LiteSpeed Web Server v5.4.1 Now Available

Not open for further replies.

Michael A

Staff member
LiteSpeed Web Server v5.4.1

In this release: Addressed recent HTTP/2 DoS advisories, bug fixes, and more!

[Security] Addressed recent HTTP/2 DoS advisories ( Fixed CVE-2019-9516 ""0-Length Headers Leak"" vulnerability. Completely blocks unaffected attacks: CVE-2019-9511 ""Data Dribble"", CVE-2019-9512 ""Ping Flood"", CVE-2019-9513 ""Resource Loop"", CVE-2019-9514 ""Reset Flood"", CVE-2019-9515 ""Settings Flood"", CVE-2019-9517 ""Internal Data Buffering"", and CVE-2019-9518 ""Empty Frames Flood"".
[New Feature] Updated HTTP/3 support to Internet Draft 22.
[New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly.
[Improvement] reCAPTCHA engine has been improved to reduce false positives.
[Bug fix] Fixed a chunk encoding bug that could cause data corruption.
[Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services.
[Bug Fix] Fixed a regression that prevented Apache vhosts from using PHP daemon mode.
[Bug Fix] Fixed a cache engine bug that failed to forward the `X-Litespeed-purge2` response header to front-end ADC cache engines.
[Bug Fix] Fixed a bug that causes Python WSGI applications to fork child processes frequently.

Please remember, there may be some delay between this announcement and the ability to auto-update. If you don't want to wait, you can update manually via the following command: `/usr/local/lsws/admin/misc/ -f -v 5.4.1`

Not open for further replies.