Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
litespeed_wiki:changelog [2019/12/11 11:53] Lucas Rolff 5.4.3 build 0 |
litespeed_wiki:changelog [2020/08/12 13:43] Lucas Rolff 5.4.8 build 5 |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== LiteSpeed Web Server Changelog ====== | ====== LiteSpeed Web Server Changelog ====== | ||
+ | |||
+ | ===== Version 6.0 ===== | ||
+ | |||
+ | === RC1 === | ||
+ | |||
+ | [Major New Feature] Apache 2.4 conditional context <If> <Ifelse> <Else> support. | ||
+ | [Major New Feature] Asynchronous mod_security engine. | ||
+ | [Major New Feature] Bubblewrap isolated CGI/PHP execution environments. | ||
+ | [New Feature] HTTP/3 draft 29 support. | ||
+ | [Major Enhancement] HTTP/2 has gone through a major rewrite with more efficient header handling. | ||
+ | [Enhancement] Added ModSecurity JSON audit log. | ||
+ | |||
+ | ===== Version 5.4.8 ===== | ||
+ | |||
+ | === Build 5 === | ||
+ | |||
+ | [Bug fix] Properly pass CHUNK encoded request body to script handler to address random file upload failure. | ||
+ | [Bug fix] Addressed graceful restart failure when the server has many IPs in use and is forced to create listeners for individual IP. | ||
+ | |||
+ | === Build 4 === | ||
+ | |||
+ | [New Feature] Control whether to wait for the full request body or not before passing requests to the request handler with new environment variable "wait-req-full-body". (Waiting allows the request handler to see the full request body immediately) | ||
+ | [Tuning] Increase reCAPTCHA verified status timeout from 1-hour to 1-day. | ||
+ | [Tuning] Increase .htaccess processing time limit from 500ms to 2.5sec to allow for the processing of larger .htaccess files. | ||
+ | |||
+ | === Build 3 === | ||
+ | |||
+ | [Bug Fix] LiteMage cache object count is now more accurate. | ||
+ | [Bug Fix] Address a few compatibility issues with Plesk admin console proxy through regular HTTPS access. | ||
+ | [Bug Fix] Cache statistics access through IPv6. | ||
+ | [Improvement] Protect WebAdmin listener port from duplicate regular listener configuration. | ||
+ | [Improvement] Add Plesk git integration support. | ||
+ | |||
+ | === Build 2 === | ||
+ | |||
+ | [Bug Fix] Address 404 error for reCAPTCHA verification. | ||
+ | [Bug Fix] 'SetEnv' directive is now properly applied inside <Files> or <FilesMatch> contexts. | ||
+ | |||
+ | === Build 1 === | ||
+ | |||
+ | [Bug Fix] Correct DirectAdmin PHP handler detection when "DirectAdmin" panel is selected under "PHP" config tab. | ||
+ | [Bug Fix] WebSocket ProxyPass configuration now works correctly inside the <Location> context. | ||
+ | [Bug Fix] Match Apache's Redirect behavior by discarding original query string if target URL has query string set. | ||
+ | |||
+ | === Build 0 === | ||
+ | |||
+ | [New Feature] Add the ability to load an extra ECC certificate for an Apache virtual host when multi-cert support is enabled. | ||
+ | [New Feature] Apply header modification configurations in .htaccess to dynamic responses for CloudLinux Python/Ruby/NodeJS selector application. | ||
+ | [New Feature] Update client IP using request header "X-Real-IP". | ||
+ | [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB. | ||
+ | [Security] Block 'LD_*' environment variable overriding from .htaccess. | ||
+ | [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0. | ||
+ | [Improvement] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain. | ||
+ | [Improvement] Update WHM plugin to v4.0 (drops support for EasyApache 3). | ||
+ | [Improvement] Make reCAPATCHA compatible with WordPress password protected pages. | ||
