Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
litespeed_wiki:changelog [2019/08/08 14:30] Lucas Rolff Add no configuration required |
litespeed_wiki:changelog [2019/08/21 14:10] Lucas Rolff 5.4.1 Build 1 |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== LiteSpeed Web Server Changelog ====== | ====== LiteSpeed Web Server Changelog ====== | ||
+ | |||
+ | ===== Version 5.4.1 ===== | ||
+ | |||
+ | === Build 1 === | ||
+ | |||
+ | [Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives. | ||
+ | [Improvement] Make built-in error and reCAPTCHA verification pages responsive. | ||
+ | [Improvement] Remove '[' ']' enclosure for IPv6 addresses in the access log and request environment variable REMOTE_ADDR. | ||
+ | [Bug Fix] Fixed a bug that caused HTTP/2 requests to stall under rare conditions. | ||
+ | [Bug Fix] Fixed a bug that caused broken non-keepalive HTTPS responses. | ||
+ | [Bug Fix] Fixed a bug that caused WordPress brute force protection false positive. | ||
+ | |||
+ | === Build 0 === | ||
+ | |||
+ | [Security] Addressed recent HTTP/2 DoS advisories (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md). Fixed CVE-2019-9516 ""0-Length Headers Leak"" vulnerability. Completely blocks unaffected attacks: CVE-2019-9511 ""Data Dribble"", CVE-2019-9512 ""Ping Flood"", CVE-2019-9513 ""Resource Loop"", CVE-2019-9514 ""Reset Flood"", CVE-2019-9515 ""Settings Flood"", CVE-2019-9517 ""Internal Data Buffering"", and CVE-2019-9518 ""Empty Frames Flood"". | ||
+ | [New Feature] Updated HTTP/3 support to Internet Draft 22. | ||
+ | [New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly. | ||
+ | [Improvement] reCAPTCHA engine has been improved to reduce false positives. | ||
+ | [Bug fix] Fixed a chunk encoding bug that could cause data corruption. | ||
+ | [Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services. | ||
+ | [Bug Fix] Fixed a regression that prevented Apache vhosts from using PHP daemon mode. | ||
+ | [Bug Fix] Fixed a cache engine bug that failed to forward the `X-Litespeed-purge2` response header to front-end ADC cache engines. | ||
+ | [Bug Fix] Fixed a bug that causes Python WSGI applications to fork child processes frequently. | ||
===== Version 5.4 ===== | ===== Version 5.4 ===== |