Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
litespeed_wiki:changelog [2019/07/31 04:42] Lucas Rolff Update changelog |
litespeed_wiki:changelog [2019/10/20 18:26] Lucas Rolff 5.4.2 build 0 |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== LiteSpeed Web Server Changelog ====== | ====== LiteSpeed Web Server Changelog ====== | ||
+ | |||
+ | ===== Version 5.4.2 ===== | ||
+ | |||
+ | === Build 0 === | ||
+ | [New Feature] Updated QUIC implementation to support IETF HTTP/3 draft 23. | ||
+ | [New Feature] BBR congestion control for QUIC and HTTP/3. | ||
+ | [New Feature] "Require env XXXX" access control support. | ||
+ | [New Feature] User/Account level bandwidth throttling for Redis dynamic virtual hosting. | ||
+ | [Improvement] Further HTTPS SSL layer performance tuning. | ||
+ | [Improvement] Automatically restart running PHP processes when PHP binary changes are detected. | ||
+ | [Improvement] Automatically convert ea-phpXX handler configuration into a phpXX handler when an ea-php handler is not available. | ||
+ | [Improvement] Improved AIO access logging to minimize disk I/O. | ||
+ | [Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives. | ||
+ | [Improvement] Built-in error and reCAPTCHA verification pages are now responsive. | ||
+ | [Improvement] Remove '[' ']' enclosure for IPv6 addresses in the access log and request environment variable 'REMOTE_ADDR'. | ||
+ | [Improvement] Reduced memory usage to improve server scalability. | ||
+ | [Improvement] Improved accuracy of server real-time statistics. | ||
+ | [Improvement] Enable SSL SHM session cache for Apache HTTPS vhost when server level SSH session cache is enabled. | ||
+ | [Improvement] Disable TLSv1.0 by default for better PCI compliance. | ||
+ | [Improvement] Automatically disable HTTP/2, SPDY, and QUIC for CSF messenger vhosts on port 8887. | ||
+ | [Improvement] Added "SmartPush no-cookie" directive to disable cookies used for HTTP/2 and QUIC smart push. | ||
+ | [Improvement] Added `lsws/logs/critical_alert` log file for writing common license errors that could cause LSWS to stop working. | ||
+ | [Improvement] Improved compatibility with CloudLinux python selector. | ||
+ | [Improvement] Improved modsecurity engine compatibility. | ||
+ | [Improvement] Send "Alt-Svc" header advertising QUIC and HTTP/3 support only once per connection. | ||
+ | [Bug Fix] Fixed WordPress brute force protection bugs that were causing false positives and crashes. | ||
+ | [Bug Fix] Fixed a bug causing HTTP/2 requests to stall under rare conditions. | ||
+ | [Bug Fix] Fixed a bug causing broken non-keepalive HTTPS responses. | ||
+ | [Bug Fix] Fixed a Layer4 tunnel bug that caused random crashes. | ||
+ | [Bug Fix] Fixed Apache sometimes starting inside the lshttpd cgroup when switching from LSWS to Apache. | ||
+ | [Bug Fix] Fixed all LSPHP processes not being stopped when switching from LSWS to Apache. | ||
+ | [Bug Fix] Fixed an .htaccess cache bug that caused the server's default PHP handler to be used instead of configured per-vhost suEXEC handlers. | ||
+ | [Bug Fix] Per Apache vhost PHP 7.4 handler now runs in suEXEC mode. | ||
+ | |||
+ | ===== Version 5.4.1 ===== | ||
+ | |||
+ | === Build 8 === | ||
+ | [Improvement] Improved python application configuration to allow swapping applications on the same URL. | ||
+ | [Bug Fix] Disable CRIU feature to avoid server downtime after a recent CloudLinux CRIU library update began causing lscgid to crash. | ||
+ | [Bug Fix] Fixed a mod_security configuration bug that reordered some rules under certain conditions. | ||
