Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:changelog [2019/12/11 11:53] Lucas Rolff 5.4.3 build 0 |
litespeed_wiki:changelog [2020/09/18 15:41] Lucas Rolff version 4.4.9 |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== LiteSpeed Web Server Changelog ====== | ====== LiteSpeed Web Server Changelog ====== | ||
| + | |||
| + | ===== Version 6.0 ===== | ||
| + | |||
| + | === RC1 === | ||
| + | |||
| + | [Major New Feature] Apache 2.4 conditional context <If> <Ifelse> <Else> support. | ||
| + | [Major New Feature] Asynchronous mod_security engine. | ||
| + | [Major New Feature] Bubblewrap isolated CGI/PHP execution environments. | ||
| + | [New Feature] HTTP/3 draft 29 support. | ||
| + | [Major Enhancement] HTTP/2 has gone through a major rewrite with more efficient header handling. | ||
| + | [Enhancement] Added ModSecurity JSON audit log. | ||
| + | |||
| + | ===== Version 5.4.9 ===== | ||
| + | |||
| + | === Build 3 === | ||
| + | |||
| + | [New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance. | ||
| + | [New Feature] Update cPanel plugin to automatically apply new ECC certificates generated through the plugin. | ||
| + | [Bug Fix] Normalize IPv6 address to properly reuse existing listener sockets. | ||
| + | [Bug Fix] Close down HTTP3/QUIC streams reset by peer in timely manner. | ||
| + | |||
| + | === Build 2 === | ||
| + | |||
| + | [New Feature] New ForceSecureCookie configuration directive to enforce "secure" and "SameSite" cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory's .htaccess file. | ||
| + | [Bug Fix] Apply header operations for pages generated by python/nodejs applications. | ||
| + | [Bug Fix] Properly detect HTTP/2 GREASE frame and GREASE settings entry, avoiding protocol errors. | ||
| + | [Tuning] Automatically detect and neutralize bad rewrite rules that cause looping proxy to the same server. | ||
| + | [Tuning] Install alt-python38 wsgi-lsapi binary from source if rpm package is not available. | ||
| + | [Bug Fix] Avoid releasing cache objects too early. | ||
| + | [Bug Fix] Address a rare crash in ESI parser. | ||
| + | |||
| + | === Build 1 === | ||
| + | |||
| + | [Feature] Apply Expires header to a partial response for a range request. | ||
| + | [Bugfix] Force apply ACL configuration changes when client access level is cached in SHM. | ||
| + | [Bugfix] For directory auto index, avoid a blank file name when special characters are in the name. | ||
| + | |||
| + | === Build 0 === | ||
| + | |||
| + | [New Feature] WHM plugin 4.1 with Let's Encrypt ECC certificate support. QUIC.cloud integration with SSL certificates synchronization. | ||
| + | [New Feature] Automatic CloudFlare CDN IP detection. | ||
| + | [New Feature] Support for bcrypt password hash for HTTP authentication. | ||
| + | [Improvement] PHP version detection for cPanel FCGId PHP handler. | ||
| + | |||
| + | ===== Version 5.4.8 ===== | ||
| + | |||
| + | === Build 5 === | ||
| + | |||
| + | [Bug fix] Properly pass CHUNK encoded request body to script handler to address random file upload failure. | ||
| + | [Bug fix] Addressed graceful restart failure when the server has many IPs in use and is forced to create listeners for individual IP. | ||
| + | |||
| + | === Build 4 === | ||
| + | |||
| + | [New Feature] Control whether to wait for the full request body or not before passing requests to the request handler with new environment variable "wait-req-full-body". (Waiting allows the request handler to see the full request body immediately) | ||
| + | [Tuning] Increase reCAPTCHA verified status timeout from 1-hour to 1-day. | ||
| + | [Tuning] Increase .htaccess processing time limit from 500ms to 2.5sec to allow for the processing of larger .htaccess files. | ||
| + | |||
| + | === Build 3 === | ||
| + | |||
| + | [Bug Fix] LiteMage cache object count is now more accurate. | ||
| + | [Bug Fix] Address a few compatibility issues with Plesk admin console proxy through regular HTTPS access. | ||
| + | [Bug Fix] Cache statistics access through IPv6. | ||
| + | [Improvement] Protect WebAdmin listener port from duplicate regular listener configuration. | ||
| + | [Improvement] Add Plesk git integration support. | ||