+ | [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser. | ||
+ | [Bug Fix] Correct Magento LiteMage2 cache object statistics. | ||
+ | [Bug Fix] Address an AJPv13 hanging bug. | ||
+ | [Bug Fix] Enabling bandwidth throttling no longer causes rare HTTP/2 response hangs. | ||
+ | [Bug Fix] Properly apply UMASK configuration for external applications. | ||
+ | [Bug Fix] Fix a problem with Plesk log rotation when LSWS overrode Apache's rc script with a symbolic link. | ||
+ | [Bug Fix] NodeJS default being not properly set in httpd_config.xml no longer causes crashing. | ||
+ | [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache. | ||
+ | |||
+ | ===== Version 5.4.7 ===== | ||
+ | |||
+ | === Build 9 === | ||
+ | |||
+ | [Bug Fix] Correct a SHM memory allocation issue. | ||
+ | [Bug Fix] Address a URL handling regression introduced in build 7 that affected NextCloud WebDAV clients. | ||
+ | |||
+ | === Build 8 === | ||
+ | |||
+ | [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB. | ||
+ | [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache. | ||
+ | [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser. | ||
+ | [Bug Fix] Correct a crash bug in cache engine. | ||
+ | [Tuning] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain. | ||
+ | |||
+ | === Build 7 === | ||
+ | |||
+ | [New Feature] For CloudLinux Python/Ruby/NodeJS selector application, applies header modification configuration in .htaccess to dynamic response. | ||
+ | [Bug Fix] A mod_security engine bug that causes random crash. | ||
+ | [Bug Fix] A bug in access log format validation. | ||
+ | |||
+ | === Build 6 === | ||
+ | |||
+ | [Bug Fix] Fixed Plesk log rotation issue when LSWS override Apache rc script with symbolic link. | ||
+ | [Bug Fix] Fixed a crash when NodeJS default was not properly set in httpd_config.xml. | ||
+ | |||
+ | === Build 5 === | ||
+ | |||
+ | [Security] Blocks overriding LD_PRELOAD environment variable from .htaccess. | ||
+ | [Bug Fix] Fixed a corner case that causes hanging HTTP/2 response when bandwidth throttling is enabled. | ||
+ | [Bug Fix] Properly apply UMASK configuration for external application. | ||
+ | |||
+ | === Build 4 === | ||
+ | |||
+ | [New Feature] Added the ability to load extra ECC certificate for Apache virtual host when multi-cert support is enabled. | ||
+ | [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0. | ||
+ | [Tuning] Disable cache if a request is blocked by mod_security. | ||
+ | [Bug Fix] Minor bug fixes in cache engine. | ||
+ | [Bug Fix] Minor bug fix in mod_security engine. | ||
+ | |||
+ | === Build 3 === | ||
+ | |||
+ | [Bug Fix] Fixed an HTTP/2 protocol bug encountered when a PHP page failed without sending back a response header. | ||
+ | [Bug Fix] Fixed an internal memory management bug that caused random crashing. | ||
+ | |||
+ | === Build 2 === | ||
+ | |||
+ | [Bug Fix] Fixed an AJPv13 protocol bug that caused requests containing a request body to hang. | ||
+ | [Tuning] Improved reCAPATCHA verification to make it compatible with WordPress password protected pages. | ||
+ | |||
+ | === Build 0 === | ||
+ | |||
+ | [Security] Fixed a symbolic link attack in directory auto index script. Thank you KnownHost for the bug report. (CloudLinux user is not affected.) | ||
+ | [New Feature] Added strict suEXEC and ownership checking on scripts. | ||
+ | [New Feature] Added ability to configure static/dynamic request per second limit for Apache ghost. | ||
+ | [Bug Fix] Fixed reCAPTCHA triggering for the first access of an allowed robot. | ||
+ | [Bug Fix] Added "Cache-Control: no-cache" to reCAPTCHA verification page to disallow CDN/proxy cache. | ||
