LiteSpeed Web Server v5.3.7 Now Available

Not open for further replies.


Staff member
LiteSpeed Web Server v5.3.7

In this release: a fix for an XSS vulnerability, bug fixes, and more!

[Security] Fixed a XSS vulnerability in directory auto index script.
[Improvement] Improved QUIC transport protocol performance and reliability.
[Improvement] Improved default configuration for servers with heavy disk I/O wait.
[Improvement] Made IP based SSL SNI configuration exactly match Apache's.
[Improvement] Made .rtreport symbolic links root owned to avoid LFD file warnings.
[Improvement] Improved ESI support for JSON responses.
[Improvement] Improved script to check build number against latest build.
[Update] Updated bundled WHM plugin to v3.2.0.3 and user-end cPanel plugin to v1.1.1.2 to address an integration issue with the recent LSCWP release.
[Bug Fix] Fixed a file descriptor leak in piped logger.
[Bug Fix] Fixed a bug that prevented changing the Cache-Control or Expire headers within PHP.
[Bug Fix] Fixed inaccurate real-time statistics.
[Bug Fix] Fixed a rewrite engine compatibility issue.
[Bug Fix] Fixed a regression in "Redirect" directive handling.
[Bug Fix] Fixed a QUIC engine bug when handling extra long response headers.
[Bug Fix] Fixed a regression that broke the "SetHandler" directive.
[Bug fix] Fixed a rewrite engine bug where target URLs containing "../" could cause problems.
[Bug fix] Fixed an external loop redirect detection bug.
[Bug Fix] Fixed a mod_security bug stopping response headers from being logged to the audit_log.
[Bug Fix] Fixed a mod_security engine bug that was mistakenly skipping some rules for POST requests.
[Bug Fix] Fixed an ESI engine bug that broke detection for looping includes, causing the server to run out of memory.
[Bug Fix] Increased logging for detach mode process manager. A forced lock release will now occur if a dead lock is detected when starting detach mode processes.
[Bug Fix] Fixed systemd unit file lshttpd.service by requiring
[Bug Fix] Allow xx.xx.xx.xx/32 as valid IP in ACL configuration.

Please remember, there may be some delay between this announcement and the ability to auto-update. If you don't want to wait, you can update manually via the following command:
/usr/local/lsws/admin/misc/ -f -v 5.3.7

Not open for further replies.