming.
  • Reduced memory usage when thousands of virtual hosts configured through Apache httpd.conf.
  • All bug fixes in 4.0.x branch have been included.