LiteSpeed Web Server Changelog

RC1

[Major New Feature] Apache 2.4 conditional context <If> <Ifelse> <Else> support.
[Major New Feature] Asynchronous mod_security engine.
[Major New Feature] Bubblewrap isolated CGI/PHP execution environments.
[New Feature] HTTP/3 draft 29 support.
[Major Enhancement] HTTP/2 has gone through a major rewrite with more efficient header handling.
[Enhancement] Added ModSecurity JSON audit log.

Build 3

[New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
[New Feature] Update cPanel plugin to automatically apply new ECC certificates generated through the plugin.
[Bug Fix] Normalize IPv6 address to properly reuse existing listener sockets.
[Bug Fix] Close down HTTP3/QUIC streams reset by peer in timely manner. 

Build 2

[New Feature] New ForceSecureCookie configuration directive to enforce "secure" and "SameSite" cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory's .htaccess file.
[Bug Fix] Apply header operations for pages generated by python/nodejs applications.
[Bug Fix] Properly detect HTTP/2 GREASE frame and GREASE settings entry, avoiding protocol errors.
[Tuning] Automatically detect and neutralize bad rewrite rules that cause looping proxy to the same server.
[Tuning] Install alt-python38 wsgi-lsapi binary from source if rpm package is not available.
[Bug Fix] Avoid releasing cache objects too early.
[Bug Fix] Address a rare crash in ESI parser. 

Build 1

[Feature] Apply Expires header to a partial response for a range request.
[Bugfix] Force apply ACL configuration changes when client access level is cached in SHM.
[Bugfix] For directory auto index, avoid a blank file name when special characters are in the name.

Build 0

[New Feature] WHM plugin 4.1 with Let's Encrypt ECC certificate support. QUIC.cloud integration with SSL certificates synchronization.
[New Feature] Automatic CloudFlare CDN IP detection.
[New Feature] Support for bcrypt password hash for HTTP authentication.
[Improvement] PHP version detection for cPanel FCGId PHP handler.

Build 5

[Bug fix] Properly pass CHUNK encoded request body to script handler to address random file upload failure.
[Bug fix] Addressed graceful restart failure when the server has many IPs in use and is forced to create listeners for individual IP.

Build 4

[New Feature] Control whether to wait for the full request body or not before passing requests to the request handler with new environment variable "wait-req-full-body". (Waiting allows the request handler to see the full request body immediately)
[Tuning] Increase reCAPTCHA verified status timeout from 1-hour to 1-day.
[Tuning] Increase .htaccess processing time limit from 500ms to 2.5sec to allow for the processing of larger .htaccess files.

Build 3

[Bug Fix] LiteMage cache object count is now more accurate.
[Bug Fix] Address a few compatibility issues with Plesk admin console proxy through regular HTTPS access.
[Bug Fix] Cache statistics access through IPv6.
[Improvement] Protect WebAdmin listener port from duplicate regular listener configuration.
[Improvement] Add Plesk git integration support.

Build 2

[Bug Fix] Address 404 error for reCAPTCHA verification.
[Bug Fix] 'SetEnv' directive is now properly applied inside <Files> or <FilesMatch> contexts. 

Build 1

[Bug Fix] Correct DirectAdmin PHP handler detection when "DirectAdmin" panel is selected under "PHP" config tab.
[Bug Fix] WebSocket ProxyPass configuration now works correctly inside the <Location> context.
[Bug Fix] Match Apache's Redirect behavior by discarding original query string if target URL has query string set.

Build 0

[New Feature] Add the ability to load an extra ECC certificate for an Apache virtual host when multi-cert support is enabled.
[New Feature] Apply header modification configurations in .htaccess to dynamic responses for CloudLinux Python/Ruby/NodeJS selector application.
[New Feature] Update client IP using request header "X-Real-IP".
[New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
[Security] Block 'LD_*' environment variable overriding from .htaccess.
[Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0.
[Improvement] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
[Improvement] Update WHM plugin to v4.0 (drops support for EasyApache 3).
[Improvement] Make reCAPATCHA compatible with WordPress password protected pages.
[Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
[Bug Fix] Correct Magento LiteMage2 cache object statistics.
[Bug Fix] Address an AJPv13 hanging bug.
[Bug Fix] Enabling bandwidth throttling no longer causes rare HTTP/2 response hangs.
[Bug Fix] Properly apply UMASK configuration for external applications.
[Bug Fix] Fix a problem with Plesk log rotation when LSWS overrode Apache's rc script with a symbolic link.
[Bug Fix] NodeJS default being not properly set in httpd_config.xml no longer causes crashing.
[Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.

Build 9

[Bug Fix] Correct a SHM memory allocation issue.
[Bug Fix] Address a URL handling regression introduced in build 7 that affected NextCloud WebDAV clients.

Build 8

[New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
[Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
[Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
[Bug Fix] Correct a crash bug in cache engine.
[Tuning] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.

Build 7

[New Feature] For CloudLinux Python/Ruby/NodeJS selector application, applies header modification configuration in .htaccess to dynamic response.
[Bug Fix] A mod_security engine bug that causes random crash.
[Bug Fix] A bug in access log format validation.

Build 6

[Bug Fix] Fixed Plesk log rotation issue when LSWS override Apache rc script with symbolic link. 
[Bug Fix] Fixed a crash when NodeJS default was not properly set in httpd_config.xml. 

Build 5

[Security] Blocks overriding LD_PRELOAD environment variable from .htaccess.
[Bug Fix] Fixed a corner case that causes hanging HTTP/2 response when bandwidth throttling is enabled. 
[Bug Fix] Properly apply UMASK configuration for external application. 

Build 4

[New Feature] Added the ability to load extra ECC certificate for Apache virtual host when multi-cert support is enabled.
[Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0. 
[Tuning] Disable cache if a request is blocked by mod_security.
[Bug Fix] Minor bug fixes in cache engine. 
[Bug Fix] Minor bug fix in mod_security engine.

Build 3

[Bug Fix] Fixed an HTTP/2 protocol bug encountered when a PHP page failed without sending back a response header.
[Bug Fix] Fixed an internal memory management bug that caused random crashing.

