LiteSpeed Web Server Release Log 2019-10-08 20:02:41 LiteSpeed Web Server is constantly updated with new features and bug fixes. This is a detailed list of changes, arranged by date and version number.

LiteSpeed Web Server
Release Log

Join the "LiteSpeed Edge Users" Google Group for cutting-edge build notifications, or see our wiki for detailed build information.

LiteSpeed Web Server (LSWS) is constantly updated with new features and bug fixes.

  • LSWS 5.4.1(08-15-2019) Security, New Features, Improvements, BugFix

    • SECURITY Addressed recent HTTP/2 DoS advisories. Fixed CVE-2019-9516 "0-Length Headers Leak" vulnerability. Completely blocks unaffected attacks: CVE-2019-9511 "Data Dribble", CVE-2019-9512 "Ping Flood", CVE-2019-9513 "Resource Loop", CVE-2019-9514 "Reset Flood", CVE-2019-9515 "Settings Flood", CVE-2019-9517 "Internal Data Buffering", and CVE-2019-9518 "Empty Frames Flood".
    • NEW FEATURE Updated HTTP/3 support to Internet Draft 22.
    • NEW FEATURE Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly.
    • IMPROVEMENT reCAPTCHA engine has been improved to reduce false positives.
    • BUGFIX Fixed a chunk encoding bug that could cause data corruption.
    • BUGFIX Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services.
    • BUGFIX Fixed a regression that prevented Apache vhosts from using PHP daemon mode.
    • BUGFIX Fixed a cache engine bug that failed to forward the `X-Litespeed-purge2` response header to front-end ADC cache engines.
    • BUGFIX [Bug Fix] Fixed a bug that causes Python WSGI applications to fork child processes frequently.

    LSWS 5.4(07-23-2019) New Features, Improvements

    • MAJOR IMPROVEMENT Massive HTTP/2 HTTPS performance boost (up to 5x faster than LSWS v5.3.x).
    • MAJOR NEW FEATURE Experimental HTTP/3 draft 20 support.
    • MAJOR NEW FEATURE Redis and rewrite based dynamic virtual hosting.
    • MAJOR NEW FEATURE Server level reCAPTCHA protection efficiently defends against layer-7 DDoS attacks of any size.
    • NEW FEATURE Added support for Q046 in QUIC engine.
    • NEW FEATURE HTTPS accelerator with direct dynamic TLS record packaging, improving both HTTPS throughput and TTFB without compromise.
    • NEW FEATURE HTTPS handshake offloading, improving HTTPS handshake speed and avoiding clogging the server's main event loop.
    • NEW FEATURE SO_REUSEPORT support, improving multi-worker scalability for high traffic deployments.
    • NEW FEATURE HTTPS certificate compression, reducing the size of HTTPS handshake exchange data.
    • IMPROVEMENT Improved HTTP/2 stream prioritization for a better user browsing experience.

    LSWS 5.4RC4(05-24-2019) New Features

    • NEW FEATURE Support for SO_REUSEPORT for multi-worker license.
    • NEW FEATURE HTTPS/QUIC handshake offloading.
    • NEW FEATURE TLSv1.3 certificate compression.
    • NEW FEATURE High Availability for Redis dynamic vhost setup.
    • NEW FEATURE Support for Google QUIC 046.
    • NEW FEATURE Experimental IETF QUIC draft-20.

    LSWS 5.4RC3(03-18-2019) Major New Feature, Major Improvement & Bug Fixes

    • MAJOR NEW FEATURE Dynamic Virtual Host configuration through REDIS backend.
    • MAJOR IMPROVEMENT Greatly improved HTTP/2 performance -- up to 7x faster than previous implementations.
    • BUGFIX Improved QUIC engine performance and stability.
    • BUGFIX All bug fixes and enhancements on 5.3.x branch included.

    LSWS 5.4RC2(02-04-2019) Major New Feature, Improvement, New Feature & Bug Fixes

    • MAJOR NEW FEATURE Dynamic virtual hosting through rewrite rules.
    • IMPROVEMENT Improved HTTP/2 performance.
    • NEW FEATURE QUIC proxy backend support for backend communication through QUIC.
    • BUGFIX All applicable bug fixes from the 5.3 branch.
    • BUGFIX Fixed a few server crash bugs.

