LiteSpeed Web Server Release Log

LiteSpeed Web Server is constantly updated with new features and bug fixes.

Click here for older releases
LSWS 5.0.8 11-12-2015 Feature enhancements and bug fixes
  • Improved Apache configuration parser with faster parsing speed and lowered memory usage.
  • Added CHACHA SSL cipher support.
  • Fixed vhost level chroot feature.
  • Fixed missing Etag header in 304 response.
  • Minor bug fixes in mod_security engine.
LSWS 5.1RC2 11-10-2015 Feature enhancements and bug fixes
  • Added SSL OCSP Stapling support through Apache httpd.conf.
  • Added shared SSL Session Cache and SSL Ticket synchronization.
  • Added Multi-Certificate support for using RSA, DSA, and ECC certificates simultaneously for the same domain.
  • Bug fixes and improvements to mod_security engine.
LSWS 5.1RC1 10-13-2015 Major feature enhancements
  • Completely reworked request processing flow to allow pausing/resuming at different stages.
  • Updated ModSecurity engine with support for @rbl and @inspectfile operators.
LSWS 5.0.7 10-6-2015 Feature improvements and bug fixes
  • Improved LSCache to allow adding cache-vary values with a rewrite rule.
  • Improved ESI subrequest implementation.
  • Added SIGBUS handler for SIGBUS being triggered during the saving of a response body to cache (running out of disk space).
  • Fixed bug in Litemage ESI implementation that prevented cache-vary on cookie from working properly.
  • Fixed bug in modsecurity engine that broke the @contains operator.
LSWS 5.0.6 9-23-2015 Feature improvements and bug fixes
  • HTTP/2 implementation improved to be more strictly compliant with RFC 7540.
  • "DisablePhpOverride", an Apache configuration directive, added to turn off PHP configuration override in .htaccess.
  • Max size of page cache objects increased to 10MB.
  • Minor bug fixes.
LSWS 5.0.5 8-17-2015 Feature improvements and bug fixes
  • Enhancement: Reduced usage of file backed MMAP I/O for buffering large request and response bodies.
  • Enhancement: Added support for alternative ESI syntax as a work around for issues in LiteMage.
  • Fixed a bug that introduced unnecessary disk I/O synchronization when saving large response bodies to page cache.
  • Fixed a bug causing performance issues during a graceful restart.
  • Fixed two bugs in the Server Side Includes engine, one causing missing included content, and the other causing failure to execute CGI.
  • Other minor bug fixes.
LSWS 5.0.4 8-5-2015 Feature improvements and bug fixes
  • Added Cache Purge-by-URL through a special response header.
  • Improved ModSecurity engine to have clear separation of rules belonging to different processing phases. Added support for "GEO:XXXX" collection.
  • Improved Page Cache engine to correctly process and cache ESI injected AJAX responses. (used by LiteMage)
  • Fixed bug in Server Side Includes engine that did not set original "QUERY_STRING" environment for the "exec cgi" directive.
  • Fixed Max dynamic response body size limit, was previously ignored causing a server crash when running out of memory.
  • Changed initial max size limit of .htaccess from 10MB to 2MB to avoid blockage when processing large .htaccess files.
LSWS 5.0.3 7-22-2015 Feature improvements and bug fixes
  • Improved Client IP address updating for CloudFlare proxied requests. Now using "CF-Connecting-IP" header instead of "X-Forwarded-For".
  • Improved LiteMage Cache with automatic cache root directory clean up.
  • Fixed a regression in rewrite engine that broke some existing rewrite rules when upgrading from LSWS 4.2.x.
  • Fixed bug in processing Apache httpd configuration that prevented context defined at server level from being effective for virtual hosts.
  • Fixed bug in HTTP Range request processing.
  • Added a SIGBUS signal handler to catch and fail affected requests gracefully.
LSWS 5.0.2 7-9-2015 Feature improvements and bug fixes
  • Updated OpenSSL to 1.0.2d to address (CVE-2015-1793).
  • Improved HTTP/2 implemenation.
  • Improved mod_security engine to work better with OWASP core rule set.
  • Improved compatibility with Plesk 12 control panel.
  • Fixed a bug in Rewrite engine that may trigger 503 errors by cPanel autoconfig/autodiscover feature.