Build 2

[Bug Fix] Fixed an AJPv13 protocol bug that caused requests containing a request body to hang.
[Tuning] Improved reCAPATCHA verification to make it compatible with WordPress password protected pages.

Build 0

[Security] Fixed a symbolic link attack in directory auto index script. Thank you KnownHost for the bug report. (CloudLinux user is not affected.)
[New Feature] Added strict suEXEC and ownership checking on scripts.
[New Feature] Added ability to configure static/dynamic request per second limit for Apache ghost.
[Bug Fix] Fixed reCAPTCHA triggering for the first access of an allowed robot.
[Bug Fix] Added "Cache-Control: no-cache" to reCAPTCHA verification page to disallow CDN/proxy cache.
[Bug fix] Fixed delayed .htaccess loading.
[Bug fix] Fixed a delayed server response bug with HTTP/2.
[Bug fix] Fixed a NodeJS websocket backend configuration bug.
[Bug fix] Shared lib for lscmctl script is now updated on server install/update.
[Tuning] Prevent ports 443 and 80 from being used as WebAdmin listener port.
[Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable.
[Tuning] Automatically update /proc/sys/net/core/somaxconn to 1024 whenever server performs a fresh startup.
[Tuning] Added after=lve_namespaces.service to systemd unit file.

Build 5

[Bug Fix] Fixed a bug that reCAPTCHA was shown for the first access of an allowed robot.
[Bug Fix] Added "Cache-Control: no-cache" for reCAPTCHA verify page to disallow CDN/proxy cache. 

Build 4

[Bug Fix] Minimize interference with mandatory rewrite processing when bypassing favicon URL rewrite.
[Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable.

Build 3

[Bug Fix] Use request header value for RBL lookups.
[Bug Fix] Fixed a configuration parser crash.
[Bug Fix] Fixed HTTP/3 ALPN string to properly advertise h3-27.
[Tuning] Automatically update /proc/sys/net/core/somaxconn to 1024, when server performs a fresh startup.
[Tuning] Avoid adjusting external application process priority based on server's priority.

Build 2

[New Feature] Added strict suEXEC and ownership checks for scripts.
[New Feature] Added ability to configure static/dynamic request per second limit for Apache vhost.
[Tuning] Added after=lve_namespaces.service to systemd unit file.
[Bug Fix] Fixed a bug when switching vhost log file.
[Bug Fix] Fixed an HTTP/3 timestamp/ACK ping-pong bug.
[Bug Fix] Fixed a bug causing extra delay when response has content length = 0.

Build 1

[Bug fix] Fixed a bug causing delayed .htaccess loading.
[Bug fix] Fixed an HTTP/2 bug that sometimes delayed server response.
[Bug fix] Fixed a bug in NodeJS websocket backend configuration.
[Bug fix] Shared lib for lscmctl is now updated on server install/update.
[Tuning] Prevent ports 443 and 80 for use as a WebAdmin listener.

Build 0

[New Feature] Updated HTTP/3 support to include h3-27.
[Bug Fix] Fixed a bug that caused ProxyPass ws:// target to stop working for certain configuration combination.
[Bug Fix] Fixed a bug in HTTP/2 handling mismatched response content-length and actual reponse body size.
[Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
[Bug Fix] Fixed a regression that broke /tmp/lshttpd/swap auto cleanup.
[Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
[Bug Fix] Fixed a crash in ModSecurity using libinjection.
[Tuning] Set mod_security RBL DNS cache to 60 seconds.
[Tuning] Disable TLSv1.1 by default.
[Tuning] Enable SSL session tickets by default.
[Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.

Build 3

[Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
[Bug Fix] Fixed a regression that broke /tmp/lshttpd/swap auto cleanup.
[Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
[Bug Fix] Fixed a crash in ModSecurity using libinjection.
[Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.

Build 2

[Bug Fix] Minor ModSecurity compatibility fixes.
[Bug Fix] Prevent WebAdmin Console 503 error on centos8 by installing libnsl package automatically.
[Bug Fix] Minor bug fixes in HTTP/3 (QUIC) engine.
[Tuning] Added add "SameSite=Strict" attribute to ls_smartpush cookie.
[Tuning] Update cp_switch_ws.sh script to work independently of any installed control panel plugins.
[Bug Fix] Update uninstall.sh script to work properly when a control panel plugin is not installed.
[Tuning] Downgraded some modsec log messages from "error" to "warning".
[Bug Fix] Fixed a rewrite engine compatibility regression introduced in v5.4.4.

Build 1

[Bug Fix] mod_security @validateUrlEncoding operator has been turned off to avoid unnecessary false positives.
[Bug Fix] Fixed a cache engine bug that broke the "Respect Cacheable" feature.
[Bug Fix] Fixed a crash bug when detecting server startup time.
[Tuning] Made HTML pages generated by the auto index script responsive.
[Tuning] Hid confusing required/restricted permission mask configurations in WebAdmin Console.

Build 0

[New Feature] Added support for IETF HTTP/3 draft 25 (h3-25).
[New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database.
[New Feature] Added full Captcha protection for WordPress login page.
[New Feature] Optionally skip rewrite processing for Let's Encrypt verification requests.
[New Feature] Automatically patch Set-Cookie with 'secure' flag when served over HTTPS.
[Improvement] Added 'cssDecode' and 'utf8toUnicode' transformations to ModSecurity engine.
[Improvement] Added support for 'REQUEST_SCHEME' request variable.
[Improvement] Added '-vb' command line option to print out version and build number.
[Update] Updated WHM plugin to v3.3.7.
[Bug Fix] Fixed websockets hanging on upgrade.
[Bug Fix] Fixed a WebAdmin Console socket address validation bug.
[Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/Ruby/NodeJS applications.
[Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive.
[Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths.
[Bug Fix] External application process startup time is now reliably detected.
[Bug Fix] Fixed a minor regression with AHO string search.
[Bug Fix] Fixed a bug using wrong log ID in error log. 

Build 8

[Bug Fix] In cPanel environment, disable rewrite bypass for Let's Encrypt verification requests if dedicate rewrite rule for 'acme-challenge' detected.