    LSWS 5.4RC1(01-03-2019) New Features, Major Improvements, & Bug Fixes

    • NEW FEATURE Recaptcha verification for DDoS attack mitigation.
    • NEW FEATURE Support for Ruby/Python/Nodejs applications in native configuration.
    • NEW FEATURE Added Virtual Host level trusted IP control, managed through .htaccess.
    • MAJOR IMPROVEMENT Added LiteSpeed TLS Accelerator, maximizing HTTPS & HTTP/2 performance.
    • MAJOR IMPROVEMENT HTTP/2 performance has been improved with a better header compression/decompression work flow.
    • BUGFIX All bug fixes from LSWS 5.3.5 incremental builds included.
  • LSWS 5.3.8(05-21-2019)Improvements & Bug Fixes

    • SECURITY Added built-in filter to block attempts at hacking LiteMage with crafted ESI requests.
    • NEW FEATURE lscmctl script can now be used to install/uninstall the LiteSpeed Web Cache Manager user-end plugin for cPanel.
    • NEW FEATURE Recommend a plugin or broadcast a message to all discovered WordPress installations with the dash notify feature, available in both the lscmctl script and WHM plugin.
    • IMPROVEMENT Bundled WHM and user-end cPanel plugins have been updated to v3.3.1 and v1.2.0.2 respectively.
    • IMPROVEMENT Support request header sizes of up to 64K.
    • IMPROVEMENT Ignore <if> <else> <elseif> configuration contexts.
    • IMPROVEMENT Added support for Apache configuration directive "Require ip ...".
    • IMPROVEMENT Improved with stable release tier.
    • IMPROVEMENT Improved to install systemd unit file for Plesk + Debain/Ubuntu.
    • IMPROVEMENT Improved NodeJS application compatibility and mod_passenger configuration handling.
    • IMPROVEMENT Added autoconfig for PHP 7.4.
    • IMPROVEMENT Improved compatibility with LSAPI 7.3 .
    • IMPROVEMENT Improved HPACK encoding performance.
    • IMPROVEMENT Cache engine now updates "X-LiteSpeed-Cache-Control max-age" value based on actual expire time when a front-end lscache proxy exists.
    • IMPROVEMENT Improved compatibility with Apache mod_security on variables REQUEST_BODY, REQUEST_FILENAME and LAST_UPDATE_TIME.
    • IMPROVEMENT Fixed PHP handler compatibility issues with Plesk's updated configuration template.
    • IMPROVEMENT Improved WordPress brute force detection IP logging.
    • BUGFIX Fixed an Apache SSL vhost SNI configuration bug.
    • BUGFIX Fixed a QuicEngine bug that could cause broken responses.
    • BUGFIX Fixed a cache + ESI engine bug that caused random server crashes.
    • BUGFIX Fixed rewrite engine infinite loop when rewrite map file is stored in an NFS mount.
    • BUGFIX Improved detached mode process manager to accurately stop detached processes when requested.
    • BUGFIX Added User-Agent and Referer headers to server pushed requests to avoid failing possible checks in a user's custom configuration.
    • BUGFIX Fixed FreeBSD 100% cpu usage for kqueue event loops when AIO logging is enabled.
    • BUGFIX Fixed an SSL OCSP stapling bug.
    • BUGFIX Fixed broken server restart when port offset had been set.
    • BUGFIX Fixed a memory leak in the GeoIP module.