+ | [Bug fix] Fixed delayed .htaccess loading. | ||
+ | [Bug fix] Fixed a delayed server response bug with HTTP/2. | ||
+ | [Bug fix] Fixed a NodeJS websocket backend configuration bug. | ||
+ | [Bug fix] Shared lib for lscmctl script is now updated on server install/update. | ||
+ | [Tuning] Prevent ports 443 and 80 from being used as WebAdmin listener port. | ||
+ | [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable. | ||
+ | [Tuning] Automatically update /proc/sys/net/core/somaxconn to 1024 whenever server performs a fresh startup. | ||
+ | [Tuning] Added after=lve_namespaces.service to systemd unit file. | ||
+ | |||
+ | ===== Version 5.4.6 ===== | ||
+ | |||
+ | === Build 5 === | ||
+ | [Bug Fix] Fixed a bug that reCAPTCHA was shown for the first access of an allowed robot. | ||
+ | [Bug Fix] Added "Cache-Control: no-cache" for reCAPTCHA verify page to disallow CDN/proxy cache. | ||
+ | |||
+ | === Build 4 === | ||
+ | |||
+ | [Bug Fix] Minimize interference with mandatory rewrite processing when bypassing favicon URL rewrite. | ||
+ | [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable. | ||
+ | |||
+ | === Build 3 === | ||
+ | |||
+ | [Bug Fix] Use request header value for RBL lookups. | ||
+ | [Bug Fix] Fixed a configuration parser crash. | ||
+ | [Bug Fix] Fixed HTTP/3 ALPN string to properly advertise h3-27. | ||
+ | [Tuning] Automatically update /proc/sys/net/core/somaxconn to 1024, when server performs a fresh startup. | ||
+ | [Tuning] Avoid adjusting external application process priority based on server's priority. | ||
+ | |||
+ | === Build 2 === | ||
+ | |||
+ | [New Feature] Added strict suEXEC and ownership checks for scripts. | ||
+ | [New Feature] Added ability to configure static/dynamic request per second limit for Apache vhost. | ||
+ | [Tuning] Added after=lve_namespaces.service to systemd unit file. | ||
+ | [Bug Fix] Fixed a bug when switching vhost log file. | ||
+ | [Bug Fix] Fixed an HTTP/3 timestamp/ACK ping-pong bug. | ||
+ | [Bug Fix] Fixed a bug causing extra delay when response has content length = 0. | ||
+ | |||
+ | === Build 1 === | ||
+ | |||
+ | [Bug fix] Fixed a bug causing delayed .htaccess loading. | ||
+ | [Bug fix] Fixed an HTTP/2 bug that sometimes delayed server response. | ||
+ | [Bug fix] Fixed a bug in NodeJS websocket backend configuration. | ||
+ | [Bug fix] Shared lib for lscmctl is now updated on server install/update. | ||
+ | [Tuning] Prevent ports 443 and 80 for use as a WebAdmin listener. | ||
+ | |||
+ | === Build 0 === | ||
+ | |||
+ | [New Feature] Updated HTTP/3 support to include h3-27. | ||
+ | [Bug Fix] Fixed a bug that caused ProxyPass ws:// target to stop working for certain configuration combination. | ||
+ | [Bug Fix] Fixed a bug in HTTP/2 handling mismatched response content-length and actual reponse body size. | ||
+ | [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk. | ||
+ | [Bug Fix] Fixed a regression that broke /tmp/lshttpd/swap auto cleanup. | ||
+ | [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule. | ||
+ | [Bug Fix] Fixed a crash in ModSecurity using libinjection. | ||
+ | [Tuning] Set mod_security RBL DNS cache to 60 seconds. | ||
+ | [Tuning] Disable TLSv1.1 by default. | ||
+ | [Tuning] Enable SSL session tickets by default. | ||
+ | [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically. | ||
+ | |||
+ | ===== Version 5.4.5 ===== | ||
+ | |||
+ | === Build 3 === | ||
+ | |||
+ | [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk. | ||
+ | [Bug Fix] Fixed a regression that broke /tmp/lshttpd/swap auto cleanup. | ||
+ | [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule. | ||