Build 7

[Bug Fix] Fixed a random crash that occurred during SSL handshakes.
[Bug Fix] Fixed a bug that rarely cased CPU usage to climb to 99% when shutting down SSL connections.

Build 6

[Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths.
[Bug Fix] Fixed a random reCAPTCHA verification failure with status code 500.
[Bug Fix] External application process startup time is now reliably detected.
[Bug Fix] Fixed a minor regression with AHO string search.

Build 5

[New Feature] Automatically patch Set-Cookie with 'secure' flag when served over HTTPS.
[Bug Fix] Fixed a regression in Python/Ruby/NodeJS application 'tmp/restart.txt' marker file handling.
[Bug Fix] Fixed a WebAdmin Console socket address validation bug.
[Bug Fix] Fixed a corner case to load trusted IP configured in document root .htaccess before reCAPTCHA verification. 

Build 4

[New Feature] Skip rewrite processing for Let's Encrypt verification requests.
[Bug Fix] Fixed websockets hanging on upgrade.
[Bug Fix] Fixed a WebAdmin Console socket address validation bug.
[Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/Ruby/NodeJS applications.
[Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive.

Build 3

[New Feature] Added full Captcha protection for WordPress login page.
[Bug Fix] Fixed a connection hang regression introduced in v5.4.4 build 2.

Build 2

[New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database.
[Bug Fix] Minor bug fixes to ModSecurity engine.

Build 1

[Improvement] Fine tuned HTTP/3 and QUIC engine performance.
[Improvement] Added 'cssDecode' and 'utf8toUnicode' transformations to ModSecurity engine.
[Improvement] Added 'ctl:debugLogLevel' support to ModSecurity engine.
[Improvement] Added support for 'REQUEST_SCHEME' request variable.
[Improvement] Added '-vb' command line option to print out version and build number.
[Update] Updated WHM plugin to v3.3.6.
[Bug Fix] Minor bug fixes in ModSecurity engine.

Build 0

[New Feature] Added support for Google QUIC Q050. 
[Security] Improved WebAdmin Console security by strictly checking request URLs. 
[Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled. 
[Bug Fix] Fixed an ESI/Litemage output corruption bug. 
[Bug Fix] Fixed a bug in AIO logging that caused the access log to stop working. 
[Bug Fix] Fixed a bug causing 100% CPU usage for FreeBSD. 
[Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/tmp/lshttpd". 
[Bug Fix] Fixed a crash caused by memory mapped files being truncated.

Build 5

[Bug Fix] Fixed a regression for mod_security request parser introduced in 5.4.3 build 4.
[Bug Fix] Fixed a crash due to memory mapped file being truncated. 

Build 4

[Security] Improved WebAdmin console security by strictly checking request URL. 
[Bug Fix] Fixed a regression for FastCGI protocol support, introduced in 5.4.3 build 0.
[Bug Fix] There are minor bug fixes for mod_security engine. 

Build 3

[Bug Fix] Fixed a mutex dead-lock regression introduced in build 2 for AIO logging.

Build 2

[Bug Fix] Fixed a bug in AIO logging that caused access log stop working.
[Bug Fix] Fixed a bug caused 100% CPU usage for FreeBSD.
[Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/tmp/lshttpd".

Build 1

[Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled.
[Bug Fix] Fixed an ESI/Litemage output corruption bug.
[Tuning] Fine tuned keepalive timeout for detached PHP processes to reduce the number of idle PHP processes.

Build 0

[New Feature] Websocket backend support via the "ProxyPass" directive. 
[Enhancement] Improved WordPress brute force protection when facing large botnet attacks.
[Tuning] Updated HTTP/3 QUIC engine default congestion control method to CUBIC for better performance in good network conditions.
[Update] Updated WHM plugin to v3.3.5 (includes support for displaying "critical alerts").
[Bug Fix] Fixed a few bugs in HTTP/3 QUIC engine.
[Bug Fix] Fixed a bug in PID verification that failed to stop processes for detached applications.
[Bug Fix] Fixed a bug in modsecurity engine where LOGGING phase processing was bypassed if a client was using a QUIC connection. 
[Bug Fix] Properly count 3 character second level domains against license domain limit.
[Bug Fix] Properly parse IPv6 mapped IPv4 addresses in request header.
[Bug Fix] Fixed missing "REMOTE_USER" request environment variable when HTTP authentication is used.
[Bug Fix] Fixed a problem with utf-8 characters in request URLs for Python applications.
[Bug Fix] Improved lock contention handling when detached mode PHP processes are started concurrently by multiple server worker processes.
[Bug Fix] Fixed an ESI sub-request bug that could stall proxy to backend communication.
[Bug Fix] Fixed a DirectAdmin userdir bug.

Build 7

[Bug Fix] Fixed an HTTP/3 QUIC engine bug introduced in build 6 that could cause action connections to close at random.
[Tuning] Updated HTTP/3 QUIC engine default congestion control method to CUBIC for better performance in good network conditions.
[Tuning] Lowered WordpressProtect minimum limit from 5 to 2 to better pairing with reCAPTCHA verification.

Build 6

[Bug Fix] Fixed a few minor HTTP/3 and QUIC engine bugs.
[Bug Fix] Fixed an HTTPS bug that caused a busy loop in FreeBSD.
[Bug Fix] Properly count 3 character second level domains against license domain limit. 
[Bug Fix] Properly parse IPv6 mapped IPv4 addresses in request header.
[Bug Fix] Fixed missing "REMOTE_USER" request environment variable when HTTP authentication is used.

Build 5

[Bug Fix] Fixed a bug that caused excessive buffering for HTTP/2 connection.
[Bug Fix] Fixed a bug in QUIC, HTTP/3 engine that caused large file downloads to stall. 
[Bug Fix] Fixed a bug that caused random 404 error. 

Build 4

[Bug Fix] Improved HTTP/3 draft 24 inter-operability with other HTTP/3 clients. 
[Bug Fix] Improved lock contention handling when detached mode PHP processes are started concurrently by multiple server worker processes.
[Bug Fix] Fixed missing environment problem for Python applications.
[Bug Fix] Fixed a problem with utf-8 characters in request URLs for Python applications. 
[Bug Fix] Fixed a rare HTTP/2 connection stalling problem.