LSWS 4.2.24 7-9-2015 Feature improvements and bug fixes
  • Updated OpenSSL to 1.0.1p to address (CVE-2015-1793).
  • Improved mod_security engine to work better with OWASP core rule set.
  • Improved compatibility with Plesk 12 control panel.
  • Fixed a bug in Rewrite engine that may trigger 503 errors by cPanel autoconfig/autodiscover feature.
LSWS 5.0.1 6-26-2015 Feature improvements and bug fixes
  • Added PHP7 support for PHP suEXEC.
  • Updated OpenSSL to 1.0.2c.
  • Fixed various HTTP/2 and SPDY related bugs.
  • Fixed various broken internal features: internal redirect, CloudLinux LVE, cache handler, etc.
  • Fixed a few LiteMage related issues.
LSWS 5.0 4-17-2015 Major feature enhancements
  • HTTP/2 support.
  • SPDY/2, 3, and 3.1 support.
  • ESI and LiteMage Cache support.
  • Virtual host-level bandwidth throttling with mod_bw compatibility.
  • WebSocket proxy functionality.
  • CPU Affinity setting.
  • Extra build numbers added onto version numbers and supported through lsup command.
LSWS 4.2.23 4-17-2015 Feature improvements and bug fixes
  • New Feature: Added support for Apache directive Allow/Deny env=[!]env-variable.
  • Improvement: ModSecurity audit logging can log request body now.
  • Bug Fix: Changes in SSL renegotiation protection broke HTTPS proxy backend.
  • Bug Fix: Autoindex script used wrong encoding for "&" character in directory name.
LSWS 4.2.22 3-17-2015 Feature improvements and bug fixes
  • Improvement: Added option to select default DH Key size to avoid SSL handshake error with older Java clients.
  • Improvement: Apache configuration compatibility with SuexecUserGroup and SSLInsecureRenegotiation directives.
  • Improvement: Avoid parsing bad shtml files that can cause server memory problem.
  • Bug Fix: <DirectoryMatch...> causes PHP suEXEC malfunction.
  • Bug Fix: Slow memory leak in ModSecurity engine.
  • Bug Fix: Crash caused by long variable value in mod_security engine.
  • Other minor improvements and bug fixes.
LSWS 5.0 RC3 3-11-2015 HTTP/2 support, feature improvements, and bug fixes
  • Added HTTP/2 draft 14-17 implementation.
  • ESI engine and LSCache improved to better support partial page caching.
  • Fixed a bug in bandwidth throttling.
  • All improvements and bugs fixed in 4.2.15-4.2.21 releases.
LSWS 4.2.21 1-15-2015 Feature improvement and bug fixes
  • Improved DirectAdmin compatibility — added ability to change user ID inside context of Apache configuration.
  • Fixed bugs in Server Side Include engine.
  • Fixed a bug causing Apache Header directive to not work properly when used inside a directive.
  • Fixed a bug in HTTP authentication using Apache htpasswd generated password hash.
  • Fixed a bug in handling MIME-type strings with upper-case letters.
  • Fixed a bug in AIO logging causing an infinity loop.
  • Fixed a bug in Aho-Corasick string search implementation.
LSWS 4.2.20 12-19-2014 Feature improvement and bug fixes
  • New feature: Automatically redirect to HTTPS if a HTTPS port is accessed as HTTP.
  • Fixed a bug in Apache configuration parsing that disables mod_secuirty engine.
  • Fixed Apache httpd wrapper script bug that causes problem with cPanel 11.46 ModSecurity Tools.
  • Fixed a bug that creates swap directory with wrong permission mask.
  • Fixed a bug that causes trouble for serving cached gzipped content to Facebook Crawler.
LSWS 4.2.19 11-12-2014 Improvements for high I/O wait and bug fixes
  • New features to improve server performance when I/O wait is high: asynchronous logging mode and start external process in asynchronous mode through CGI daemon.
  • Improved ModSecurity engine to allow using variables in depricatevar and expirevar actions.
  • Fixed a bug in HTTPS proxy that causes 503 errors.
  • Fixed a bug that causes GZIP compression not to be used for certain dynamic pages.
  • Fixed a bug in parsing CacheEnable/CacheDisable directives.