+ | [Bug Fix] Fixed a crash in ModSecurity using libinjection. | ||
+ | [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically. | ||
+ | |||
+ | === Build 2 === | ||
+ | |||
+ | [Bug Fix] Minor ModSecurity compatibility fixes. | ||
+ | [Bug Fix] Prevent WebAdmin Console 503 error on centos8 by installing libnsl package automatically. | ||
+ | [Bug Fix] Minor bug fixes in HTTP/3 (QUIC) engine. | ||
+ | [Tuning] Added add "SameSite=Strict" attribute to ls_smartpush cookie. | ||
+ | [Tuning] Update cp_switch_ws.sh script to work independently of any installed control panel plugins. | ||
+ | [Bug Fix] Update uninstall.sh script to work properly when a control panel plugin is not installed. | ||
+ | [Tuning] Downgraded some modsec log messages from "error" to "warning". | ||
+ | [Bug Fix] Fixed a rewrite engine compatibility regression introduced in v5.4.4. | ||
+ | |||
+ | === Build 1 === | ||
+ | |||
+ | [Bug Fix] mod_security @validateUrlEncoding operator has been turned off to avoid unnecessary false positives. | ||
+ | [Bug Fix] Fixed a cache engine bug that broke the "Respect Cacheable" feature. | ||
+ | [Bug Fix] Fixed a crash bug when detecting server startup time. | ||
+ | [Tuning] Made HTML pages generated by the auto index script responsive. | ||
+ | [Tuning] Hid confusing required/restricted permission mask configurations in WebAdmin Console. | ||
+ | |||
+ | === Build 0 === | ||
+ | |||
+ | [New Feature] Added support for IETF HTTP/3 draft 25 (h3-25). | ||
+ | [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database. | ||
+ | [New Feature] Added full Captcha protection for WordPress login page. | ||
+ | [New Feature] Optionally skip rewrite processing for Let's Encrypt verification requests. | ||
+ | [New Feature] Automatically patch Set-Cookie with 'secure' flag when served over HTTPS. | ||
+ | [Improvement] Added 'cssDecode' and 'utf8toUnicode' transformations to ModSecurity engine. | ||
+ | [Improvement] Added support for 'REQUEST_SCHEME' request variable. | ||
+ | [Improvement] Added '-vb' command line option to print out version and build number. | ||
+ | [Update] Updated WHM plugin to v3.3.7. | ||
+ | [Bug Fix] Fixed websockets hanging on upgrade. | ||
+ | [Bug Fix] Fixed a WebAdmin Console socket address validation bug. | ||
+ | [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/Ruby/NodeJS applications. | ||
+ | [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive. | ||
+ | [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths. | ||
+ | [Bug Fix] External application process startup time is now reliably detected. | ||
+ | [Bug Fix] Fixed a minor regression with AHO string search. | ||
+ | [Bug Fix] Fixed a bug using wrong log ID in error log. | ||
+ | |||
+ | ===== Version 5.4.4 ===== | ||
+ | |||
+ | === Build 8 === | ||
+ | |||
+ | [Bug Fix] In cPanel environment, disable rewrite bypass for Let's Encrypt verification requests if dedicate rewrite rule for 'acme-challenge' detected. | ||
+ | |||
+ | === Build 7 === | ||
+ | |||
+ | [Bug Fix] Fixed a random crash that occurred during SSL handshakes. | ||
+ | [Bug Fix] Fixed a bug that rarely cased CPU usage to climb to 99% when shutting down SSL connections. | ||
+ | |||
+ | === Build 6 === | ||
+ | |||
+ | [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths. | ||
+ | [Bug Fix] Fixed a random reCAPTCHA verification failure with status code 500. | ||
+ | [Bug Fix] External application process startup time is now reliably detected. | ||
+ | [Bug Fix] Fixed a minor regression with AHO string search. | ||
+ | |||
+ | === Build 5 === | ||
+ | |||
