Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:changelog [2019/08/08 14:30] Lucas Rolff 5.4 build 3 |
litespeed_wiki:changelog [2019/08/21 14:10] Lucas Rolff 5.4.1 Build 1 |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== LiteSpeed Web Server Changelog ====== | ====== LiteSpeed Web Server Changelog ====== | ||
| + | |||
| + | ===== Version 5.4.1 ===== | ||
| + | |||
| + | === Build 1 === | ||
| + | |||
| + | [Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives. | ||
| + | [Improvement] Make built-in error and reCAPTCHA verification pages responsive. | ||
| + | [Improvement] Remove '[' ']' enclosure for IPv6 addresses in the access log and request environment variable REMOTE_ADDR. | ||
| + | [Bug Fix] Fixed a bug that caused HTTP/2 requests to stall under rare conditions. | ||
| + | [Bug Fix] Fixed a bug that caused broken non-keepalive HTTPS responses. | ||
| + | [Bug Fix] Fixed a bug that caused WordPress brute force protection false positive. | ||
| + | |||
| + | === Build 0 === | ||
| + | |||
| + | [Security] Addressed recent HTTP/2 DoS advisories (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md). Fixed CVE-2019-9516 ""0-Length Headers Leak"" vulnerability. Completely blocks unaffected attacks: CVE-2019-9511 ""Data Dribble"", CVE-2019-9512 ""Ping Flood"", CVE-2019-9513 ""Resource Loop"", CVE-2019-9514 ""Reset Flood"", CVE-2019-9515 ""Settings Flood"", CVE-2019-9517 ""Internal Data Buffering"", and CVE-2019-9518 ""Empty Frames Flood"". | ||
| + | [New Feature] Updated HTTP/3 support to Internet Draft 22. | ||
| + | [New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly. | ||
| + | [Improvement] reCAPTCHA engine has been improved to reduce false positives. | ||
| + | [Bug fix] Fixed a chunk encoding bug that could cause data corruption. | ||
| + | [Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services. | ||
| + | [Bug Fix] Fixed a regression that prevented Apache vhosts from using PHP daemon mode. | ||
| + | [Bug Fix] Fixed a cache engine bug that failed to forward the `X-Litespeed-purge2` response header to front-end ADC cache engines. | ||
| + | [Bug Fix] Fixed a bug that causes Python WSGI applications to fork child processes frequently. | ||
| ===== Version 5.4 ===== | ===== Version 5.4 ===== | ||
| Line 31: | Line 54: | ||
| [New Feature] Added support for Q046 in QUIC engine. | [New Feature] Added support for Q046 in QUIC engine. | ||
| [New Feature] HTTPS accelerator with direct dynamic TLS record packaging, improving both HTTPS throughput and TTFB without compromise. | [New Feature] HTTPS accelerator with direct dynamic TLS record packaging, improving both HTTPS throughput and TTFB without compromise. | ||
| - | [New Feature] HTTPS handshake offloading, improving HTTPS handshake speed and avoiding clogging the server's main event loop. | + | [New Feature] HTTPS handshake offloading, improving HTTPS handshake speed and avoiding clogging the server's main event loop. (No extra configuration required) |
| [New Feature] SO_REUSEPORT support, improving multi-worker scalability for high traffic deployments. | [New Feature] SO_REUSEPORT support, improving multi-worker scalability for high traffic deployments. | ||
| [New Feature] HTTPS certificate compression, reducing the size of HTTPS handshake exchange data. | [New Feature] HTTPS certificate compression, reducing the size of HTTPS handshake exchange data. | ||