Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
litespeed_wiki:changelog [2019/03/22 08:04]
Lucas Rolff
litespeed_wiki:changelog [2019/10/20 18:26] (current)
Lucas Rolff 5.4.2 build 0
Line 1: Line 1:
 ====== LiteSpeed Web Server Changelog ====== ====== LiteSpeed Web Server Changelog ======
  
-===== Version 5.4RC3 =====+===== Version 5.4.2 =====
  
-  ​[Major New Feature] ​Dynamic Virtual Host configuration through REDIS backend+=== Build 0 === 
-  [Major ImprovementGreatly improved ​HTTP/performance -- up to 7x faster than previous implementations+  ​[New Feature] ​Updated QUIC implementation to support IETF HTTP/3 draft 23
-  [Bug Fix] Improved QUIC engine ​performance ​and stability+  [New FeatureBBR congestion control for QUIC and HTTP/3.  
-  [Bug Fix] All bug fixes and enhancements on 5.3.x branch included.+  [New Feature] "​Require env XXXX" access control support. 
 +  [New Feature] User/​Account level bandwidth throttling for Redis dynamic virtual hosting. 
 +  [Improvement] Further HTTPS SSL layer performance ​tuning. 
 +  [Improvement] Automatically restart running PHP processes when PHP binary changes are detected. 
 +  [Improvement] Automatically convert ea-phpXX handler configuration into a phpXX handler when an ea-php handler is not available. 
 +  [Improvement] Improved AIO access logging ​to minimize disk I/O
 +  [Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives. 
 +  [Improvement] Built-in error and reCAPTCHA verification pages are now responsive. 
 +  [Improvement] Remove '​['​ '​]'​ enclosure for IPv6 addresses in the access log and request environment variable '​REMOTE_ADDR'​. 
 +  [Improvement] Reduced memory usage to improve server scalability. 
 +  [Improvement] Improved ​accuracy of server real-time statistics. 
 +  [Improvement] Enable SSL SHM session cache for Apache HTTPS vhost when server level SSH session cache is enabled. 
 +  [Improvement] Disable TLSv1.0 by default for better PCI compliance. 
 +  [Improvement] Automatically disable HTTP/2, SPDY, and QUIC for CSF messenger vhosts on port 8887. 
 +  [Improvement] Added "​SmartPush no-cookie"​ directive to disable cookies used for HTTP/2 and QUIC smart push. 
 +  [Improvement] Added `lsws/​logs/​critical_alert` log file for writing common license errors that could cause LSWS to stop working. 
 +  [Improvement] Improved compatibility with CloudLinux python selector. 
 +  [Improvement] Improved modsecurity ​engine ​compatibility. 
 +  [Improvement] Send "​Alt-Svc"​ header advertising QUIC and HTTP/3 support only once per connection
 +  [Bug Fix] Fixed WordPress brute force protection bugs that were causing false positives ​and crashes. 
 +  [Bug Fix] Fixed a bug causing HTTP/2 requests to stall under rare conditions. 
 +  [Bug Fix] Fixed a bug causing broken non-keepalive HTTPS responses. 
 +  [Bug Fix] Fixed a Layer4 tunnel bug that caused random crashes. 
 +  [Bug Fix] Fixed Apache sometimes starting inside the lshttpd cgroup when switching from LSWS to Apache. 
 +  [Bug Fix] Fixed all LSPHP processes not being stopped when switching from LSWS to Apache. 
 +  [Bug Fix] Fixed an .htaccess cache bug that caused the server'​s default PHP handler to be used instead of configured per-vhost suEXEC handlers. 
 +  [Bug Fix] Per Apache vhost PHP 7.4 handler now runs in suEXEC mode.
  
