Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:changelog [2020/02/19 12:38]
qtwrk
+++ litespeed_wiki:changelog [2021/01/15 12:32]
Lucas Rolff Update to latest versions
@@ Line 1: / Line 1: @@
 ====== LiteSpeed Web Server Changelog ======
+===== Version 6.0 =====
+=== RC3 ===
+  [New Feature] Support external application configuration using domain name for target address.
+  [New Feature] HTTP/3 draft 32 support.
+  [New Feature] Support for secure websocket backend (wss://).
+  [Major Improvement] Better Apache ProxyPass compatibility with any target domain/IP, without the need to explicitly create an external application.
+  [Major Improvement] HTTP/3 Delayed ACK extension has been enabled to improve performance.
+  [Improvement] Better support for various ModSecurity variables.
+  [Improvement] Fix various HTTP/3 congestion control corner cases to maximize throughput.
+=== RC2 ===
+  [New Feature] ModSecurity scan response body support.
+  [New Feature] HTTP/3 draft 31 support.
+  [Major Improvement] Improve HTTP/3 throughput with DPLPMTUD, Adaptive congestion control, and zero-copy packetization.
+  [Major Improvement] ModSecurity persistent collection SHM storage.
+  [Major Improvement] Revamp of SSL Multi-Cert support.
+=== RC1 ===
+  [Major New Feature] Apache 2.4 conditional context <If> <Ifelse> <Else> support.
+  [Major New Feature] Asynchronous mod_security engine.
+  [Major New Feature] Bubblewrap isolated CGI/PHP execution environments.
+  [New Feature] HTTP/3 draft 29 support.
+  [Major Enhancement] HTTP/2 has gone through a major rewrite with more efficient header handling.
+  [Enhancement] Added ModSecurity JSON audit log.
+===== Version 5.4.11 =====
+=== Build 4 ===
+  [Bug Fix] A timing issue with SSL ticket key rotation that causes brief SSL connection errors.
+=== Build 3 ===
+  [Bug Fix] Rewrite rule triggered reCAPTCHA causing rare server hang.
+  [Bug Fix] Chunk decoding hanging issue for request body.
+  [Bug Fix] Response header count limit raise to 64K.
+  [Bug Fix] Client info cache reference counting issue.
+  [Tuning] Default timeout for SSL session ticket set to 1 hour.
+  [Tuning] Default umask set to 022.
+=== Build 2 ===
+  [Bug Fix] Matched Apache ModSecurity behavior by logging hits with "pass" action to error log.
+  [Bug Fix] Fixed NodeJS application directory index for static content.
+  [Bug Fix] Improved lsquic busy loop detection to avoid false positives.
+  [Bug Fix] Log and auto correct the issue where Python application switches the directory for serving static content.
+=== Build 1 ===
+  [Bug Fix] Handle stream RESET in a timely manner for HTTP/3 and QUIC connections.
+  [Bug Fix] Automatically add local IPv4 and IPv6 addresses to trusted IP list.
+=== Build 0 ===
+  [New Feature] Support for Apache configuration directive 'AuthMerging'.
+  [Improvement] Support for RewriteCond operators added by Apache 2.4 which includes '>=' , '<=', '-eq' , '-ge' , '-gt', '-le' , '-lt', '-ne', '-h', '-L', and '-x'.
+  [Improvement] Update bundled WHM Plugin to v4.1.3 (bundled w/ cPanel plugin v2.1.2).
+  [Bug Fix] Do not load .htaccess from parent directories beyond document root when AllowOverride is disabled for those parent directories in Apache configuration.
+  [Bug Fix] Address a crash in ESI sub requests.
+  [Bug Fix] Avoid restoring older system file backups if a switch back to Apache has been performed.
+  [Bug Fix] Avoid throttling or blocking local IP.
+  [Bug Fix] Address occasional slow down caused by long delays added by CUBIC congestion control for HTTP/3 (QUIC).
+  [Bug Fix] CloudLinux App config now follow max connections configured in LSWS native App config.
+  [Bug Fix] Properly apply environment variable configuration for CloudLinux Node selector.
+  [Bug Fix] Address a false positive that was blocking IPs due to "too many new SSL connections".
+  [Bug Fix] Plesk webstats page now works properly.
+===== Version 5.4.10 =====
+=== Build 4 ===
+  [Bug Fix] Do not load .htaccess from parent directories beyond document root when AllowOverride is disabled for those parent directories in Apache configuration.