| + | |||
| + | === Build 2 === | ||
| + | |||
| + | [Bug Fix] Address 404 error for reCAPTCHA verification. | ||
| + | [Bug Fix] 'SetEnv' directive is now properly applied inside <Files> or <FilesMatch> contexts. | ||
| + | |||
| + | === Build 1 === | ||
| + | |||
| + | [Bug Fix] Correct DirectAdmin PHP handler detection when "DirectAdmin" panel is selected under "PHP" config tab. | ||
| + | [Bug Fix] WebSocket ProxyPass configuration now works correctly inside the <Location> context. | ||
| + | [Bug Fix] Match Apache's Redirect behavior by discarding original query string if target URL has query string set. | ||
| + | |||
| + | === Build 0 === | ||
| + | |||
| + | [New Feature] Add the ability to load an extra ECC certificate for an Apache virtual host when multi-cert support is enabled. | ||
| + | [New Feature] Apply header modification configurations in .htaccess to dynamic responses for CloudLinux Python/Ruby/NodeJS selector application. | ||
| + | [New Feature] Update client IP using request header "X-Real-IP". | ||
| + | [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB. | ||
| + | [Security] Block 'LD_*' environment variable overriding from .htaccess. | ||
| + | [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0. | ||
| + | [Improvement] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain. | ||
| + | [Improvement] Update WHM plugin to v4.0 (drops support for EasyApache 3). | ||
| + | [Improvement] Make reCAPATCHA compatible with WordPress password protected pages. | ||
| + | [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser. | ||
| + | [Bug Fix] Correct Magento LiteMage2 cache object statistics. | ||
| + | [Bug Fix] Address an AJPv13 hanging bug. | ||
| + | [Bug Fix] Enabling bandwidth throttling no longer causes rare HTTP/2 response hangs. | ||
| + | [Bug Fix] Properly apply UMASK configuration for external applications. | ||
| + | [Bug Fix] Fix a problem with Plesk log rotation when LSWS overrode Apache's rc script with a symbolic link. | ||
| + | [Bug Fix] NodeJS default being not properly set in httpd_config.xml no longer causes crashing. | ||
| + | [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache. | ||
| + | |||
| + | ===== Version 5.4.7 ===== | ||
| + | |||
| + | === Build 9 === | ||
| + | |||
| + | [Bug Fix] Correct a SHM memory allocation issue. | ||
| + | [Bug Fix] Address a URL handling regression introduced in build 7 that affected NextCloud WebDAV clients. | ||
| + | |||
| + | === Build 8 === | ||
| + | |||
| + | [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB. | ||
| + | [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache. | ||
| + | [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser. | ||
| + | [Bug Fix] Correct a crash bug in cache engine. | ||
| + | [Tuning] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain. | ||
| + | |||
| + | === Build 7 === | ||
| + | |||
| + | [New Feature] For CloudLinux Python/Ruby/NodeJS selector application, applies header modification configuration in .htaccess to dynamic response. | ||
| + | [Bug Fix] A mod_security engine bug that causes random crash. | ||
| + | [Bug Fix] A bug in access log format validation. | ||
| + | |||
| + | === Build 6 === | ||
| + | |||
| + | [Bug Fix] Fixed Plesk log rotation issue when LSWS override Apache rc script with symbolic link. | ||
| + | [Bug Fix] Fixed a crash when NodeJS default was not properly set in httpd_config.xml. | ||
| + | |||
| + | === Build 5 === | ||
| + | |||
| + | [Security] Blocks overriding LD_PRELOAD environment variable from .htaccess. | ||
| + | [Bug Fix] Fixed a corner case that causes hanging HTTP/2 response when bandwidth throttling is enabled. | ||
| + | [Bug Fix] Properly apply UMASK configuration for external application. | ||
| + | |||
| + | === Build 4 === | ||
| + | |||
| + | [New Feature] Added the ability to load extra ECC certificate for Apache virtual host when multi-cert support is enabled. | ||
| + | [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0. | ||
| + | [Tuning] Disable cache if a request is blocked by mod_security. | ||
| + | [Bug Fix] Minor bug fixes in cache engine. | ||