+ | [Bug Fix] Fixed a systemd warning under Plesk 18.0. | ||
+ | |||
+ | === Build 7 === | ||
+ | [Improvement] Automatically disable HTTP/2, SPDY, and QUIC for CSF messenger vhost on port 8887. | ||
+ | [Improvement] Added "SmartPush no-cookie" directive to disable cookies used for HTTP/2 and QUIC smart push. | ||
+ | [Improvement] Added `lsws/logs/critical_alert` log file for writing common licensing problems that could cause LSWS to stop working. | ||
+ | [Bug Fix] Fixed a compatibility issue with CloudLinux python selector. | ||
+ | |||
+ | === Build 6 === | ||
+ | [Bug Fix] Fixed a bug introduced in build 5 that caused the server to crash when "require env xxxx" was used. | ||
+ | [Bug Fix] Fixed QUIC support for FreeBSD. | ||
+ | [Bug Fix] Changed "Accept-Encoding" value to be case insensitive. | ||
+ | [Improvement] Use 'pkill' instead of 'killall' in various scripts to minimize dependencies on installed system packages. | ||
+ | [Improvement] Update "Alt-Svc" string for gQUIC advertising. | ||
+ | |||
+ | === Build 5 === | ||
+ | [FEATURE] Enable SSL SHM session cache for Apache HTTPS vhost when server level SSH session cache is enabled. | ||
+ | [FEATURE] Added support for "Require env XXXX" access control. | ||
+ | [TUNING] Disable TLSv1.0 by default for better PCI compliance. | ||
+ | [BUGFIX] Make statistics more accurate for requests processed . | ||
+ | [BUGFIX] Fixed a minor regression in 5.4 that performs redirect before rewrite when URL without a trailing slash pointing to a directory. | ||
+ | |||
+ | === Build 4 === | ||
+ | [Improvement] Automatically restart running PHP processes after detecting PHP binary updates. | ||
+ | [Improvement] Automatically converted ea-phpXX handler configuration to phpXX handler when ea-php handler is not available. | ||
+ | [Improvement] Improved AIO access logging to minimize disk I/O. | ||
+ | [Bug Fix] Close unused REUSEPORT socket. | ||
+ | [Bug Fix] Make "requests processed" counter more accurate in real-time report. | ||
+ | [Bug Fix] Make per Apache vhost PHP 7.4 handler run in suEXEC mode. | ||
+ | [Bug Fix] Fixed a bug reading CGI 'umask' configuration as an octal number. | ||
+ | |||
+ | === Build 3 === | ||
+ | [Bug Fix] Fixed a .htaccess cache bug that caused the server's default PHP handler to be used instead of per-vhost suEXEC handlers. | ||
+ | [Bug Fix] Fixed a WP brute force protection bug that occasionally caused 100% CPU usage. | ||
+ | [Bug Fix] Fixed a divide by zero bug that was causing server crashes. | ||
+ | [Bug Fix] Fixed a mod_security engine bug where `@geolookup` would not work properly with new MaxMind DB files. | ||
+ | [Tuning] Reduced Brotli compression memory usage. | ||
+ | [Tuning] Allow mapping www.TLD.com and TLD.com to different native virtual hosts. | ||
+ | |||
+ | === Build 2 === | ||
+ | |||
+ | [New Feature] Added an option to allow generation of full real time status report, including idle virtual host and external app stats. | ||
+ | [Bug Fix] Fixed an RBL compatibility issue with modsecurity rules from Imunify360. | ||
+ | [Bug Fix] Fixed a Layer4 tunnel bug that caused random crashes. | ||
+ | [Bug Fix] Fixed Apache sometimes starting inside the lshttpd cgroup when switching from LSWS to Apache. | ||
+ | [Bug Fix] Fixed all LSPHP processes not being stopped when switching from LSWS to Apache. | ||
+ | [Bug Fix] Fixed a QuicEngine bug that sometimes caused a server crash. | ||
+ | |||
+ | === Build 1 === | ||
+ | |||