-===== Version 5.4RC2 =====+===== Version 5.4.1 =====
  
-  ​[Major New FeatureDynamic virtual hosting through rewrite rules+=== Build 8 === 
-  [ImprovementImproved HTTP/2 performance+  ​[ImprovementImproved python application configuration to allow swapping applications on the same URL.  
-  [Bug Fix] All applicable ​bug fixes from the 5.3 branch+  [Bug FixDisable CRIU feature to avoid server downtime after a recent CloudLinux CRIU library update began causing lscgid to crash
-  [Bug Fix] Fixed a few server crash bugs.+  [Bug Fix] Fixed a mod_security configuration ​bug that reordered some rules under certain conditions
 +  [Bug Fix] Fixed a systemd warning under Plesk 18.0.
  
-===== Version ​5.4RC1 =====+=== Build 7 ==
 +  [Improvement] Automatically disable HTTP/2, SPDY, and QUIC for CSF messenger vhost on port 8887. 
 +  [Improvement] Added "​SmartPush no-cookie"​ directive to disable cookies used for HTTP/2 and QUIC smart push. 
 +  [Improvement] Added `lsws/​logs/​critical_alert` log file for writing common licensing problems that could cause LSWS to stop working. 
 +  [Bug Fix] Fixed a compatibility issue with CloudLinux python selector. 
 + 
 +=== Build 6 === 
 +  [Bug Fix] Fixed a bug introduced in build that caused the server to crash when "​require env xxxx" was used. 
 +  [Bug Fix] Fixed QUIC support for FreeBSD. 
 +  [Bug Fix] Changed "​Accept-Encoding"​ value to be case insensitive. 
 +  [Improvement] Use '​pkill'​ instead of '​killall'​ in various scripts to minimize dependencies on installed system packages. 
 +  [Improvement] Update "​Alt-Svc"​ string for gQUIC advertising. 
 + 
 +=== Build 5 ==
 +  [FEATURE] Enable SSL SHM session cache for Apache HTTPS vhost when server level SSH session cache is enabled.  
 +  [FEATURE] Added support for "​Require env XXXX" access control.  
 +  [TUNING] Disable TLSv1.0 by default for better PCI compliance.  
 +  [BUGFIX] Make statistics more accurate for requests processed .  
 +  [BUGFIX] Fixed a minor regression in 5.4 that performs redirect before rewrite when URL without a trailing slash pointing to a directory.  
 + 
 +=== Build 4 === 
 +  [Improvement] Automatically restart running PHP processes after detecting PHP binary updates. 
 +  [Improvement] Automatically converted ea-phpXX handler configuration to phpXX handler when ea-php handler is not available. 
 +  [Improvement] Improved AIO access logging to minimize disk I/O. 
 +  [Bug Fix] Close unused REUSEPORT socket. 
 +  [Bug Fix] Make "​requests processed"​ counter more accurate in real-time report. 
 +  [Bug Fix] Make per Apache vhost PHP 7.4 handler run in suEXEC mode. 
 +  [Bug Fix] Fixed a bug reading CGI '​umask'​ configuration as an octal number.
  
 === Build 3 === === Build 3 ===
 +  [Bug Fix] Fixed a .htaccess cache bug that caused the server'​s default PHP handler to be used instead of per-vhost suEXEC handlers.
 +  [Bug Fix] Fixed a WP brute force protection bug that occasionally caused 100% CPU usage.
 +  [Bug Fix] Fixed a divide by zero bug that was causing server crashes.
 +  [Bug Fix] Fixed a mod_security engine bug where `@geolookup` would not work properly with new MaxMind DB files.
 +  [Tuning] Reduced Brotli compression memory usage.
 +  [Tuning] Allow mapping www.TLD.com and TLD.com to different native virtual hosts.
  
-  ​[Bug Fix] Fixed a bug causing ​the default error page to hang on some HTTP/2 connections+=== Build 2 === 
-  [Bug Fix] Fixed a bug that causing some HTTPS connections ​to hang+ 
-  [Bug Fix] Fixed an infinite recursion ​bug that caused a stack overflow when triggered.+  [New Feature] Added an option to allow generation of full real time status report, including idle virtual host and external app stats. 
 +  [Bug Fix] Fixed an RBL compatibility issue with modsecurity rules from Imunify360. 
 +  ​[Bug Fix] Fixed a Layer4 tunnel ​bug that caused random crashes. 
 +  [Bug Fix] Fixed Apache sometimes starting inside ​the lshttpd cgroup when switching from LSWS to Apache
 +  [Bug Fix] Fixed all LSPHP processes not being stopped when switching from LSWS to Apache
 +  [Bug Fix] Fixed a QuicEngine ​bug that sometimes ​caused a server crash.
  