    LSWS 5.3.7(03-15-2019)Improvements & Bug Fixes

    • SECURITY Fixed a XSS vulnerability in directory auto index script.
    • IMPROVEMENT Improved QUIC transport protocol performance and reliability.
    • IMPROVEMENT Improved default configuration for servers with heavy disk I/O wait.
    • IMPROVEMENT Made IP based SSL SNI configuration exactly match Apache's.
    • IMPROVEMENT Made .rtreport symbolic links root owned to avoid LFD file warnings.
    • IMPROVEMENT Improved ESI support for JSON responses.
    • IMPROVEMENT Improved script to check build number against latest build.
    • UPDATE Updated bundled WHM plugin to v3.2.0.3 and user-end cPanel plugin to v1.1.1.2 to address an integration issue with the recent LSCWP release.
    • BUGFIX Fixed a file descriptor leak in piped logger.
    • BUGFIX Fixed a bug that prevented changing the Cache-Control or Expire headers within PHP.
    • BUGFIX Fixed inaccurate real-time statistics.
    • BUGFIX Fixed a rewrite engine compatibility issue.
    • BUGFIX Fixed a regression in "Redirect" directive handling.
    • BUGFIX Fixed a QUIC engine bug when handling extra long response headers.
    • BUGFIX Fixed a regression that broke the "SetHandler" directive.
    • BUGFIX Fixed a rewrite engine bug where target URLs containing "../" could cause problems.
    • BUGFIX Fixed an external loop redirect detection bug.
    • BUGFIX Fixed a mod_security bug stopping response headers from being logged to the audit_log.
    • BUGFIX Fixed a mod_security engine bug that was mistakenly skipping some rules for POST requests.
    • BUGFIX Fixed an ESI engine bug that broke detection for looping includes, causing the server to run out of memory.
    • BUGFIX Increased logging for detach mode process manager. A forced lock release will now occur if a dead lock is detected when starting detach mode processes.
    • BUGFIX Fixed systemd unit file lshttpd.service by requiring
    • BUGFIX Allow xx.xx.xx.xx/32 as valid IP in ACL configuration.

    LSWS 5.3.6(01-30-2019)Improvements & Bug Fixes

    • NEW FEATURE lscmctl script can now be used to set custom server and virtual host cache roots with the 'setcacheroot' command.
    • IMPROVEMENT Added "ProxyPass"/"ProxyPassMatch" support for AJP backend.
    • IMPROVEMENT Added support for "IP:port" in "X-Forwarded-For" header.
    • IMPROVEMENT Reliably switch back to Apache in the case of a LiteSpeed licensing problem.
    • IMPROVEMENT Added back support for SecFilterEngine and SecFilterScanPOST directives for backward compatibility.
    • UPDATE Updated bundled WHM plugin to v3.2.0.1 and user-end cPanel plugin to v1.1.1.
    • BUGFIX Fixed AddHandler directive behavior to be the same as AddType.
    • BUGFIX Fixed an OCSP stapling bug that caused Mozilla connection issues.
    • BUGFIX Stopped PHP from logging errors into the error log when stderr.log was disabled.
    • BUGFIX Fixed a SecRemoteRule handling bug.
    • BUGFIX Fixed a bug causing detached PHP processes to be stopped during graceful restarts, which may cause random 503 errors.
    • BUGFIX Fixed a bug in processing GeoIP2 mmdb database.
    • BUGFIX Fixed a bug introduced in v5.3.5 build 5 that broke cPanel/WHM's "redirect to closest matched domain" feature.
    • BUGFIX Fixed cPanel two factor authentication.
    • BUGFIX Minor bug fixes involving Apache compatibility issues.

    LSWS 5.3.5(12-13-2018)Improvements & Bug Fixes

    • IMPROVEMENT Improvements to HTTP/2, QUIC, and rewrite engine.
    • BUGFIX HTTP/2, QUIC, and rewrite engine bug fixes.
    • BUGFIX Fixed mod_security engine not handling skipAfter properly in the `SecAction` directive.
    • BUGFIX [Bug Fix] Fixed server failing to automatically fix cache directory permission problems.

    LSWS 5.3.4(11-16-2018)Major Feature Enhancements & Bug Fixes

    • MAJOR NEW FEATURE Added support for Google QUIC v44.
    • NEW FEATURE Improved Ruby/Python selector support and apply engine version changes on the fly.
    • NEW FEATURE Allow overriding external application environment at vhost level.
    • NEW FEATURE Log HTTP/2 in access log for HTTP/2 connection.
    • NEW FEATURE Auto detect and use cPanel signed certificate for WebAdmin.
    • NEW FEATURE Auto correct bad HTTPS proxy backend configured as HTTP.
    • IMPROVEMENT Improved compatibility with ColdFusion engine.
    • UPDATE Updated bundled WHM plugin to v3.1.3.1.
    • UPDATE Updated bundled cPanel user-end plugin to v1.0.2.
    • BUGFIX Fixed mod_security engine compatibility issue with latest COMODO ruleset.
    • BUGFIX Added "Accept-Range: bytes" header back for static files.
    • BUGFIX Fixed bug in rewrite engine loop redirection detection.