+ | [Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives. | ||
+ | [Improvement] Make built-in error and reCAPTCHA verification pages responsive. | ||
+ | [Improvement] Remove '[' ']' enclosure for IPv6 addresses in the access log and request environment variable REMOTE_ADDR. | ||
+ | [Bug Fix] Fixed a bug that caused HTTP/2 requests to stall under rare conditions. | ||
+ | [Bug Fix] Fixed a bug that caused broken non-keepalive HTTPS responses. | ||
+ | [Bug Fix] Fixed a bug that caused WordPress brute force protection false positive. | ||
+ | |||
+ | === Build 0 === | ||
+ | |||
+ | [Security] Addressed recent HTTP/2 DoS advisories (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md). Fixed CVE-2019-9516 ""0-Length Headers Leak"" vulnerability. Completely blocks unaffected attacks: CVE-2019-9511 ""Data Dribble"", CVE-2019-9512 ""Ping Flood"", CVE-2019-9513 ""Resource Loop"", CVE-2019-9514 ""Reset Flood"", CVE-2019-9515 ""Settings Flood"", CVE-2019-9517 ""Internal Data Buffering"", and CVE-2019-9518 ""Empty Frames Flood"". | ||
+ | [New Feature] Updated HTTP/3 support to Internet Draft 22. | ||
+ | [New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly. | ||
+ | [Improvement] reCAPTCHA engine has been improved to reduce false positives. | ||
+ | [Bug fix] Fixed a chunk encoding bug that could cause data corruption. | ||
+ | [Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services. | ||
+ | [Bug Fix] Fixed a regression that prevented Apache vhosts from using PHP daemon mode. | ||
+ | [Bug Fix] Fixed a cache engine bug that failed to forward the `X-Litespeed-purge2` response header to front-end ADC cache engines. | ||
+ | [Bug Fix] Fixed a bug that causes Python WSGI applications to fork child processes frequently. | ||
===== Version 5.4 ===== | ===== Version 5.4 ===== | ||
+ | |||
+ | === Build 3 === | ||
+ | |||
+ | [Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services. | ||
+ | |||
+ | === Build 2 === | ||
+ | |||
+ | [New Feature] Updated HTTP/3 support to Internet Draft 22 . | ||
+ | [New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly. | ||
+ | [Improvement] Re-enabled PHP graceful shutdown now that the PHP LiteSpeed SAPI 7.5 package is ready. | ||
+ | [Improvement] Tuned reCAPTCHA verification to avoid requesting verification on image/css/js files. | ||
+ | [Bug Fix] Minor bug fixes for 404 logging and some rare crashes. | ||
=== Build 1 === | === Build 1 === | ||
Line 19: | Line 139: | ||
[New Feature] Added support for Q046 in QUIC engine. | [New Feature] Added support for Q046 in QUIC engine. | ||
[New Feature] HTTPS accelerator with direct dynamic TLS record packaging, improving both HTTPS throughput and TTFB without compromise. | [New Feature] HTTPS accelerator with direct dynamic TLS record packaging, improving both HTTPS throughput and TTFB without compromise. | ||
- | [New Feature] HTTPS handshake offloading, improving HTTPS handshake speed and avoiding clogging the server's main event loop. | + | [New Feature] HTTPS handshake offloading, improving HTTPS handshake speed and avoiding clogging the server's main event loop. (No extra configuration required) |
[New Feature] SO_REUSEPORT support, improving multi-worker scalability for high traffic deployments. | [New Feature] SO_REUSEPORT support, improving multi-worker scalability for high traffic deployments. | ||
[New Feature] HTTPS certificate compression, reducing the size of HTTPS handshake exchange data. | [New Feature] HTTPS certificate compression, reducing the size of HTTPS handshake exchange data. |