 === Build 1 === === Build 1 ===
  
-  [Bug fixQUIC Transport fix+  ​[Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives. 
 +  [Improvement] Make built-in error and reCAPTCHA verification pages responsive. 
 +  [Improvement] Remove '​['​ '​]'​ enclosure for IPv6 addresses in the access log and request environment variable REMOTE_ADDR. 
 +  [Bug Fix] Fixed a bug that caused HTTP/2 requests to stall under rare conditions. 
 +  [Bug Fix] Fixed a bug that caused broken non-keepalive HTTPS responses. 
 +  ​[Bug FixFixed a bug that caused WordPress brute force protection false positive.
  
 === Build 0 === === Build 0 ===
 +
 +  [Security] Addressed recent HTTP/2 DoS advisories (https://​github.com/​Netflix/​security-bulletins/​blob/​master/​advisories/​third-party/​2019-002.md). Fixed CVE-2019-9516 ""​0-Length Headers Leak""​ vulnerability. Completely blocks unaffected attacks: ​ CVE-2019-9511 ""​Data Dribble"",​ CVE-2019-9512 ""​Ping Flood"",​ CVE-2019-9513 ""​Resource Loop"",​ CVE-2019-9514 ""​Reset Flood"",​ CVE-2019-9515 ""​Settings Flood"",​ CVE-2019-9517 ""​Internal Data Buffering"",​ and CVE-2019-9518 ""​Empty Frames Flood""​.
 +  [New Feature] Updated HTTP/3 support to Internet Draft 22.
 +  [New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly.
 +  [Improvement] reCAPTCHA engine has been improved to reduce false positives. ​
 +  [Bug fix] Fixed a chunk encoding bug that could cause data corruption.
 +  [Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services.
 +  [Bug Fix] Fixed a regression that prevented Apache vhosts from using PHP daemon mode.
 +  [Bug Fix] Fixed a cache engine bug that failed to forward the `X-Litespeed-purge2` response header to front-end ADC cache engines. ​
 +  [Bug Fix] Fixed a bug that causes Python WSGI applications to fork child processes frequently.
 +
 +===== Version 5.4 =====
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services.
 +
 +=== Build 2 ===
 +
 +  [New Feature] Updated HTTP/3 support to Internet Draft 22 .
 +  [New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly.
 +  [Improvement] Re-enabled PHP graceful shutdown now that the PHP LiteSpeed SAPI 7.5 package is ready.
 +  [Improvement] Tuned reCAPTCHA verification to avoid requesting verification on image/​css/​js files.
 +  [Bug Fix] Minor bug fixes for 404 logging and some rare crashes.
 +
 +=== Build 1 ===
 +
 +  [Update] Updated cPanel/WHM plugins to v1.2.3.3 and v3.3.3.5 respectively.
 +  [Bug fix] Fixed a chunk encoding bug that could cause data corruption.
 +  [Bug fix] Fixed a bug with customized reCAPTCHA pages.
 +  [Bug fix] Fixed a QUIC engine bug that affected graceful restarts.
 +  [Bug fix] Fixed a BAN request method parsing bug.
 +
 +=== Build 0 ===
 +
 +  [Major Improvement] Massive HTTP/2 HTTPS performance boost (up to 5x faster than LSWS v5.3.x).
 +  [Major New Feature] Experimental HTTP/3 draft 20 support.
 +  [Major New Feature] Redis and rewrite based dynamic virtual hosting.
 +  [Major New Feature] Server level reCAPTCHA protection efficiently defends against layer-7 DDoS attacks of any size.
 +  [New Feature] Added support for Q046 in QUIC engine.
 +  [New Feature] HTTPS accelerator with direct dynamic TLS record packaging, improving both HTTPS throughput and TTFB without compromise.
 +  [New Feature] HTTPS handshake offloading, improving HTTPS handshake speed and avoiding clogging the server'​s main event loop. (No extra configuration required)
 +  [New Feature] SO_REUSEPORT support, improving multi-worker scalability for high traffic deployments.
 +  [New Feature] HTTPS certificate compression,​ reducing the size of HTTPS handshake exchange data.
 +  [Improvement] Improved HTTP/2 stream prioritization for a better user browsing experience.
 +
 +=== RC4 ===
 +
 +  [New Feature] Support for SO_REUSEPORT for multi-worker license.
 +  [New Feature] HTTPS/QUIC handshake offloading.
 +  [New Feature] TLSv1.3 certificate compression.
 +  [New Feature] High Availability for Redis dynamic vhost setup.
 +  [New Feature] Support for Google QUIC 046.
 +  [New Feature] Experimental IETF QUIC draft-20.
 +
 +=== RC3 ===
 +
 +  [Major New Feature] Dynamic Virtual Host configuration through REDIS backend.
 +  [Major Improvement] Greatly improved HTTP/2 performance -- up to 7x faster than previous implementations.
 +  [Bug fix] Improved QUIC engine performance and stability.
 +  [Bug fix] All bug fixes and enhancements on 5.3.x branch included.
 +
 +=== RC2 ===
 +
 +  [Major New Feature] Dynamic virtual hosting through rewrite rules.
 +  [Improvement] Improved HTTP/2 performance.
 +  [New Feature] QUIC proxy backend support for backend communication through QUIC.
 +  [Bug fix] All applicable bug fixes from the 5.3 branch.
 +  [Bug fix] Fixed a few server crash bugs.
 +
 +=== RC1 ===
  