Build 3

[Bug Fix] Fixed a bug in mod_security engine @validateUrlEncoding operator resulting in false positives.
[Bug Fix] Fixed a compatibility issue with Plesk's autodiscover feature.
[Bug Fix] Fixed a random 404 error for NodeJS applications.

Build 2

[Enhancement] Improved Wordpress brute force protection when facing large botnet attacks. 
[Bugfix] Fixed HTTP/3 handshake failures when TLSv1.3 was not enabled by control panels.
[Bugfix] Fixed an ESI sub-request bug that could stall proxy to backend communication.
[Bugfix] Fixed a DirectAdmin userdir bug.
[Bugfix] Fixed a Python application compatibility bug.

Build 1

[Bug Fix] Fixed a bug introduced in v5.4.2 build 0 where some mod_security rules could cause false positives.
[Bug Fix] Fixed a bug that caused 503 errors when the configuration of python/node/ruby selector applications where updated.
[Bug Fix] Minor bug fixes in QUIC and HTTP/3 engine.

Build 0

[New Feature] Updated QUIC implementation to support IETF HTTP/3 draft 23.
[New Feature] BBR congestion control for QUIC and HTTP/3. 
[New Feature] "Require env XXXX" access control support.
[New Feature] User/Account level bandwidth throttling for Redis dynamic virtual hosting.
[Improvement] Further HTTPS SSL layer performance tuning.
[Improvement] Automatically restart running PHP processes when PHP binary changes are detected.
[Improvement] Automatically convert ea-phpXX handler configuration into a phpXX handler when an ea-php handler is not available.
[Improvement] Improved AIO access logging to minimize disk I/O.
[Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives.
[Improvement] Built-in error and reCAPTCHA verification pages are now responsive.
[Improvement] Remove '[' ']' enclosure for IPv6 addresses in the access log and request environment variable 'REMOTE_ADDR'.
[Improvement] Reduced memory usage to improve server scalability.
[Improvement] Improved accuracy of server real-time statistics.
[Improvement] Enable SSL SHM session cache for Apache HTTPS vhost when server level SSH session cache is enabled.
[Improvement] Disable TLSv1.0 by default for better PCI compliance.
[Improvement] Automatically disable HTTP/2, SPDY, and QUIC for CSF messenger vhosts on port 8887.
[Improvement] Added "SmartPush no-cookie" directive to disable cookies used for HTTP/2 and QUIC smart push.
[Improvement] Added `lsws/logs/critical_alert` log file for writing common license errors that could cause LSWS to stop working.
[Improvement] Improved compatibility with CloudLinux python selector.
[Improvement] Improved modsecurity engine compatibility.
[Improvement] Send "Alt-Svc" header advertising QUIC and HTTP/3 support only once per connection.
[Bug Fix] Fixed WordPress brute force protection bugs that were causing false positives and crashes.
[Bug Fix] Fixed a bug causing HTTP/2 requests to stall under rare conditions.
[Bug Fix] Fixed a bug causing broken non-keepalive HTTPS responses.
[Bug Fix] Fixed a Layer4 tunnel bug that caused random crashes.
[Bug Fix] Fixed Apache sometimes starting inside the lshttpd cgroup when switching from LSWS to Apache.
[Bug Fix] Fixed all LSPHP processes not being stopped when switching from LSWS to Apache.
[Bug Fix] Fixed an .htaccess cache bug that caused the server's default PHP handler to be used instead of configured per-vhost suEXEC handlers.
[Bug Fix] Per Apache vhost PHP 7.4 handler now runs in suEXEC mode.

Build 8

[Improvement] Improved python application configuration to allow swapping applications on the same URL. 
[Bug Fix] Disable CRIU feature to avoid server downtime after a recent CloudLinux CRIU library update began causing lscgid to crash.
[Bug Fix] Fixed a mod_security configuration bug that reordered some rules under certain conditions.
[Bug Fix] Fixed a systemd warning under Plesk 18.0.

Build 7

[Improvement] Automatically disable HTTP/2, SPDY, and QUIC for CSF messenger vhost on port 8887.
[Improvement] Added "SmartPush no-cookie" directive to disable cookies used for HTTP/2 and QUIC smart push.
[Improvement] Added `lsws/logs/critical_alert` log file for writing common licensing problems that could cause LSWS to stop working.
[Bug Fix] Fixed a compatibility issue with CloudLinux python selector.

Build 6

[Bug Fix] Fixed a bug introduced in build 5 that caused the server to crash when "require env xxxx" was used.
[Bug Fix] Fixed QUIC support for FreeBSD.
[Bug Fix] Changed "Accept-Encoding" value to be case insensitive.
[Improvement] Use 'pkill' instead of 'killall' in various scripts to minimize dependencies on installed system packages.
[Improvement] Update "Alt-Svc" string for gQUIC advertising.

Build 5

[FEATURE] Enable SSL SHM session cache for Apache HTTPS vhost when server level SSH session cache is enabled. 
[FEATURE] Added support for "Require env XXXX" access control. 
[TUNING] Disable TLSv1.0 by default for better PCI compliance. 
[BUGFIX] Make statistics more accurate for requests processed . 
[BUGFIX] Fixed a minor regression in 5.4 that performs redirect before rewrite when URL without a trailing slash pointing to a directory. 

Build 4

[Improvement] Automatically restart running PHP processes after detecting PHP binary updates.
[Improvement] Automatically converted ea-phpXX handler configuration to phpXX handler when ea-php handler is not available.
[Improvement] Improved AIO access logging to minimize disk I/O.
[Bug Fix] Close unused REUSEPORT socket.
[Bug Fix] Make "requests processed" counter more accurate in real-time report.
[Bug Fix] Make per Apache vhost PHP 7.4 handler run in suEXEC mode.
[Bug Fix] Fixed a bug reading CGI 'umask' configuration as an octal number.