LSWS 4.2.18 10-15-2014 Security update and minor improvements and bug fixes
  • Upgraded OpenSSL to 1.0.1j to address vulnerabilities in 1.0.1i.
  • SSLv3 turned off by default for HTTPS virtual hosts.
  • Improved bandwidth logging by combining write() system calls.
  • Improved autoindexing script.
  • Fixed systemd unit description script.
  • Fixed minor bug in ModSecurity engine.
LSWS 4.2.17 10-3-2014 Bug fixes
  • Added more CGI environment variables for SSL Client authentication.
  • Fixed a bug that breaks "Require user user1 user2" Apache directive.
  • Fixed a bug causing 403 error for Server Side Include pages.
  • Fixed a bug causing issues when one user misses a </limit> tag in one .htaccess file.
  • Fixed a bug causing Smart Keep-Alive feature to not work for js files with MIME type application/javascript.
  • Fixed a bug in MP4 random seek.
  • Removed an OpenSSL patch which broke SSL handshake with some clients.
LSWS 4.2.16 9-25-2014 Security patch
  • Addresses Shellshock Bash vulnerability (CVE-2014-6271 and CVE-2014-7169).
LSWS 5.0 RC2 9-23-2014 Virtual host-level bandwidth throttling, improved stability, and bug fixes
  • Added virtual host-level bandwidth throttling.
  • Improved stability of ESI and SPDY implementation
  • Fixed a bug that turns off gzip compression for FireFox when SPDY is in use.
  • All bugs fixed in 4.2.8-4.2.15 releases.
LSWS 4.2.15 9-23-2014 Improved efficiency and bug fixes
  • Improved Apache configuration parsing speed and memory efficiency.
  • Default SSL cipher list has been tuned to score an "A" on online SSL tests.
  • Added suffix 'php6' to available PHP suEXEC suffixes.
  • Fixed a bug in OCSP stapling result verification.
  • Fixed a bug in HTTP range request handling.
  • Minor bug fixes and fine tunings.
LSWS 4.2.14 8-6-2014 Bug fix
  • Improvement: Added support for Apache mod_env and mod_setenvif.
  • Bug fix: Fixed bug causing cPanel account suspension to erroneously apply to accounts partially matching suspended account name.
LSWS 4.2.13 7-28-2014 Feature enhancements and bug fix
  • Improvement: Rewrite engine can add a local proxy target automatically if called for in rewrite rules. Node.js hosting on a local server no longer requires manual set up.
  • Improvement: LiteSpeed-specific LSPHP_MaxWaitQ directive added. Specifies PHP external application wait queue limit. Exceeding this limit triggers a 508 "Resource Limit Has Been Reached" error.
  • Improvement: IndexIgnore directive for directory autoindexing is now supported.
  • Improvement: "SetEnv PHPRC=<path_to_php_runtime_config>" can be used to customize php.ini path in Apache vhost configuration files.
  • Improvement: Fixed issues with mod_userdir caused by cPanel 11.44.
  • Bug Fix: Fixed mod_security bug that caused server crash.
LSWS 4.2.12 6-9-2014 Security update with feature enhancements and bug fixes
  • Security: Updated statically linked OpenSSL library to 1.0.1h to address newly discovered vulnerability in OpenSSL 1.0.1g.
  • Improved LSCache module: Cache storage directory can be set at vhost level.
  • Improved compatibility with Apache configuration when Include directive is used inside a <Files...> or <Location...> context.
  • Improved static file handling in NFS to avoid trouble caused by silly rename.
  • Improved HTTPS proxy with client SNI support.
  • Fixed a bug causing a slow memory leak.
  • Fixed a bug in the ModSecurity engine ipMatchFromFile directive. Comments in IP list configuration file are ignored now.
  • Fixed a bug in tracking children processes in FreeBSD when "start through CGI daemon" is used.
  • Fixed a bug in HTTPS proxy which failed to properly handle HTTP/1.0 style connection close to end a response.
  • Other minor bug fixes based on isolated bug reports.
LSWS 4.2.11 5-13-2014 Bug fixes
  • Fixed a bug with HTTP proxying introduced in 4.2.10 while adding support for HTTPS targets.
  • Fixed a bug with Apache AddType directive introduced in 4.2.10.
  • Fixed a bug with processing of Apache <IfDefine ...> tag.