    LSWS 5.3.3(11-2-2018)Bug Fixes

    • INTEGRATION Auto ignore a set of problematic rewrite rules introduced in a recent cPanel/WHM release that were causing 404 errors. (Since addressed by cPanel)

    LSWS 5.3.2(10-23-2018)Improvements & Bug Fixes

    • IMPROVEMENT Improved Ruby application support for Plesk.
    • BUGFIX Fixed a bug that prevented cache updates due to stale cache copies.
    • BUGFIX Fixed ESI engine incorrectly handling inline objects.
    • BUGFIX Fixed a bug causing the server to be overly strict with OCSP response.
    • BUGFIX Minor bug fixes to rewrite engine and detached PHP process manager.

    LSWS 5.3.1(10-2-2018)Improvements & Bug Fixes

    • IMPROVEMENT Improved PHP handler detection and detached mode configuration.
    • IMPROVEMENT Improved compatibility with cPanel v76.
    • UPDATE Update bundled WHM plugin to v3.1.1.
    • BUGFIX Fixed cache engine bugs causing random crashes and extended object expire times.
    • BUGFIX Fixed a bug that causes inaccurate connection counter.
    • BUGFIX Fixed a bug where dropping request headers affected Python Django backend applications.
    • BUGFIX Bug fixes in QUIC engine.

    LSWS 5.3(8-15-2018)Major Feature Enhancements & Bug Fixes

    • MAJOR NEW FEATURE Keep PHP workers running through server restarts with PHP detached mode.
    • MAJOR NEW FEATURE Support for CloudLinux NodeJS selector.
    • MAJOR NEW FEATURE Added BROTLI compression for dynamic responses.
    • MAJOR NEW FEATURE PHP handler auto configuration.
    • MAJOR NEW FEATURE LiteSpeed Web Cache Manager cPanel plugin v1.0.0.
    • MAJOR NEW FEATURE Automatic GZIP and BROTLI conversion for cached pages.
    • MAJOR IMPROVEMENT Added support for TLSv1.3.
    • MAJOR IMPROVEMENT Added support for PHP CRIU in CloudLinux environments.
    • MAJOR IMPROVEMENT Added support for maxmind database GeoIP2 lookup.
    • MAJOR IMPROVEMENT Updated QUIC engine to support GoogleQUIC v43.
    • IMPROVEMENT Improved cache engine to fix bad cache storage directory and file permissions.
    • UPDATE WHM plugin v3.1.0.
    • BUGFIX All bug fixes in 5.2.x releases.

    LSWS 5.3RC2(7-19-2018)Major Feature Enhancements & Improvements

    • MAJOR NEW FEATURE Added BROTLI compression for dynamic responses.
    • MAJOR NEW FEATURE LiteSpeed Web Cache Manager cPanel plugin.
    • NEW FEATURE Automatically convert between GZIP and BROTLI for cached pages.
    • UPDATE Updated boringSSL to support TLSv1.3 draft 28.
    • UPDATE Updated QUIC engine to support Google QUIC v43.
    • UPDATE WHM plugin v3.1.0
    • IMPROVEMENT Improved HTTP/2 performance.

    LSWS 5.3RC1(5-25-2018)Major Feature Enhancements & Improvements

    • MAJOR NEW FEATURE Keep PHP workers running through server restarts with PHP detached mode.
    • MAJOR NEW FEATURE NodeJS selector support.
    • MAJOR NEW FEATURE PHP CRIU support in CloudLinux environments.
    • MAJOR NEW FEATURE PHP handler auto configuration.
    • MAJOR IMPROVEMENT QUIC engine improved.
    • MAJOR IMPROVEMENT Updated WHM Plugin to v3.0.0.
    • MAJOR IMPROVEMENT WHM Plugin cache management feature improved.