+  [Bug Fix] Address a crash in ESI sub request.
+  [Bug Fix] Avoid restoring older system file backups if a switch back to Apache has been performed.
+  [Bug Fix] Avoid throttling or blocking local IP.
+=== Build 1 ===
+  [Bug Fix] Allow default PHP handler to follow explicit configurations for DirectAdmin.
+=== Build 0 ===
+  [New Feature] Add ForceSecureCookie configuration directive to enforce "secure" and "SameSite" cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory's .htaccess file.
+  [New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
+  [New Feature] Update cPanel plugin to automatically apply new ECC certificates generated through the plugin.
+  [Improvement] Apply Expires header to a partial response for a range request.
+  [Improvement] Improve PHP default handler for DirectAdmin.
+  [Improvement] Update bundled WHM plugin to v4.1.2 with improved WP cache scan logic.
+  [Bug Fix] Avoid stapling expired OCSP responses.
+  [Bug Fix] Properly apply URL encoding for Location URL generated by a rewrite rule.
+  [Bug Fix] HTTP3/IETF QUIC: close immediately if crypto session can't be initialized.
+  [Bug Fix] Close down HTTP3/QUIC streams reset by peer in a timely manner.
+  [Bug Fix] Normalize IPv6 addresses to properly reuse existing listener sockets.
+  [Bug Fix] Update Python application handler internal URL to avoid being blocked when .py suffix is blocked.
+  [Bug Fix] Apply header operations for pages generated by python/nodejs applications.
+  [Bug Fix] Properly detect HTTP/2 GREASE frame and GREASE settings entry, avoiding protocol errors.
+  [Bug Fix] Avoid releasing cache objects too early.
+  [Bug Fix] Address a rare crash in ESI parser.
+  [Bug Fix] Force apply ACL configuration changes when client access level is cached in SHM.
+  [Bug Fix] Reset per client concurrent connection counter stored in SHM when server restarts.
+  [Bug Fix] For directory auto index, avoid a blank file name when special characters are in the name.
+  [Tuning] Automatically detect and neutralize bad rewrite rules that cause looping proxy to the same server.
+  [Tuning] Install alt-python38 wsgi-lsapi binary from source if rpm package is not available.
+  [Tuning] Add PHP 8.0 auto detection.
+===== Version 5.4.9 =====
+=== Build 4 ===
+  [Improvement] Improve PHP default handler for DirectAdmin.
+  [Bug Fix] Avoid stapling expired OCSP responses.
+  [Bug Fix] HTTP3/IETF QUIC: close immediately if crypto session can't be initialized.
+  [Bug Fix] Address a rare/random crash.
+=== Build 3 ===
+  [New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
+  [New Feature] Update cPanel plugin to automatically apply new ECC certificates generated through the plugin.
+  [Bug Fix] Normalize IPv6 address to properly reuse existing listener sockets.
+  [Bug Fix] Close down HTTP3/QUIC streams reset by peer in timely manner.
+=== Build 2 ===
+  [New Feature] New ForceSecureCookie configuration directive to enforce "secure" and "SameSite" cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory's .htaccess file.
+  [Bug Fix] Apply header operations for pages generated by python/nodejs applications.
+  [Bug Fix] Properly detect HTTP/2 GREASE frame and GREASE settings entry, avoiding protocol errors.
+  [Tuning] Automatically detect and neutralize bad rewrite rules that cause looping proxy to the same server.
+  [Tuning] Install alt-python38 wsgi-lsapi binary from source if rpm package is not available.
+  [Bug Fix] Avoid releasing cache objects too early.
+  [Bug Fix] Address a rare crash in ESI parser.
+=== Build 1 ===
+  [Feature] Apply Expires header to a partial response for a range request.
+  [Bugfix] Force apply ACL configuration changes when client access level is cached in SHM.
+  [Bugfix] For directory auto index, avoid a blank file name when special characters are in the name.
+=== Build 0 ===
+  [New Feature] WHM plugin 4.1 with Let's Encrypt ECC certificate support. QUIC.cloud integration with SSL certificates synchronization.
+  [New Feature] Automatic CloudFlare CDN IP detection.
+  [New Feature] Support for bcrypt password hash for HTTP authentication.
+  [Improvement] PHP version detection for cPanel FCGId PHP handler.
+===== Version 5.4.8 =====
+=== Build 5 ===
+  [Bug fix] Properly pass CHUNK encoded request body to script handler to address random file upload failure.
