LiteSpeed Web Server
Release Log

LiteSpeed Web Server (LSWS) is constantly updated with new features and bug fixes.

  • LSWS 5.2 (7-11-2017) Major Feature Enhancements & Bug Fixes

    • MAJOR NEW FEATURE Added QUIC (Quic UDP Internet Connections) support.
    • MAJOR NEW FEATURE Added mod_pagespeed support for 64-bit Linux installs.
    • NEW FEATURE Switched from OpenSSL to BoringSSL with TLSv13 support.
    • NEW FEATURE Added support for HTTP/2 Server Push.
    • NEW FEATURE Added support for CloudLinux ruby/python selector.
    • NEW FEATURE Added support for IP2Location to convert IP to geographic location.
    • NEW FEATURE Added support for brotli compression for static files.
    • NEW FEATURE Added support for SecRemoteRules and improved performance of mod_security engine.
    • IMPROVEMENT LiteSpeed Web Cache manager has been vastly improved with the addition of a command line tool (lscmctl).
    • IMPROVEMENT The LiteSpeed cPanel/WHM plugin has been improved and prepped for the upcoming cPanel 66 release.
    • BUGFIX Included all bugfixes in the 5.1 branch.

    LSWS 5.2RC3 (6-12-2017) Major Feature Enhancements & Bug Fixes

    • MAJOR NEW FEATURE Added mod_pagespeed support for 64-bit Linux installs.
    • NEW FEATURE Switched from OpenSSL to BoringSSL with TLSv13 support.
    • BUGFIX Fixed a bug in LSCache that caused cached objects to expire too soon.
    • BUGFIX All bug fixes from 5.1.x releases are included.

    LSWS 5.2RC2 (2-13-2017) Feature Enhancements

    • NEW FEATURE Added support for HTTP/2 Server Push.

    LSWS 5.2RC1 (1-9-2017) Feature Enhancements

    • NEW FEATURE Added support for CloudLinux ruby/python selector.
  • LSWS 5.1.17 (6-28-2017) Feature Enhancements & Bug Fixes

    • NEW FEATURE Added fine grain control of cache, esi, and crawler features at the vhost level.
    • BUGFIX Fixed UserDir function broken due to a recent cPanel template change.
    • BUGFIX Fixed DirectoryIndex configuration broken due to a recent Plesk Onyx 17.5 template change.
    • BUGFIX Fixed a few bugs in the mod_security engine.

    LSWS 5.1.16 (6-2-2017) Security & Bug Fixes

    • SECURITY Fixed a bug in the auto index script.
    • INTEGRATION Updated CloudLinux LVE limit for WebAdmin Console users to get around 503 errors caused by CloudLinux kernel changes.
    • BUGFIX Fixed mod_security @rbl and skipAfter breaking with certain chained rules.
    • BUGFIX Fixed a bug in chunk input stream used by POST requests.

    LSWS 5.1.15 (4-11-2017) Feature Enhancements & Bug Fixes

    • SECURITY Fixed an XSS attack vulnerability in the WebAdmin error log viewer.
    • IMPROVEMENT Improved mod_security engine with better support for file inspection at the response header phase.
    • BUGFIX Fixed a bug in HTTP/2 that caused random protocol errors.
    • BUGFIX Fixed a bug in the cache engine that caused the wrong cache root to be used in shared hosting environments.
    • BUGFIX Fixed a compatibility issue with cPanel v64 subdomain redirects.
    • BUGFIX Fixed a bug that caused missing "PATH" environment for PHP processes started via PHP suEXEC.
    • BUGFIX Fixed a bug in the cache engine where partial responses could be cached with a 206 status code.

    LSWS 5.1.14 (3-22-2017) Feature Enhancements & Bug Fixes

    • NEW FEATURE Added support for the 444 status code, which can be used to defend against DoS attacks by immediately closing the connection.
    • IMPROVEMENT A 403 response is now used for directory auto indexing, when the server is denied access to a directory.
    • BUGFIX Fixed a bug that caused service interruptions during graceful restarts.

    LSWS 5.1.13 (2-17-2017) SECURITY Updates

    • SECURITY Protected against focused DDos attacks detected on 02/17/17.