Build 3

[Bug Fix] Fixed a .htaccess cache bug that caused the server's default PHP handler to be used instead of per-vhost suEXEC handlers.
[Bug Fix] Fixed a WP brute force protection bug that occasionally caused 100% CPU usage.
[Bug Fix] Fixed a divide by zero bug that was causing server crashes.
[Bug Fix] Fixed a mod_security engine bug where `@geolookup` would not work properly with new MaxMind DB files.
[Tuning] Reduced Brotli compression memory usage.
[Tuning] Allow mapping www.TLD.com and TLD.com to different native virtual hosts.

Build 2

[New Feature] Added an option to allow generation of full real time status report, including idle virtual host and external app stats.
[Bug Fix] Fixed an RBL compatibility issue with modsecurity rules from Imunify360.
[Bug Fix] Fixed a Layer4 tunnel bug that caused random crashes.
[Bug Fix] Fixed Apache sometimes starting inside the lshttpd cgroup when switching from LSWS to Apache.
[Bug Fix] Fixed all LSPHP processes not being stopped when switching from LSWS to Apache.
[Bug Fix] Fixed a QuicEngine bug that sometimes caused a server crash.

Build 1

[Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives.
[Improvement] Make built-in error and reCAPTCHA verification pages responsive.
[Improvement] Remove '[' ']' enclosure for IPv6 addresses in the access log and request environment variable REMOTE_ADDR.
[Bug Fix] Fixed a bug that caused HTTP/2 requests to stall under rare conditions.
[Bug Fix] Fixed a bug that caused broken non-keepalive HTTPS responses.
[Bug Fix] Fixed a bug that caused WordPress brute force protection false positive.

Build 0

[Security] Addressed recent HTTP/2 DoS advisories (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md). Fixed CVE-2019-9516 ""0-Length Headers Leak"" vulnerability. Completely blocks unaffected attacks:  CVE-2019-9511 ""Data Dribble"", CVE-2019-9512 ""Ping Flood"", CVE-2019-9513 ""Resource Loop"", CVE-2019-9514 ""Reset Flood"", CVE-2019-9515 ""Settings Flood"", CVE-2019-9517 ""Internal Data Buffering"", and CVE-2019-9518 ""Empty Frames Flood"".
[New Feature] Updated HTTP/3 support to Internet Draft 22.
[New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly.
[Improvement] reCAPTCHA engine has been improved to reduce false positives. 
[Bug fix] Fixed a chunk encoding bug that could cause data corruption.
[Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services.
[Bug Fix] Fixed a regression that prevented Apache vhosts from using PHP daemon mode.
[Bug Fix] Fixed a cache engine bug that failed to forward the `X-Litespeed-purge2` response header to front-end ADC cache engines. 
[Bug Fix] Fixed a bug that causes Python WSGI applications to fork child processes frequently.

Build 3

[Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services.

Build 2

[New Feature] Updated HTTP/3 support to Internet Draft 22 .
[New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly.
[Improvement] Re-enabled PHP graceful shutdown now that the PHP LiteSpeed SAPI 7.5 package is ready.
[Improvement] Tuned reCAPTCHA verification to avoid requesting verification on image/css/js files.
[Bug Fix] Minor bug fixes for 404 logging and some rare crashes.

Build 1

[Update] Updated cPanel/WHM plugins to v1.2.3.3 and v3.3.3.5 respectively.
[Bug fix] Fixed a chunk encoding bug that could cause data corruption.
[Bug fix] Fixed a bug with customized reCAPTCHA pages.
[Bug fix] Fixed a QUIC engine bug that affected graceful restarts.
[Bug fix] Fixed a BAN request method parsing bug.

Build 0

[Major Improvement] Massive HTTP/2 HTTPS performance boost (up to 5x faster than LSWS v5.3.x).
[Major New Feature] Experimental HTTP/3 draft 20 support.
[Major New Feature] Redis and rewrite based dynamic virtual hosting.
[Major New Feature] Server level reCAPTCHA protection efficiently defends against layer-7 DDoS attacks of any size.
[New Feature] Added support for Q046 in QUIC engine.
[New Feature] HTTPS accelerator with direct dynamic TLS record packaging, improving both HTTPS throughput and TTFB without compromise.
[New Feature] HTTPS handshake offloading, improving HTTPS handshake speed and avoiding clogging the server's main event loop. (No extra configuration required)
[New Feature] SO_REUSEPORT support, improving multi-worker scalability for high traffic deployments.
[New Feature] HTTPS certificate compression, reducing the size of HTTPS handshake exchange data.
[Improvement] Improved HTTP/2 stream prioritization for a better user browsing experience.

RC4

[New Feature] Support for SO_REUSEPORT for multi-worker license.
[New Feature] HTTPS/QUIC handshake offloading.
[New Feature] TLSv1.3 certificate compression.
[New Feature] High Availability for Redis dynamic vhost setup.
[New Feature] Support for Google QUIC 046.
[New Feature] Experimental IETF QUIC draft-20.

RC3

[Major New Feature] Dynamic Virtual Host configuration through REDIS backend.
[Major Improvement] Greatly improved HTTP/2 performance -- up to 7x faster than previous implementations.
[Bug fix] Improved QUIC engine performance and stability.
[Bug fix] All bug fixes and enhancements on 5.3.x branch included.

RC2

[Major New Feature] Dynamic virtual hosting through rewrite rules.
[Improvement] Improved HTTP/2 performance.
[New Feature] QUIC proxy backend support for backend communication through QUIC.
[Bug fix] All applicable bug fixes from the 5.3 branch.
[Bug fix] Fixed a few server crash bugs.

RC1

[New Feature] Recaptcha verification for DDoS attack mitigation.
[New Feature] Support for Ruby/Python/Nodejs applications in native configuration.
[New Feature] Added Virtual Host level trusted IP control, managed through .htaccess.
[Major Improvement] Added LiteSpeed TLS Accelerator, maximizing HTTPS & HTTP/2 performance.
[Major Improvement] HTTP/2 performance has been improved with a better header compression/decompression work flow.
[Bug fix] All bug fixes from LSWS 5.3.5 incremental builds included.