+ | [New Feature] Automatically patch Set-Cookie with 'secure' flag when served over HTTPS. | ||
+ | [Bug Fix] Fixed a regression in Python/Ruby/NodeJS application 'tmp/restart.txt' marker file handling. | ||
+ | [Bug Fix] Fixed a WebAdmin Console socket address validation bug. | ||
+ | [Bug Fix] Fixed a corner case to load trusted IP configured in document root .htaccess before reCAPTCHA verification. | ||
+ | |||
+ | === Build 4 === | ||
+ | |||
+ | [New Feature] Skip rewrite processing for Let's Encrypt verification requests. | ||
+ | [Bug Fix] Fixed websockets hanging on upgrade. | ||
+ | [Bug Fix] Fixed a WebAdmin Console socket address validation bug. | ||
+ | [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/Ruby/NodeJS applications. | ||
+ | [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive. | ||
+ | |||
+ | === Build 3 === | ||
+ | |||
+ | [New Feature] Added full Captcha protection for WordPress login page. | ||
+ | [Bug Fix] Fixed a connection hang regression introduced in v5.4.4 build 2. | ||
+ | |||
+ | === Build 2 === | ||
+ | |||
+ | [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database. | ||
+ | [Bug Fix] Minor bug fixes to ModSecurity engine. | ||
+ | |||
+ | === Build 1 === | ||
+ | |||
+ | [Improvement] Fine tuned HTTP/3 and QUIC engine performance. | ||
+ | [Improvement] Added 'cssDecode' and 'utf8toUnicode' transformations to ModSecurity engine. | ||
+ | [Improvement] Added 'ctl:debugLogLevel' support to ModSecurity engine. | ||
+ | [Improvement] Added support for 'REQUEST_SCHEME' request variable. | ||
+ | [Improvement] Added '-vb' command line option to print out version and build number. | ||
+ | [Update] Updated WHM plugin to v3.3.6. | ||
+ | [Bug Fix] Minor bug fixes in ModSecurity engine. | ||
+ | |||
+ | === Build 0 === | ||
+ | |||
+ | [New Feature] Added support for Google QUIC Q050. | ||
+ | [Security] Improved WebAdmin Console security by strictly checking request URLs. | ||
+ | [Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled. | ||
+ | [Bug Fix] Fixed an ESI/Litemage output corruption bug. | ||
+ | [Bug Fix] Fixed a bug in AIO logging that caused the access log to stop working. | ||
+ | [Bug Fix] Fixed a bug causing 100% CPU usage for FreeBSD. | ||
+ | [Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/tmp/lshttpd". | ||
+ | [Bug Fix] Fixed a crash caused by memory mapped files being truncated. | ||
===== Version 5.4.3 ===== | ===== Version 5.4.3 ===== | ||
+ | |||
+ | === Build 5 === | ||
+ | |||
+ | [Bug Fix] Fixed a regression for mod_security request parser introduced in 5.4.3 build 4. | ||
+ | [Bug Fix] Fixed a crash due to memory mapped file being truncated. | ||
+ | |||
+ | === Build 4 === | ||
+ | |||
+ | [Security] Improved WebAdmin console security by strictly checking request URL. | ||
+ | [Bug Fix] Fixed a regression for FastCGI protocol support, introduced in 5.4.3 build 0. | ||
+ | [Bug Fix] There are minor bug fixes for mod_security engine. | ||
+ | |||
+ | === Build 3 === | ||
+ | |||
+ | [Bug Fix] Fixed a mutex dead-lock regression introduced in build 2 for AIO logging. | ||
+ | |||
+ | === Build 2 === | ||
+ | |||
+ | [Bug Fix] Fixed a bug in AIO logging that caused access log stop working. | ||
+ | [Bug Fix] Fixed a bug caused 100% CPU usage for FreeBSD. | ||
+ | [Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/tmp/lshttpd". | ||
+ | |||
+ | === Build 1 === | ||
+ | |||
+ | [Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled. | ||
+ | [Bug Fix] Fixed an ESI/Litemage output corruption bug. | ||
+ | [Tuning] Fine tuned keepalive timeout for detached PHP processes to reduce the number of idle PHP processes. | ||
=== Build 0 === | === Build 0 === |