    LSWS 5.1.12 (1-25-2017) Feature Enhancements, Security Updates, & Bug fixes

    • SECURITY Removed DES-CBC3-SHA from default cipher suite to avoid failing current PCI scan.
    • IMPROVEMENT Improved mod_security log messages to use variable values.
    • IMPROVEMENT New WHM plugin icon set.
    • BUGFIX Fixed uneven load distribution problem with round-robin load balancing.
    • BUGFIX Worked around issues that broke Web Cache Manager WordPress scan for certain sites.
    • BUGFIX Fixed a bug that broke rewrite rule inheritance.
    • BUGFIX Fixed a problem with Plesk roundcube email access.
    • BUGFIX Improved server stability with minor bug fixes.

    LSWS 5.1.11 (12-15-2016) Major Feature Enhancements, Bug Fixes

    • BUGFIX Fixed an issue where cPanel killed LiteSpeed when applying configuration changes, such as adding an add-on domain or sub domain.
    • BUGFIX Fixed an issue with DirectAdmin running suEXEC CGI under a directory.
    • BUGFIX Fixed a bug that clears WordPress theme configuration when enabling/disabling the LSCache plugin via the Web Cache Manager.
    • IMPROVEMENT Improved the LSCache engine regarding cache vary and stale purge.
    • NEW FEATURE Added support for CloudLinux ruby/python selector.

    LSWS 5.1.10 (11-7-2016) Major Feature Enhancements, Bug Fixes

    • MAJOR IMPROVEMENT Improved LiteMage first page load speed for new visitors by avoiding going through the backend.
    • IMPROVEMENT Improved cache purging capability: private cache entries can now be purged with public tags and multiple cache purge response headers are accepted.
    • IMPROVEMENT Improved PHP suEXEC setup when used with control panels, defaults to Process Group mode with fine-tuned process keepalive timeout, Auto Start in CGI deamon Async mode.
    • IMPROVEMENT Improved WebCache Manager to scan WordPress installations faster and more accurately.
    • BUGFIX Improved server stability with minor bug fixes.

    LSWS 5.1.9 (9-28-2016) Feature Enhancements, Bug Fixes

    • SECURITY Updated bundled OpenSSL to 1.0.2j to address CVE-2016-6304 and a few other minor vulnerabilities.
    • IMPROVEMENT WHM WordPress Cache Manager has been improved.
    • BUGFIX Fixed a bug that broke remote LSPHP external application configurations.
    • BUGFIX Fixed a SHM bug that caused the server to crash.

    LSWS 5.1.8 (9-14-2016) Feature Enhancements, Bug Fixes

    • NEW FEATURE Added a cache object tracker that can timely remove expired cache objects, keeping statistics accurate.
    • NEW FEATURE Added Etag support for cached objects. 304 is returned if the object has not been updated.
    • NEW FEATURE Added support for HTTP/2 with front-end SSL off-loading proxy using HAProxy.
    • IMPROVEMENT WordPress Cache Manager for WHM has been improved.
    • BUGFIX Fixed issues with cPanel EA4 integration.
    • BUGFIX Fixed a bug where "no-cache" being set via a rewrite rule did not stop the page from being served from cache.
    • BUGFIX Fixed a bug in DirectAdmin integration where incorrect server variables were used for PHP suEXEC.
    • BUGFIX Fixed a crash during OCSP responder querying.

    LSWS 5.1.7 (7-18-2016) Feature Enhancements, Security Updates, & Bug fixes

    • SECURITY Automatically block HTTPOXY attacks with no configuration needed.
    • NEW FEATURE Added authentication realm protection for real-time status report's direct query interface.
    • NEW FEATURE Added CloudLinux mod_proctitle style output in real-time status report.
    • IMPROVEMENT Fixed SSL OCSP stapling for Apache vhosts using CA certificates configured by SSLCACertificateFile to verify the OCSP response.
    • IMPROVEMENT Updated the default configuration for cPanel installations to make them compatible with EA4 and CloudLinux PHP selector.
    • IMPROVEMENT Updated Plesk default configuration to use pre-built lsphp binaries.
    • BUGFIX Fixed a bug caused by MMAPed file being truncated that resulted in crashing.
    • BUGFIX Fixed a bug in serving compressed ESI objects from cache.
    • BUGFIX Fixed a bug in SSI engine that caused SSI scripts to hang.
    • BUGFIX Fixed a bug where cache would not follow cache-vary updates through rewrite rules.
    • BUGFIX Fixed a bug that caused crashing when serving requests from LiteMage Cache.
    • BUGFIX Fixed a bug in serving cached objects compressed with the DEFLATE method.