Build 6

[Update] Updated cPanel/WHM plugins v1.2.3.2 and v3.3.3.4 respectively.
[Bug fix] Temporarily stop PHP processes with SIGKILL as a workaround for problems caused by clean shutdown logic added to PHP LiteSpeed SAPI v7.4.3.
[Bug fix] Added websocket proxy support for cPanel and webmail subdomains in addition to WHM subdomains.
[Bug fix] Fixed a QUIC engine bug and made QUIC more DoS attack resistant.

Build 5

[Bug Fix] Updated WHM plugin to v3.3.3.2 to fix a bug introduced in the previous version that caused most plugin actions to result in a PHP fatal error.
[Bug Fix] To avoid server crash, PCLMUL will be disabled in the zlib library if the server CPU does not support PCLMUL instructions.

Build 4

[New feature] Web Cache Manager CLI support for DirectAdmin.
[Bug fix] Fixed websocket proxy from https to ws:// backend; made WHM terminal work properly through proxy.
[Bug fix] Improved compatibility with Apache; "Require ip xxx" can bypass HTTP authentication.
[Bug fix] Added support for "AddEncoding br ..." to avoid double compression.
[Bug fix] Updated WebAdmin code to avoid some E_STRICT warnings.
[Bug fix] Fixed server PUSH parsing problem when 'Link' header contains multiple URLs.

Build 3

[Bug fix] Fixed an ACL bug occurring when environment variables are used in Allow/Deny configurations.
[Bug fix] Fixed a request parser bug which caused the server to crash when a partition holding a temp file is out of space.
[Bug fix] Fixed a cache engine bug that caused requests to certain URLs to hang.

Build 2

[Bug fix] Fixed a regression in PHP daemon mode that causes 503 errors.

Build 1

[Bug fix] Fixed an IP2Location configuration bug that could cause the server to crash during startup.
[Bug fix] Fixed a bug with nested ESI subrequests that caused random crashes.

Build 0

[Security] Added built-in filter to block attempts at hacking LiteMage with crafted ESI requests.
[New Feature] lscmctl script can now be used to install/uninstall the LiteSpeed Web Cache Manager user-end plugin for cPanel. 
[New Feature] Recommend a plugin or broadcast a message to all discovered WordPress installations with the dash notify feature, available in both the lscmctl script and WHM plugin.
[Improvement] Bundled WHM and user-end cPanel plugins have been updated to v3.3.1 and v1.2.0.2 respectively.
[Improvement] Support request header sizes of up to 64K.
[Improvement] Ignore <if> <else> <elseif> configuration contexts.
[Improvement] Added support for Apache configuration directive ""Require ip ..."".
[Improvement] Improved lsup.sh with stable release tier.
[Improvement] Improved rc-inst.sh to install systemd unit file for Plesk + Debain/Ubuntu.
[Improvement] Improved NodeJS application compatibility and mod_passenger configuration handling.
[Improvement] Added autoconfig for PHP 7.4.
[Improvement] Improved compatibility with LSAPI 7.3 .
[Improvement] Improved HPACK encoding performance.
[Improvement] Cache engine now updates ""X-LiteSpeed-Cache-Control max-age"" value based on actual expire time when a front-end lscache proxy exists. 
[Improvement] Improved compatibility with Apache mod_security on variables REQUEST_BODY, REQUEST_FILENAME and LAST_UPDATE_TIME.
[Improvement] Fixed PHP handler compatibility issues with Plesk's updated configuration template.
[Improvement] Improved WordPress brute force detection IP logging.
[Bug fix] Fixed an Apache SSL vhost SNI configuration bug.
[Bug fix] Fixed a QuicEngine bug that could cause broken responses.
[Bug fix] Fixed a cache + ESI engine bug that caused random server crashes.
[Bug fix] Fixed rewrite engine infinite loop when rewrite map file is stored in an NFS mount.
[Bug fix] Improved detached mode process manager to accurately stop detached processes when requested.
[Bug Fix] Added User-Agent and Referer headers to server pushed requests to avoid failing possible checks in a user's custom configuration.
[Bug Fix] Fixed FreeBSD 100% cpu usage for kqueue event loops when AIO logging is enabled.
[Bug Fix] Fixed an SSL OCSP stapling bug.
[Bug Fix] Fixed broken server restart when port offset had been set.
[Bug Fix] Fixed a memory leak in the GeoIP module.

Build 8

[Bug Fix] Fixed a cache + ESI bug that could cause random crashes.
[Bug Fix] Fixed a rewrite engine bug.
[Bug Fix] Fixed a memory leak in the GeoIP module.
[Bug Fix] Fixed a Plesk compatibility issue.

Build 7

[Improvement] Better WordPress brute force detection IP logging.
[Improvement] Allow request header sizes greater than 32K.
[Improvement] Added PID to error log messages for worker processes.
[Bug fix] Fixed a Ruby selector regression introduced in v5.3.7 build 3.
[Bug fix] Fixed an SSL OCSP stapling bug.
[Bug Fix] Fixed broken server restart when port offset had been set.

Build 6

[New Feature] Added the ability to install/uninstall the LiteSpeed Web Cache Manager user-end plugin for cPanel using the lscmctl script.
[Improvement] Fixed PHP handler compatibility issues with Plesk's updated configuration template.
[Improvement] Improved LSAPI compatibility with LSAPI 7.3 .
[Improvement] Improved HPACK encoding performance.
[Improvement] Cache engine now updates X-LiteSpeed-Cache-Control max-age value based on actual expire time when a front-end lscache proxy exists.
[Improvement] Natively configured detached PHP process groups are now gracefully restarted. 

Build 5

[New Feature] Recommend a plugin or broadcast a message to all discovered WordPress installations with the dash notify feature available in the lscmctl script and WHM plugin.
[Improvement] Ignore <if> <else> <elseif> configuration contexts.
[Improvement] Added autoconfig for PHP 7.4.
[Update] Updated WHM plugin to v3.3 and user-end cPanel plugin to v1.2.
[Bug Fix] ESI engine bug fix.
[Bug Fix] Fixed freeBSD 100% cpu usage for kqueue event loops.
[Bug Fix] Fixed a detached mode process manager bug that accidentally killed other lshttpd worker processes. 