+  [Bug fix] Addressed graceful restart failure when the server has many IPs in use and is forced to create listeners for individual IP.
+=== Build 4 ===
+  [New Feature] Control whether to wait for the full request body or not before passing requests to the request handler with new environment variable "wait-req-full-body". (Waiting allows the request handler to see the full request body immediately)
+  [Tuning] Increase reCAPTCHA verified status timeout from 1-hour to 1-day.
+  [Tuning] Increase .htaccess processing time limit from 500ms to 2.5sec to allow for the processing of larger .htaccess files.
+=== Build 3 ===
+  [Bug Fix] LiteMage cache object count is now more accurate.
+  [Bug Fix] Address a few compatibility issues with Plesk admin console proxy through regular HTTPS access.
+  [Bug Fix] Cache statistics access through IPv6.
+  [Improvement] Protect WebAdmin listener port from duplicate regular listener configuration.
+  [Improvement] Add Plesk git integration support.
+=== Build 2 ===
+  [Bug Fix] Address 404 error for reCAPTCHA verification.
+  [Bug Fix] 'SetEnv' directive is now properly applied inside <Files> or <FilesMatch> contexts.
+=== Build 1 ===
+  [Bug Fix] Correct DirectAdmin PHP handler detection when "DirectAdmin" panel is selected under "PHP" config tab.
+  [Bug Fix] WebSocket ProxyPass configuration now works correctly inside the <Location> context.
+  [Bug Fix] Match Apache's Redirect behavior by discarding original query string if target URL has query string set.
+=== Build 0 ===
+  [New Feature] Add the ability to load an extra ECC certificate for an Apache virtual host when multi-cert support is enabled.
+  [New Feature] Apply header modification configurations in .htaccess to dynamic responses for CloudLinux Python/Ruby/NodeJS selector application.
+  [New Feature] Update client IP using request header "X-Real-IP".
+  [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
+  [Security] Block 'LD_*' environment variable overriding from .htaccess.
+  [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0.
+  [Improvement] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
+  [Improvement] Update WHM plugin to v4.0 (drops support for EasyApache 3).
+  [Improvement] Make reCAPATCHA compatible with WordPress password protected pages.
+  [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
+  [Bug Fix] Correct Magento LiteMage2 cache object statistics.
+  [Bug Fix] Address an AJPv13 hanging bug.
+  [Bug Fix] Enabling bandwidth throttling no longer causes rare HTTP/2 response hangs.
+  [Bug Fix] Properly apply UMASK configuration for external applications.
+  [Bug Fix] Fix a problem with Plesk log rotation when LSWS overrode Apache's rc script with a symbolic link.
+  [Bug Fix] NodeJS default being not properly set in httpd_config.xml no longer causes crashing.
+  [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
+===== Version 5.4.7 =====
+=== Build 9 ===
+  [Bug Fix] Correct a SHM memory allocation issue.
+  [Bug Fix] Address a URL handling regression introduced in build 7 that affected NextCloud WebDAV clients.
+=== Build 8 ===
+  [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
+  [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
+  [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
+  [Bug Fix] Correct a crash bug in cache engine.
+  [Tuning] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
+=== Build 7 ===
+  [New Feature] For CloudLinux Python/Ruby/NodeJS selector application, applies header modification configuration in .htaccess to dynamic response.
+  [Bug Fix] A mod_security engine bug that causes random crash.
+  [Bug Fix] A bug in access log format validation.
+=== Build 6 ===
+  [Bug Fix] Fixed Plesk log rotation issue when LSWS override Apache rc script with symbolic link.
+  [Bug Fix] Fixed a crash when NodeJS default was not properly set in httpd_config.xml.
+=== Build 5 ===
+  [Security] Blocks overriding LD_PRELOAD environment variable from .htaccess.
+  [Bug Fix] Fixed a corner case that causes hanging HTTP/2 response when bandwidth throttling is enabled.
+  [Bug Fix] Properly apply UMASK configuration for external application.
+=== Build 4 ===
+  [New Feature] Added the ability to load extra ECC certificate for Apache virtual host when multi-cert support is enabled.
+  [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0.
+  [Tuning] Disable cache if a request is blocked by mod_security.
+  [Bug Fix] Minor bug fixes in cache engine.
+  [Bug Fix] Minor bug fix in mod_security engine.
+=== Build 3 ===
+  [Bug Fix] Fixed an HTTP/2 protocol bug encountered when a PHP page failed without sending back a response header.