  • Workaround added for FreeBSD security feature that prevented LSWS server process from checking status of PHP processes when sysctrl security.bsd.see_other_uids was turned off.
LSWS 4.2.10 5-5-2014 Feature enhancements and bug fixes
  • New feature: Added support for HTTPS proxy backend. (cPanel proxy subdomains over HTTPS work.)
  • New feature: Added logic to tolerate missing "-" at the beginning or ending of an SSL certificate and key file.
  • New feature: Added logic to escape special characters in access log following Apache's method.
  • New feature: Added support for <IfDefined> context in Apache httpd.conf.
  • Improved detection of HTTPS request to an HTTP port. Reduces blocking due to "Bad Request".
  • Fixed bug: Running LiteSpeed process could not apply new expiration date for an updated license key.
  • Fixed bug: Apache and LiteSpeed have different values for SERVER_PORT behind an HTTP proxy.
  • Fixed bug: Block Bad Request setting could not be turned off from WebAdmin console.
LSWS 4.2.9 4-8-2014 Critical security patch
  • Security patch to fix OpenSSL Heartbleed bug.
LSWS 4.2.8 3-28-2014 Feature enhancements and minor bug fixes
  • Added IP-based licensing.
  • Added ability to purchase LiteSpeed Cache as an add-on. (Coming soon!)
  • Enhanced "external application no abort" feature to allow uninterrupted PHP script execution during server restarts.
  • Updated default error template.
  • Fixed minor bugs in rewrite engine.
  • Fixed bug: Expires headers could not be added to dynamic response.
LSWS 5.0 RC1 2-18-2014 Major feature enhancements
  • Added SPDY/2, 3, and 3.1 support.
  • Added ESI support.
  • Added WebSocket proxy functionality.
  • Added CPU Affinity setting.
LSWS 4.2.7 1-24-2014 Feature enhancements
  • Allow root owned file in PHP suEXEC mode.
  • Improved mod_security compatibility.
  • Enabled custom php.ini via PP_CUSTOM_PHP_INI environment variable (used in Plesk PHP-FPM Apache configuration).
  • Added support for VH_USER variable in external application environment variable configuration.
  • Apache binary wrapper will remove itself if LSWS is uninstalled.
  • Improved SSI engine.
  • Minor Apache .htaccess compatibility fixes.
LSWS 4.2.6 11-22-2013 Feature enhancement and minor bug fixes
  • Improved handling of resource limits to avoid generating 508 error pages when possible. After resource limits have been reached, requests will instead be re-queued until resources become available.
  • Fixed bug: Failure to detect all IPv6 addresses.
  • Fixed bug: Multiple <Files ...> <FilesMatch ...> directives in different .htaccess files along a path were processed in the wrong order.
  • Fixed bug: Server crash when an .htaccess file has been updated while it is still referenced by a long running request.
  • Fixed bug: suEXEC ProcessGroup mode set at the virtual host level fails to override server level suEXEC Daemon mode.
LSWS 4.2.5 10-30-2013 Major feature enhancements and minor bug fixes
  • Added just in time Apache vhost configuration to improve server startup speed.
  • Major improvements and bug fixes and in mod_security engine: added more transform functions, better variable collection handling, added IP match operators, added MATCHED_VARS support.
  • Added new PHP suEXEC ProcessGroup mode to create per-account process groups using the LiteSpeed-specific Apache-style directives "LSPHP_ProcessGroup" and "LSPHP_Workers". It is PHP selector-compatible and opcode caching friendly.
  • Improved CloundLinux compatibility — return 508 error page when resource limit has been reached.
  • Rack/Rails: added per-application environment configurations for Rack/Rails context to better support RVM gemset setup.
  • Bundled OpenSSL library has been upgraded to 1.0.1e with support for TLSv1.1 & TLSv1.2 ciphers.
  • Automatically detect and skip very large .htaccess file that can stall server processes.
  • Enabled skipping "File Not Found" logging in error log via rewrite environment variable "dontlog".
  • Added support for "Charset" in Content-Type header for autoindex pages.
  • Fixed bug in handling symbolic race condition when "Strict File Ownership" (equivalent to CloudLinux SecureLink) is enabled. (Special thanks to Rack911.)
  • Fixed bug allowing create/overwrite arbitrary file as root user via crafted symbolic link. (Special thanks to Rack911.)