   [New Feature] Recaptcha verification for DDoS attack mitigation.   [New Feature] Recaptcha verification for DDoS attack mitigation.
Line 34: Line 175:
   [Major Improvement] Added LiteSpeed TLS Accelerator,​ maximizing HTTPS & HTTP/2 performance.   [Major Improvement] Added LiteSpeed TLS Accelerator,​ maximizing HTTPS & HTTP/2 performance.
   [Major Improvement] HTTP/2 performance has been improved with a better header compression/​decompression work flow.   [Major Improvement] HTTP/2 performance has been improved with a better header compression/​decompression work flow.
-  [Bug Fix] All bug fixes from LSWS 5.3.5 incremental builds included.+  [Bug fix] All bug fixes from LSWS 5.3.5 incremental builds included.
  
 +===== Version 5.3.8 =====
 +
 +=== Build 6 ===
 +
 +  [Update] Updated cPanel/WHM plugins v1.2.3.2 and v3.3.3.4 respectively.
 +  [Bug fix] Temporarily stop PHP processes with SIGKILL as a workaround for problems caused by clean shutdown logic added to PHP LiteSpeed SAPI v7.4.3.
 +  [Bug fix] Added websocket proxy support for cPanel and webmail subdomains in addition to WHM subdomains.
 +  [Bug fix] Fixed a QUIC engine bug and made QUIC more DoS attack resistant.
 +
 +=== Build 5 ===
 +
 +  [Bug Fix] Updated WHM plugin to v3.3.3.2 to fix a bug introduced in the previous version that caused most plugin actions to result in a PHP fatal error.
 +  [Bug Fix] To avoid server crash, PCLMUL will be disabled in the zlib library if the server CPU does not support PCLMUL instructions.
 +
 +=== Build 4 ===
 +
 +  [New feature] Web Cache Manager CLI support for DirectAdmin.
 +  [Bug fix] Fixed websocket proxy from https to ws:// backend; made WHM terminal work properly through proxy.
 +  [Bug fix] Improved compatibility with Apache; "​Require ip xxx" can bypass HTTP authentication.
 +  [Bug fix] Added support for "​AddEncoding br ..." to avoid double compression.
 +  [Bug fix] Updated WebAdmin code to avoid some E_STRICT warnings.
 +  [Bug fix] Fixed server PUSH parsing problem when '​Link'​ header contains multiple URLs.
 +
 +=== Build 3 ===
 +
 +  [Bug fix] Fixed an ACL bug occurring when environment variables are used in Allow/Deny configurations.
 +  [Bug fix] Fixed a request parser bug which caused the server to crash when a partition holding a temp file is out of space.
 +  [Bug fix] Fixed a cache engine bug that caused requests to certain URLs to hang.
 +
 +=== Build 2 ===
 +
 +  [Bug fix] Fixed a regression in PHP daemon mode that causes 503 errors.
 +
 +=== Build 1 ===
 +
 +  [Bug fix] Fixed an IP2Location configuration bug that could cause the server to crash during startup.