| + | [Bug Fix] Minor bug fix in mod_security engine. | ||
| + | |||
| + | === Build 3 === | ||
| + | |||
| + | [Bug Fix] Fixed an HTTP/2 protocol bug encountered when a PHP page failed without sending back a response header. | ||
| + | [Bug Fix] Fixed an internal memory management bug that caused random crashing. | ||
| + | |||
| + | === Build 2 === | ||
| + | |||
| + | [Bug Fix] Fixed an AJPv13 protocol bug that caused requests containing a request body to hang. | ||
| + | [Tuning] Improved reCAPATCHA verification to make it compatible with WordPress password protected pages. | ||
| + | |||
| + | === Build 0 === | ||
| + | |||
| + | [Security] Fixed a symbolic link attack in directory auto index script. Thank you KnownHost for the bug report. (CloudLinux user is not affected.) | ||
| + | [New Feature] Added strict suEXEC and ownership checking on scripts. | ||
| + | [New Feature] Added ability to configure static/dynamic request per second limit for Apache ghost. | ||
| + | [Bug Fix] Fixed reCAPTCHA triggering for the first access of an allowed robot. | ||
| + | [Bug Fix] Added "Cache-Control: no-cache" to reCAPTCHA verification page to disallow CDN/proxy cache. | ||
| + | [Bug fix] Fixed delayed .htaccess loading. | ||
| + | [Bug fix] Fixed a delayed server response bug with HTTP/2. | ||
| + | [Bug fix] Fixed a NodeJS websocket backend configuration bug. | ||
| + | [Bug fix] Shared lib for lscmctl script is now updated on server install/update. | ||
| + | [Tuning] Prevent ports 443 and 80 from being used as WebAdmin listener port. | ||
| + | [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable. | ||
| + | [Tuning] Automatically update /proc/sys/net/core/somaxconn to 1024 whenever server performs a fresh startup. | ||
| + | [Tuning] Added after=lve_namespaces.service to systemd unit file. | ||
| + | |||
| + | ===== Version 5.4.6 ===== | ||
| + | |||
| + | === Build 5 === | ||
| + | [Bug Fix] Fixed a bug that reCAPTCHA was shown for the first access of an allowed robot. | ||
| + | [Bug Fix] Added "Cache-Control: no-cache" for reCAPTCHA verify page to disallow CDN/proxy cache. | ||
| + | |||
| + | === Build 4 === | ||
| + | |||
| + | [Bug Fix] Minimize interference with mandatory rewrite processing when bypassing favicon URL rewrite. | ||
| + | [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable. | ||
| + | |||
| + | === Build 3 === | ||
| + | |||
| + | [Bug Fix] Use request header value for RBL lookups. | ||
| + | [Bug Fix] Fixed a configuration parser crash. | ||
| + | [Bug Fix] Fixed HTTP/3 ALPN string to properly advertise h3-27. | ||
| + | [Tuning] Automatically update /proc/sys/net/core/somaxconn to 1024, when server performs a fresh startup. | ||
| + | [Tuning] Avoid adjusting external application process priority based on server's priority. | ||
| + | |||
| + | === Build 2 === | ||
| + | |||
| + | [New Feature] Added strict suEXEC and ownership checks for scripts. | ||
| + | [New Feature] Added ability to configure static/dynamic request per second limit for Apache vhost. | ||
| + | [Tuning] Added after=lve_namespaces.service to systemd unit file. | ||
| + | [Bug Fix] Fixed a bug when switching vhost log file. | ||
| + | [Bug Fix] Fixed an HTTP/3 timestamp/ACK ping-pong bug. | ||
| + | [Bug Fix] Fixed a bug causing extra delay when response has content length = 0. | ||
| + | |||
| + | === Build 1 === | ||
| + | |||
| + | [Bug fix] Fixed a bug causing delayed .htaccess loading. | ||
| + | [Bug fix] Fixed an HTTP/2 bug that sometimes delayed server response. | ||
| + | [Bug fix] Fixed a bug in NodeJS websocket backend configuration. | ||
| + | [Bug fix] Shared lib for lscmctl is now updated on server install/update. | ||
| + | [Tuning] Prevent ports 443 and 80 for use as a WebAdmin listener. | ||
| + | |||
| + | === Build 0 === | ||
| + | |||
| + | [New Feature] Updated HTTP/3 support to include h3-27. | ||
| + | [Bug Fix] Fixed a bug that caused ProxyPass ws:// target to stop working for certain configuration combination. | ||
| + | [Bug Fix] Fixed a bug in HTTP/2 handling mismatched response content-length and actual reponse body size. | ||
| + | [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk. | ||