  • Fixed bug in handling IPv6 address used in Apache httpd.conf.
  • Fixed bug in SSI engine causing LAST_MODIFIED variable to use wrong timestamp.
  • Fixed bug in rewrite engine with URL encoding.
LSWS 4.2.4 8-6-2013 Major feature enhancements and minor bug fixes
  • Added Python WSGI support (Apache mod_wsgi equivalent).
  • LSWS will now switch back to Apache automatically when license expires.
  • Added OCSP stapling support for SSL.
  • Added a feature that moves realtime status reports to the RAM disk to avoid blocking lshttpd process in high I/O wait situations.
  • Automatically restart PHP suEXEC daemon if killed or crashed to avoid 503 errors.
  • OpenSSL AESNI hardware acceleration enabled for x86_64-Linux platform.
  • LSAPI STDERR logging is now disabled when STDERR logging is disabled in configuration.
  • Improved Redirect directive processing to make "Redirect 301/..." work in sub-directory .htaccess files.
  • Fixed a bug causing authentication failure when password is blank.
  • Fixed a bug in IPv4 Access Control configuration causing the smaller subnet to overshadow the larger subnet when two subnets overlapped.
  • Fixed a bug in STDERR logging, which may cause interlocking between lscgid and lshttpd worker processes.
  • Fixed a bug causing MIME types such as "text/css; charset=..." to not be gzipped when GZIP is enabled for "text/*".
  • Fixed a bug in SecRuleRemoveById directive.
  • Fixed a bug in ModSec engine when handling collections directives.
  • Fixed a bug in graceful restarting with over 1000 listeners.
  • Fixed a bug causing log rotation not to be disabled when rotating limit is set to 0.
LSWS 4.2.3 5-22-2013 Feature enhancements and minor bug fixes
  • Added setting to hide the LiteSpeed signature in the default error pages.
  • Added ability to use sendfile() to send back dynamic responses.
  • Updated in-GUI settings explanations.
  • Added option (External Application Abort) to stop the server from aborting external application processes even when the client connection has been broken.
  • Added PHP suEXEC daemon ability to kill runaway child processes.
  • Reserved connections for the WebAdmin console to ensure accessibility regardless of the current number of connections.
  • Added CGI daemon ability to log processes killed by signals to stderr.
  • Fixed FileETag directive and rewrite rule incompatibility.
  • Fixed FreeBSD realtime stats error.
  • Updated PHP build utility to support up to PHP 5.3.25 and 5.4.15.
  • Discontinued support for Solaris SPARC.
LSWS 4.2.2 1-30-2013 Feature enhancements and minor bug fixes
  • Added HTTP "PATCH" method support.
  • FileEtag directives have been fully supported.
  • Added "Cache-Control:no-cache, no-store, must-revalidate" response header to 302 response.
  • Improved Ruby Rack/Rails support along with new ruby-lsapi 4.1. "RewindableInput" interface has been natively implemented to maximize Rack performance.
  • LiteSpeed Cache improvement: added max-stale age support, stale cache copy can be served while updating the cache; added "REFRESH" method to serve existing cached copy while updating the cache.
  • Improved mod_security compatibility with gotroot ruleset.
  • Fixed CageFS mount point issue with litespeed.
  • Fixed rewrite variable "%{TIME}" parsing error.
  • Updated PHP build utility to include PHP 5.4.11 and 5.3.21.
LSWS 4.2.1 11-21-2012 Feature enhancements and minor bug fixes
  • PHP suEXEC daemon mode will be auto disabled when different php.ini required via PHPRC or PHPIniDir due to internal limitation of PHP engine.
  • Improved error handling in case of LSWS swap directory out of space.
  • Fixed a bug in SSI encoding.
  • Updated PHP build utility to include PHP 5.4.8 and 5.3.18.
LSWS 4.2 9-10-2012 Major feature enhancements
  • Added support for PHP suEXEC daemon mode to improve performance and memory efficiency (LSAPI 6.0 required).
  • Improved compatibility of Apache mod_security by adding support for variable collections.
  • Improved symbolic link security for shared hosting by introducing LiteSpeed specific directives "DisableSymlinkOverride" and "VhostRestrained".
  • Updated PHP build utility to include PHP 5.4.6 and 5.3.16.