 +  [Bug fix] Fixed a bug with nested ESI subrequests that caused random crashes.
 +
 +=== Build 0 ===
 +
 +  [Security] Added built-in filter to block attempts at hacking LiteMage with crafted ESI requests.
 +  [New Feature] lscmctl script can now be used to install/​uninstall the LiteSpeed Web Cache Manager user-end plugin for cPanel. ​
 +  [New Feature] Recommend a plugin or broadcast a message to all discovered WordPress installations with the dash notify feature, available in both the lscmctl script and WHM plugin.
 +  [Improvement] Bundled WHM and user-end cPanel plugins have been updated to v3.3.1 and v1.2.0.2 respectively.
 +  [Improvement] Support request header sizes of up to 64K.
 +  [Improvement] Ignore <if> <​else>​ <​elseif>​ configuration contexts.
 +  [Improvement] Added support for Apache configuration directive ""​Require ip ...""​.
 +  [Improvement] Improved lsup.sh with stable release tier.
 +  [Improvement] Improved rc-inst.sh to install systemd unit file for Plesk + Debain/​Ubuntu.
 +  [Improvement] Improved NodeJS application compatibility and mod_passenger configuration handling.
 +  [Improvement] Added autoconfig for PHP 7.4.
 +  [Improvement] Improved compatibility with LSAPI 7.3 .
 +  [Improvement] Improved HPACK encoding performance.
 +  [Improvement] Cache engine now updates ""​X-LiteSpeed-Cache-Control max-age""​ value based on actual expire time when a front-end lscache proxy exists. ​
 +  [Improvement] Improved compatibility with Apache mod_security on variables REQUEST_BODY,​ REQUEST_FILENAME and LAST_UPDATE_TIME.
 +  [Improvement] Fixed PHP handler compatibility issues with Plesk'​s updated configuration template.
 +  [Improvement] Improved WordPress brute force detection IP logging.
 +  [Bug fix] Fixed an Apache SSL vhost SNI configuration bug.
 +  [Bug fix] Fixed a QuicEngine bug that could cause broken responses.
 +  [Bug fix] Fixed a cache + ESI engine bug that caused random server crashes.
 +  [Bug fix] Fixed rewrite engine infinite loop when rewrite map file is stored in an NFS mount.
 +  [Bug fix] Improved detached mode process manager to accurately stop detached processes when requested.
 +  [Bug Fix] Added User-Agent and Referer headers to server pushed requests to avoid failing possible checks in a user's custom configuration.
 +  [Bug Fix] Fixed FreeBSD 100% cpu usage for kqueue event loops when AIO logging is enabled.
 +  [Bug Fix] Fixed an SSL OCSP stapling bug.
 +  [Bug Fix] Fixed broken server restart when port offset had been set.
 +  [Bug Fix] Fixed a memory leak in the GeoIP module.
  