    LSWS 5.1.6 (6-8-2016) Bug fixes

    • Fixed a bug in mod_security engine that returned "100 continue" code for rules including the "allow" action.
    • Fixed over-sensitive assertions that caused the server to abort.
    • Fixed a bug in OpenSSL 1.0.2h that caused server crashes.
    • Fixed a bug in Server Side Include engine that caused some SSI scripts to hang.
    • Fixed a bug in HTTP/2 that caused some virtual streams to hang under high traffic.
    • Fixed a bug in SPDY that caused trouble for safari 8.

    LSWS 5.1.5 (5-21-2016) Feature enhancements and bug fixes

    • NEW FEATURE LiteMage cache data is now stored in a pre-compressed format to save disk space.
    • NEW FEATURE WordPress cache WHM integration for more easily enabling/disabling caching for WordPress installations at the server level.
    • MAJOR IMPROVEMENT Improved scalability of per-user cache storage in shared hosting environments.
    • Updated openssl to 1.0.2h.
    • Included other minor bug fixes from the 5.0.x branch.

    LSWS 5.1.4 (3-1-2016) Feature enhancements and bug fixes

    • NEW FEATURE detect and block abusive server IPs through proxy/CDN, added vhost level configuration to adjust connection hard limits.
    • Improved HTTP/2 streams priority implementation to avoid head-of-line blocking.
    • Improved handling of regular cache-control response header to enable cache if response is public cacheable.
    • Improved vhost cache root configuration by allowing vhost level variables: $vh_name, $vh_domain and $vh_user.
    • Fixed bug that prevents Vhost cache root from being cleaned automatically.

    LSWS 5.1.3 (2-11-2016) Feature enhancements and bug fixes

    • NEW FEATURE Added support for the lsc-cookie response header which can be used to cache "Set-Cookie" headers.
    • NEW FEATURE Added an Apache style "CacheLookup" directive which only turns on cache lookup.
    • Improved mod_security audit log format to make it compatible with cPanel "ModSecurity Tools".
    • Improved handling of "Range" requests. LSWS now sends back a 304 response if conditions are met.
    • Fixed an Apache compatibility problem where global level contexts were not properly applied to vhosts.
    • Re-added the "Connection: keep-alive" response header to satisfy online testing tools.
    • Fixed a bug in "Digest" authentication implementation.
    • Fixed reported server crashes.

    LSWS 5.1.2 (1-28-2016) Feature enhancements and bug fixes

    • SECURITY Updated bundled OpenSSL lib to 1.0.2f to address the concern of CVE-2016-0701, older version is not vulnerable as SSL_OP_SINGLE_DH_USE was turned on.
    • Improved compatibility with cPanel + centos 7 setup, preventing Apache from being started by cPanel.

    LSWS 5.1.1 (1-18-2016) Feature enhancements and bug fixes

    • SECURITY Fixed a bug reported by Netsparker that allowed request header injection when mod_userdir was enabled.
    • Cleaned up HTTP/2 NPN/ALPN strings which now only use the "h2" signature.
    • Fixed all reported bugs that cause crashes.

    LSWS 5.1 (1-13-2016) Feature enhancements and bug fixes

    • Updated mod_security engine with support for @rbl and @inspectfile operators.
    • Improved mod_security engine performance.
    • Added SSL OCSP Stapling support through Apache httpd.conf.
    • Added shared SSL Session Cache and SSL Ticket synchronization.
    • Added multi-certificate support for using RSA, DSA, and ECC certificates simultaneously for the same domain.
    • Fixed systemd issue affecting server deployment and hosting control panels on centos7.

    LSWS 5.1RC3 (1-5-2016) Feature enhancements and bug fixes

    • Improved mod_security engine performance.
    • Improved server stability.
    • Included all applicable enhancements and bug fixes from 5.0.x release branch.

    LSWS 5.1RC2 (11-10-2015) Feature enhancements and bug fixes

    • Added SSL OCSP Stapling support through Apache httpd.conf.
    • Added shared SSL Session Cache and SSL Ticket synchronization.
    • Added Multi-Certificate support for using RSA, DSA, and ECC certificates simultaneously for the same domain.
    • BUGFIXes and improvements to mod_security engine.

    LSWS 5.1RC1 (10-13-2015) Major feature enhancements

    • Completely reworked request processing flow to allow pausing/resuming at different stages.
    • Updated mod_security engine with support for @rbl and @inspectfile operators.