| + | [Bug Fix] Fixed a regression that broke /tmp/lshttpd/swap auto cleanup. | ||
| + | [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule. | ||
| + | [Bug Fix] Fixed a crash in ModSecurity using libinjection. | ||
| + | [Tuning] Set mod_security RBL DNS cache to 60 seconds. | ||
| + | [Tuning] Disable TLSv1.1 by default. | ||
| + | [Tuning] Enable SSL session tickets by default. | ||
| + | [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically. | ||
| + | |||
| + | ===== Version 5.4.5 ===== | ||
| + | |||
| + | === Build 3 === | ||
| + | |||
| + | [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk. | ||
| + | [Bug Fix] Fixed a regression that broke /tmp/lshttpd/swap auto cleanup. | ||
| + | [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule. | ||
| + | [Bug Fix] Fixed a crash in ModSecurity using libinjection. | ||
| + | [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically. | ||
| + | |||
| + | === Build 2 === | ||
| + | |||
| + | [Bug Fix] Minor ModSecurity compatibility fixes. | ||
| + | [Bug Fix] Prevent WebAdmin Console 503 error on centos8 by installing libnsl package automatically. | ||
| + | [Bug Fix] Minor bug fixes in HTTP/3 (QUIC) engine. | ||
| + | [Tuning] Added add "SameSite=Strict" attribute to ls_smartpush cookie. | ||
| + | [Tuning] Update cp_switch_ws.sh script to work independently of any installed control panel plugins. | ||
| + | [Bug Fix] Update uninstall.sh script to work properly when a control panel plugin is not installed. | ||
| + | [Tuning] Downgraded some modsec log messages from "error" to "warning". | ||
| + | [Bug Fix] Fixed a rewrite engine compatibility regression introduced in v5.4.4. | ||
| + | |||
| + | === Build 1 === | ||
| + | |||
| + | [Bug Fix] mod_security @validateUrlEncoding operator has been turned off to avoid unnecessary false positives. | ||
| + | [Bug Fix] Fixed a cache engine bug that broke the "Respect Cacheable" feature. | ||
| + | [Bug Fix] Fixed a crash bug when detecting server startup time. | ||
| + | [Tuning] Made HTML pages generated by the auto index script responsive. | ||
| + | [Tuning] Hid confusing required/restricted permission mask configurations in WebAdmin Console. | ||
| + | |||
| + | === Build 0 === | ||
| + | |||
| + | [New Feature] Added support for IETF HTTP/3 draft 25 (h3-25). | ||
| + | [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database. | ||
| + | [New Feature] Added full Captcha protection for WordPress login page. | ||
| + | [New Feature] Optionally skip rewrite processing for Let's Encrypt verification requests. | ||
| + | [New Feature] Automatically patch Set-Cookie with 'secure' flag when served over HTTPS. | ||
| + | [Improvement] Added 'cssDecode' and 'utf8toUnicode' transformations to ModSecurity engine. | ||
| + | [Improvement] Added support for 'REQUEST_SCHEME' request variable. | ||
| + | [Improvement] Added '-vb' command line option to print out version and build number. | ||
| + | [Update] Updated WHM plugin to v3.3.7. | ||
| + | [Bug Fix] Fixed websockets hanging on upgrade. | ||
| + | [Bug Fix] Fixed a WebAdmin Console socket address validation bug. | ||
| + | [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/Ruby/NodeJS applications. | ||
| + | [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive. | ||
| + | [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths. | ||
| + | [Bug Fix] External application process startup time is now reliably detected. | ||
| + | [Bug Fix] Fixed a minor regression with AHO string search. | ||
| + | [Bug Fix] Fixed a bug using wrong log ID in error log. | ||
| + | |||
| + | ===== Version 5.4.4 ===== | ||
| + | |||
| + | === Build 8 === | ||
| + | |||
| + | [Bug Fix] In cPanel environment, disable rewrite bypass for Let's Encrypt verification requests if dedicate rewrite rule for 'acme-challenge' detected. | ||
| + | |||
| + | === Build 7 === | ||
| + | |||
| + | [Bug Fix] Fixed a random crash that occurred during SSL handshakes. | ||
| + | [Bug Fix] Fixed a bug that rarely cased CPU usage to climb to 99% when shutting down SSL connections. | ||
| + | |||
| + | === Build 6 === | ||
| + | |||