 ===== Version 5.3.7 ===== ===== Version 5.3.7 =====
 +
 +
 +=== Build 8 ===
 +
 +  [Bug Fix] Fixed a cache + ESI bug that could cause random crashes.
 +  [Bug Fix] Fixed a rewrite engine bug.
 +  [Bug Fix] Fixed a memory leak in the GeoIP module.
 +  [Bug Fix] Fixed a Plesk compatibility issue.
 +
 +=== Build 7 ===
 +
 +  [Improvement] Better WordPress brute force detection IP logging.
 +  [Improvement] Allow request header sizes greater than 32K.
 +  [Improvement] Added PID to error log messages for worker processes.
 +  [Bug fix] Fixed a Ruby selector regression introduced in v5.3.7 build 3.
 +  [Bug fix] Fixed an SSL OCSP stapling bug.
 +  [Bug Fix] Fixed broken server restart when port offset had been set.
 +
 +=== Build 6 ===
 +
 +  [New Feature] Added the ability to install/​uninstall the LiteSpeed Web Cache Manager user-end plugin for cPanel using the lscmctl script.
 +  [Improvement] Fixed PHP handler compatibility issues with Plesk'​s updated configuration template.
 +  [Improvement] Improved LSAPI compatibility with LSAPI 7.3 .
 +  [Improvement] Improved HPACK encoding performance.
 +  [Improvement] Cache engine now updates X-LiteSpeed-Cache-Control max-age value based on actual expire time when a front-end lscache proxy exists.
 +  [Improvement] Natively configured detached PHP process groups are now gracefully restarted. ​
 +
 +=== Build 5 ===
 +
 +  [New Feature] Recommend a plugin or broadcast a message to all discovered WordPress installations with the dash notify feature available in the lscmctl script and WHM plugin.
 +  [Improvement] Ignore <if> <​else>​ <​elseif>​ configuration contexts.
 +  [Improvement] Added autoconfig for PHP 7.4.
 +  [Update] Updated WHM plugin to v3.3 and user-end cPanel plugin to v1.2.
 +  [Bug Fix] ESI engine bug fix.
 +  [Bug Fix] Fixed freeBSD 100% cpu usage for kqueue event loops.
 +  [Bug Fix] Fixed a detached mode process manager bug that accidentally killed other lshttpd worker processes. ​
 +
 +=== Build 4 ===
 +
 +  [Improvement] Improved lsup.sh with stable tier.
 +  [Improvement] Improved NodeJS application compatibility and mod_passenger configuration handling.
 +  [Bug Fix] Fixed a bug in detached mode process manager that failed to stop running processes under certain server environments.
 +  [Bug Fix] Added User-Agent and Referer headers to server pushed requests to avoid failing possible checks in a user's custom configuration.
 +  [Bug Fix] Implemented mod_security REQUEST_BODY as a dedicate variable.
 +
 +=== Build 3 ===
 +
 +  [Improvement] Improved rc-inst.sh to install systemd unit file for Plesk + Debain/​Ubuntu.
 +  [Bug fix] Fixed an ESI engine memory management bug that caused random server crashes.
 +  [Bug fix] Fixed rewrite engine infinite loop when rewrite map file is stored in an NFS mount.
 +
 === Build 2 === === Build 2 ===
  
Line 240: Line 499:
   [BUGFIX] Fixed mod_security engine compatibility issue with latest COMODO ruleset.   [BUGFIX] Fixed mod_security engine compatibility issue with latest COMODO ruleset.
   [BUGFIX] Added "​Accept-Range:​ bytes" header back for static files.   [BUGFIX] Added "​Accept-Range:​ bytes" header back for static files.
-  [BUGFIX] Fixed bug in rewrite engine loop redirection detection. ​+  [BUGFIX] Fixed bug in rewrite engine loop redirection detection. 
 + 
 +===== Version 5.3.3 ===== 
 + 
 +=== Build 3 === 
 + 
 +  [Bug Fix]  Fixed a mod_security engine bug that caused incorrect behavior with the comodo ruleset. 
 + 
 +=== Build 2 === 
 + 
 +  [Bug Fix] Made adjustments to PHP handler configuration to fix broken PHP selector. 
 +  [Bug Fix] Fixed a memory leak in HTTP/2. 
 +  [Bug Fix] Fixed a crash when parsing Apache configuration. 
 + 
 +=== Build 0 === 
 + 
 +  [Bug Fix] Emergency release to ignore faulty rewrite rule introduced by cPanel
  • Admin
  • Last modified: 2019/03/22 08:04
  • by Lucas Rolff