+  [Bug Fix] Fixed an internal memory management bug that caused random crashing.
+=== Build 2 ===
+  [Bug Fix] Fixed an AJPv13 protocol bug that caused requests containing a request body to hang.
+  [Tuning] Improved reCAPATCHA verification to make it compatible with WordPress password protected pages.
+=== Build 0 ===
+  [Security] Fixed a symbolic link attack in directory auto index script. Thank you KnownHost for the bug report. (CloudLinux user is not affected.)
+  [New Feature] Added strict suEXEC and ownership checking on scripts.
+  [New Feature] Added ability to configure static/dynamic request per second limit for Apache ghost.
+  [Bug Fix] Fixed reCAPTCHA triggering for the first access of an allowed robot.
+  [Bug Fix] Added "Cache-Control: no-cache" to reCAPTCHA verification page to disallow CDN/proxy cache.
+  [Bug fix] Fixed delayed .htaccess loading.
+  [Bug fix] Fixed a delayed server response bug with HTTP/2.
+  [Bug fix] Fixed a NodeJS websocket backend configuration bug.
+  [Bug fix] Shared lib for lscmctl script is now updated on server install/update.
+  [Tuning] Prevent ports 443 and 80 from being used as WebAdmin listener port.
+  [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable.
+  [Tuning] Automatically update /proc/sys/net/core/somaxconn to 1024 whenever server performs a fresh startup.
+  [Tuning] Added after=lve_namespaces.service to systemd unit file.
+===== Version 5.4.6 =====
+=== Build 5 ===
+  [Bug Fix] Fixed a bug that reCAPTCHA was shown for the first access of an allowed robot.
+  [Bug Fix] Added "Cache-Control: no-cache" for reCAPTCHA verify page to disallow CDN/proxy cache.
+=== Build 4 ===
+  [Bug Fix] Minimize interference with mandatory rewrite processing when bypassing favicon URL rewrite.
+  [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable.
+=== Build 3 ===
+  [Bug Fix] Use request header value for RBL lookups.
+  [Bug Fix] Fixed a configuration parser crash.
+  [Bug Fix] Fixed HTTP/3 ALPN string to properly advertise h3-27.
+  [Tuning] Automatically update /proc/sys/net/core/somaxconn to 1024, when server performs a fresh startup.
+  [Tuning] Avoid adjusting external application process priority based on server's priority.
+=== Build 2 ===
+  [New Feature] Added strict suEXEC and ownership checks for scripts.
+  [New Feature] Added ability to configure static/dynamic request per second limit for Apache vhost.
+  [Tuning] Added after=lve_namespaces.service to systemd unit file.
+  [Bug Fix] Fixed a bug when switching vhost log file.
+  [Bug Fix] Fixed an HTTP/3 timestamp/ACK ping-pong bug.
+  [Bug Fix] Fixed a bug causing extra delay when response has content length = 0.
+=== Build 1 ===
+  [Bug fix] Fixed a bug causing delayed .htaccess loading.
+  [Bug fix] Fixed an HTTP/2 bug that sometimes delayed server response.
+  [Bug fix] Fixed a bug in NodeJS websocket backend configuration.
+  [Bug fix] Shared lib for lscmctl is now updated on server install/update.
+  [Tuning] Prevent ports 443 and 80 for use as a WebAdmin listener.
+=== Build 0 ===
+  [New Feature] Updated HTTP/3 support to include h3-27.
+  [Bug Fix] Fixed a bug that caused ProxyPass ws:// target to stop working for certain configuration combination.
+  [Bug Fix] Fixed a bug in HTTP/2 handling mismatched response content-length and actual reponse body size.
+  [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
+  [Bug Fix] Fixed a regression that broke /tmp/lshttpd/swap auto cleanup.
+  [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
+  [Bug Fix] Fixed a crash in ModSecurity using libinjection.
+  [Tuning] Set mod_security RBL DNS cache to 60 seconds.
+  [Tuning] Disable TLSv1.1 by default.
+  [Tuning] Enable SSL session tickets by default.
+  [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.
 ===== Version 5.4.5 =====
+=== Build 3 ===
+  [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
+  [Bug Fix] Fixed a regression that broke /tmp/lshttpd/swap auto cleanup.
+  [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
+  [Bug Fix] Fixed a crash in ModSecurity using libinjection.
+  [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.
 === Build 2 ===