Build 4

[Improvement] Improved lsup.sh with stable tier.
[Improvement] Improved NodeJS application compatibility and mod_passenger configuration handling.
[Bug Fix] Fixed a bug in detached mode process manager that failed to stop running processes under certain server environments.
[Bug Fix] Added User-Agent and Referer headers to server pushed requests to avoid failing possible checks in a user's custom configuration.
[Bug Fix] Implemented mod_security REQUEST_BODY as a dedicate variable.

Build 3

[Improvement] Improved rc-inst.sh to install systemd unit file for Plesk + Debain/Ubuntu.
[Bug fix] Fixed an ESI engine memory management bug that caused random server crashes.
[Bug fix] Fixed rewrite engine infinite loop when rewrite map file is stored in an NFS mount.

Build 2

[Bug Fix] Fixed a detached mode process manager bug introduced in build 1.

Build 1

[Security] Added built-in filter to block attempts to hack LitemMage with crafted ESI request.
[Bug Fix] Fixed a detached mode process manager bug made killing other unrelated processes possible.
[Bug Fix] Fixed an Apache SSL vhost SNI configuration bug.
[Bug Fix] Fixed a QuicEngine bug that could cause broken responses.

Build 0

[Security] Fixed a XSS vulnerability in directory auto index script.
[Improvement] Improved QUIC transport protocol performance and reliability.
[Improvement] Improved default configuration for servers with heavy disk I/O wait.
[Improvement] Made IP based SSL SNI configuration exactly match Apache's.
[Improvement] Made .rtreport symbolic links root owned to avoid LFD file warnings.
[Improvement] Improved ESI support for JSON responses.
[Improvement] Improved lsup.sh script to check build number against latest build.
[Update] Updated bundled WHM plugin to v3.2.0.3 and user-end cPanel plugin to v1.1.1.2 to address an integration issue with the recent LSCWP release.
[Bug Fix] Fixed a file descriptor leak in piped logger.
[Bug Fix] Fixed a bug that prevented changing the Cache-Control or Expire headers within PHP.
[Bug Fix] Fixed inaccurate real-time statistics.
[Bug Fix] Fixed a rewrite engine compatibility issue.
[Bug Fix] Fixed a regression in "Redirect" directive handling.
[Bug Fix] Fixed a QUIC engine bug when handling extra long response headers.
[Bug Fix] Fixed a regression that broke the "SetHandler" directive.
[Bug fix] Fixed a rewrite engine bug where target URLs containing "../" could cause problems.
[Bug fix] Fixed an external loop redirect detection bug.
[Bug Fix] Fixed a mod_security bug stopping response headers from being logged to the audit_log.
[Bug Fix] Fixed a mod_security engine bug that was mistakenly skipping some rules for POST requests.
[Bug Fix] Fixed an ESI engine bug that broke detection for looping includes, causing the server to run out of memory.
[Bug Fix] Increased logging for detach mode process manager. A forced lock release will now occur if a dead lock is detected when starting detach mode processes.
[Bug Fix] Fixed systemd unit file lshttpd.service by requiring network-online.target.
[Bug Fix] Allow xx.xx.xx.xx/32 as valid IP in ACL configuration.

Build 6

[Security] .rtreport no longer world readable.
[Improvement] Improved QUIC transport protocol performance and reliability.
[Improvement] Made IP based SSL SNI configuration exactly match Apache's.
[Improvement] Made .rtreport symbolic links root owned to avoid LFD file warnings.
[Bug Fix] Fixed inaccurate real-time statistics.

Build 5

[Update] Updated bundled WHM plugin to v3.2.0.3 and user-end cPanel plugin to v1.1.1.2.
[Improvement] Improved lsup.sh script to check build number against latest build.
[Bug Fix] Fixed systemd unit file lshttpd.service, by requiring network-online.target.
[Bug Fix] Allow xx.xx.xx.xx/32 as valid IP in ACL configuration.

Build 4

[Update] Updated bundled WHM plugin to v3.2.0.2 and user-end cPanel plugin to v1.1.1.1 to address an integration issue with the recent LSCWP v2.9.3.
[Bug Fix] Fixed a mod_security engine bug that was mistakenly skipping some rules for POST requests.
[Bug Fix] Fixed an ESI engine bug that broke detection for looping includes, causing the server to run out of memory.
[Bug Fix] Increased logging for detach mode process manager. A forced lock release will now occur if a dead lock is detected when starting detach mode processes.

Build 3

[Improvement] Improved ESI support for JSON responses.
[Bug fix] Fixed rewrite engine bug where target URLs containing "../" could cause problems.
[Bug fix] Fixed an external loop redirect detection bug.
[Bug Fix] Fixed a mod_security bug stopping response headers from being logged to the audit_log.

Build 2

[Bug Fix] Fixed a regression that broke the "SetHandler" directive.
[Bug Fix] OCSP cache directory now properly adjusted in chroot environments.

Build 1

[Improvement] Improved default configuration for servers with heavy disk I/O wait.
[Bug Fix] Fixed a rewrite engine compatibility issue.
[Bug Fix] Fixed a regression in "Redirect" directive handling.
[Bug Fix] Fixed a QUIC engine bug when handling extra long response headers.

Build 0

[New Feature] lscmctl script can now be used to set custom server and virtual host cache roots with the 'setcacheroot' command.
[Improvement] Added "ProxyPass"/"ProxyPassMatch" support for AJP backend.
[Improvement] Added support for "IP:port" in "X-Forwarded-For" header.
[Improvement] Reliably switch back to Apache in the case of a LiteSpeed licensing problem.
[Improvement] Added back support for SecFilterEngine and SecFilterScanPOST directives for backward compatibility.
[Update] Updated bundled WHM plugin to v3.2.0.1 and user-end cPanel plugin to v1.1.1. 
[Bug Fix] Fixed AddHandler directive behavior to be the same as AddType.
[Bug Fix] Fixed an OCSP stapling bug that caused Mozilla connection issues.
[Bug Fix] Stopped PHP from logging errors into the error log when stderr.log was disabled.
[Bug Fix] Fixed a SecRemoteRule handling bug.
[Bug Fix] Fixed a bug causing detached PHP processes to be stopped during graceful restarts, which may cause random 503 errors.
[Bug Fix] Fixed a bug in processing GeoIP2 mmdb database.
[Bug Fix] Fixed a bug introduced in v5.3.5 build 5 that broke cPanel/WHM's "redirect to closest matched domain" feature.
[Bug Fix] Fixed cPanel two factor authentication.
[Bug Fixes] Minor bug fixes involving Apache compatibility issues.