| + | [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths. | ||
| + | [Bug Fix] Fixed a random reCAPTCHA verification failure with status code 500. | ||
| + | [Bug Fix] External application process startup time is now reliably detected. | ||
| + | [Bug Fix] Fixed a minor regression with AHO string search. | ||
| + | |||
| + | === Build 5 === | ||
| + | |||
| + | [New Feature] Automatically patch Set-Cookie with 'secure' flag when served over HTTPS. | ||
| + | [Bug Fix] Fixed a regression in Python/Ruby/NodeJS application 'tmp/restart.txt' marker file handling. | ||
| + | [Bug Fix] Fixed a WebAdmin Console socket address validation bug. | ||
| + | [Bug Fix] Fixed a corner case to load trusted IP configured in document root .htaccess before reCAPTCHA verification. | ||
| + | |||
| + | === Build 4 === | ||
| + | |||
| + | [New Feature] Skip rewrite processing for Let's Encrypt verification requests. | ||
| + | [Bug Fix] Fixed websockets hanging on upgrade. | ||
| + | [Bug Fix] Fixed a WebAdmin Console socket address validation bug. | ||
| + | [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/Ruby/NodeJS applications. | ||
| + | [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive. | ||
| + | |||
| + | === Build 3 === | ||
| + | |||
| + | [New Feature] Added full Captcha protection for WordPress login page. | ||
| + | [Bug Fix] Fixed a connection hang regression introduced in v5.4.4 build 2. | ||
| + | |||
| + | === Build 2 === | ||
| + | |||
| + | [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database. | ||
| + | [Bug Fix] Minor bug fixes to ModSecurity engine. | ||
| + | |||
| + | === Build 1 === | ||
| + | |||
| + | [Improvement] Fine tuned HTTP/3 and QUIC engine performance. | ||
| + | [Improvement] Added 'cssDecode' and 'utf8toUnicode' transformations to ModSecurity engine. | ||
| + | [Improvement] Added 'ctl:debugLogLevel' support to ModSecurity engine. | ||
| + | [Improvement] Added support for 'REQUEST_SCHEME' request variable. | ||
| + | [Improvement] Added '-vb' command line option to print out version and build number. | ||
| + | [Update] Updated WHM plugin to v3.3.6. | ||
| + | [Bug Fix] Minor bug fixes in ModSecurity engine. | ||
| + | |||
| + | === Build 0 === | ||
| + | |||
| + | [New Feature] Added support for Google QUIC Q050. | ||
| + | [Security] Improved WebAdmin Console security by strictly checking request URLs. | ||
| + | [Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled. | ||
| + | [Bug Fix] Fixed an ESI/Litemage output corruption bug. | ||
| + | [Bug Fix] Fixed a bug in AIO logging that caused the access log to stop working. | ||
| + | [Bug Fix] Fixed a bug causing 100% CPU usage for FreeBSD. | ||
| + | [Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/tmp/lshttpd". | ||
| + | [Bug Fix] Fixed a crash caused by memory mapped files being truncated. | ||
| ===== Version 5.4.3 ===== | ===== Version 5.4.3 ===== | ||
| + | |||
| + | === Build 5 === | ||
| + | |||
| + | [Bug Fix] Fixed a regression for mod_security request parser introduced in 5.4.3 build 4. | ||
| + | [Bug Fix] Fixed a crash due to memory mapped file being truncated. | ||
| + | |||
| + | === Build 4 === | ||
| + | |||
| + | [Security] Improved WebAdmin console security by strictly checking request URL. | ||
| + | [Bug Fix] Fixed a regression for FastCGI protocol support, introduced in 5.4.3 build 0. | ||
| + | [Bug Fix] There are minor bug fixes for mod_security engine. | ||
| + | |||
| + | === Build 3 === | ||
| + | |||
| + | [Bug Fix] Fixed a mutex dead-lock regression introduced in build 2 for AIO logging. | ||
| + | |||
| + | === Build 2 === | ||
| + | |||
| + | [Bug Fix] Fixed a bug in AIO logging that caused access log stop working. | ||
| + | [Bug Fix] Fixed a bug caused 100% CPU usage for FreeBSD. | ||
| + | [Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/tmp/lshttpd". | ||
| + | |||
| + | === Build 1 === | ||
| + | |||
| + | [Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled. | ||
| + | [Bug Fix] Fixed an ESI/Litemage output corruption bug. | ||
| + | [Tuning] Fine tuned keepalive timeout for detached PHP processes to reduce the number of idle PHP processes. | ||
| === Build 0 === | === Build 0 === | ||