Build 9

[Bug Fix] Fixed a bug causing detached PHP processes to be stopped during graceful restarts.

Build 8

[Bug Fix] Fixed an OCSP response verification bug (introduced in the previous build) that caused crashing.
[Bugfix] Fixed a bug in processing GeoIP2 mmdb database. 
[Bugfix] Fixed a bug introduced in 5.3.5 build 5 that breaks cPanel/WHM redirect to closest matched domain feature.

Build 7

[Enhancement] Added extra validation on OCSP response to avoid outdated response for newly renewed certificate. 
[Integration] Made LSWS compatible with Apache configuration generated by cPanel v78.
[Bug Fix] Fixed AddHandler directive behavior to be the same as AddType.

Build 6

[New Feature] Added "ProxyPass"/"ProxyPassMatch" support for AJP backend.
[New Feature] Added support for "IP:port" in "X-Forwarded-For" header.
[Improvement] Detached PHP processes are now detected and restarted more reliably.
[Bug Fix] Applied a SecRemoteRules fix to avoid rule file corruption.
[Bug Fix] Fixed a bug that could cause a blank response body for pre-compressed content.

Build 5

[Update] Updated default welcome page content.
[Bug Fix] Fixed a SecRemoteRule handling bug.
[Bug Fix] Fixed a bug causing detached mode PHP processes to log PHP stderr messages to the server's error log file.
[Bug Fix] Fixed an awstats integration bug that broke dynamic page generation mode.
[Bug Fix] Fixed an infinite loop bug that occurred with badly configured contexts.

Build 4

[Improvement] Reliably switch back to Apache when there is a LiteSpeed licensing problem.
[Improvement] Added back support for SecFilterEngine and SecFilterScanPOST directives for backward compatibility.
[Bug Fix] Stopped PHP error logging into error log when stderr.log is disabled.

Build 3

[Bug Fix] Fixed a bug that causes excessive requests to OSCP responder.
[Bug Fix] Fixed a bug that failed to handle some types of Node.js selector configurations.
[Bug Fix] Fixed a bug that failed cPanel two factor authentication.
[Bug Fix] Fixed a bug in LiteMage combined subrequest handling.

Build 0

[Improvement] Improvements to HTTP/2, QUIC, and rewrite engine.
[Bug Fix] HTTP/2, QUIC, and rewrite engine bug fixes.
[Bug Fix] Fixed mod_security engine not handling skipAfter properly in the `SecAction` directive.
[Bug Fix] Fixed server failing to automatically fix cache directory permission problems.

Build 8

[Bug Fix] Fixed a rewrite engine bug introduced in 5.3.4 build 7, which could cause ERR_SPDY_PROTOCOL_ERROR and redirect problems.

Build 7

[Improvement] Improved mod_rewrite compatibility.
[Improvement] Improved QUIC engine by dynamically adjust batch size of outgoing packets.

Build 5

[Improvement] Improved PHP process abort feature to occur in a more timely manner.
[Bug Fix] Fixed an HTTP/2 engine bug that caused connections to reset under certain situations.

Build 4

[Improvement] Improved mod_security engine with UNIQUE_ID support.
[Update] Disabled 503 auto fix by default.
[Bug Fix] Fixed an SSL OCSP stapling bug.
[Bug Fix] Fixed memory and resource leaks.
[Bug Fix] Fixed incompatible behavior with Python selector support.
[Bug Fix] Fixed a license information display bug in WebAdmin Console.

Build 2

[Improvement] Improved compatibility for WebCache manager.
[Bug Fix] This build include a fix for gQUIC v044 support

Build 1

[Improvement] Improved NODEJS support.
[Improvement] Detect curl + HTTP/2 combination and disable HTTP/2 for future access.
[Update] Updated WHM plugin to v3.1.3.2 to address a compatibility issue with newer versions of the LSCWP plugin.
[Update] Updated cPanel user-end plugin to v1.0.2.1 to address a compatibility issue with newer versions of the LSCWP plugin.

Build 0

[MAJOR NEW FEATURE] Added support for Google QUIC v44. 
[NEW FEATURE] Improved Ruby/Python selector support and apply engine version changes on the fly.
[NEW FEATURE] Allow overriding external application environment at vhost level.
[NEW FEATURE] Log HTTP/2 in access log for HTTP/2 connection.
[NEW FEATURE] Auto detect and use cPanel signed certificate for WebAdmin.
[NEW FEATURE] Auto correct bad HTTPS proxy backend configured as HTTP.
[IMPROVEMENT] Improved compatibility with ColdFusion engine.
[UPDATE] Updated bundled WHM plugin to v3.1.3.1
[UPDATE] Updated bundled cPanel user-end plugin to v1.0.2.
[BUGFIX] Fixed mod_security engine compatibility issue with latest COMODO ruleset.
[BUGFIX] Added "Accept-Range: bytes" header back for static files.
[BUGFIX] Fixed bug in rewrite engine loop redirection detection.

Build 3

[Bug Fix]  Fixed a mod_security engine bug that caused incorrect behavior with the comodo ruleset.

Build 2

[Bug Fix] Made adjustments to PHP handler configuration to fix broken PHP selector.
[Bug Fix] Fixed a memory leak in HTTP/2.
[Bug Fix] Fixed a crash when parsing Apache configuration.

Build 0

[Bug Fix] Emergency release to ignore faulty rewrite rule introduced by cPanel
  • Admin
  • Last modified: 2020/09/18 15:41
  • by Lucas Rolff