This is an old revision of the document!
LiteSpeed Web Server Changelog
Version 5.4
RC4 build 3
[Improvement] Improved HTTP/2 stream priority implementation. [Bug Fix] Fixed a bug QUIC engine that causes connection to stall. [Bug Fix] Fixed a bug with Asynchronized I/O implementation.
RC4 build 2
[Bug Fix] Fixed a bug with asynchronous-I/O for serving static files. [Bug Fix] Fixed a QUIC engine bug.
RC4
[New feature] Support for SO_REUSEPORT for multi-worker license. [New feature] HTTPS/QUIC handshake offloading. [New feature] TLSv1.3 certificate compression. [New feature] High Availability for Redis dynamic vhost setup. [New feature] Support for Google QUIC 046. [New feature] Experimental IETF QUIC draft-20.
RC3
[Major New Feature] Dynamic Virtual Host configuration through REDIS backend. [Major Improvement] Greatly improved HTTP/2 performance -- up to 7x faster than previous implementations. [Bug Fix] Improved QUIC engine performance and stability. [Bug Fix] All bug fixes and enhancements on 5.3.x branch included.
RC2
[Major New Feature] Dynamic virtual hosting through rewrite rules. [Improvement] Improved HTTP/2 performance. [Bug Fix] All applicable bug fixes from the 5.3 branch. [Bug Fix] Fixed a few server crash bugs.
RC1 Build 3
[Bug Fix] Fixed a bug causing the default error page to hang on some HTTP/2 connections. [Bug Fix] Fixed a bug that causing some HTTPS connections to hang. [Bug Fix] Fixed an infinite recursion bug that caused a stack overflow when triggered.
RC1 Build 1
[Bug fix] QUIC Transport fix
RC1 Build 0
[New Feature] Recaptcha verification for DDoS attack mitigation. [New Feature] Support for Ruby/Python/Nodejs applications in native configuration. [New Feature] Added Virtual Host level trusted IP control, managed through .htaccess. [Major Improvement] Added LiteSpeed TLS Accelerator, maximizing HTTPS & HTTP/2 performance. [Major Improvement] HTTP/2 performance has been improved with a better header compression/decompression work flow. [Bug Fix] All bug fixes from LSWS 5.3.5 incremental builds included.
Version 5.3.8
Build 3
[Bug fix] Fixed an ACL bug occurring when environment variables are used in Allow/Deny configurations. [Bug fix] Fixed a request parser bug which caused the server to crash when a partition holding a temp file is out of space. [Bug fix] Fixed a cache engine bug that caused requests to certain URLs to hang.
Build 2
[Bug fix] Fixed a regression in PHP daemon mode that causes 503 errors.
Build 1
[Bug fix] Fixed an IP2Location configuration bug that could cause the server to crash during startup. [Bug fix] Fixed a bug with nested ESI subrequests that caused random crashes.
Build 0
[Security] Added built-in filter to block attempts at hacking LiteMage with crafted ESI requests. [New Feature] lscmctl script can now be used to install/uninstall the LiteSpeed Web Cache Manager user-end plugin for cPanel. [New Feature] Recommend a plugin or broadcast a message to all discovered WordPress installations with the dash notify feature, available in both the lscmctl script and WHM plugin. [Improvement] Bundled WHM and user-end cPanel plugins have been updated to v3.3.1 and v1.2.0.2 respectively. [Improvement] Support request header sizes of up to 64K. [Improvement] Ignore <if> <else> <elseif> configuration contexts. [Improvement] Added support for Apache configuration directive ""Require ip ..."". [Improvement] Improved lsup.sh with stable release tier. [Improvement] Improved rc-inst.sh to install systemd unit file for Plesk + Debain/Ubuntu. [Improvement] Improved NodeJS application compatibility and mod_passenger configuration handling. [Improvement] Added autoconfig for PHP 7.4. [Improvement] Improved compatibility with LSAPI 7.3 . [Improvement] Improved HPACK encoding performance. [Improvement] Cache engine now updates ""X-LiteSpeed-Cache-Control max-age"" value based on actual expire time when a front-end lscache proxy exists. [Improvement] Improved compatibility with Apache mod_security on variables REQUEST_BODY, REQUEST_FILENAME and LAST_UPDATE_TIME. [Improvement] Fixed PHP handler compatibility issues with Plesk's updated configuration template. [Improvement] Improved WordPress brute force detection IP logging. [Bug fix] Fixed an Apache SSL vhost SNI configuration bug. [Bug fix] Fixed a QuicEngine bug that could cause broken responses. [Bug fix] Fixed a cache + ESI engine bug that caused random server crashes. [Bug fix] Fixed rewrite engine infinite loop when rewrite map file is stored in an NFS mount. [Bug fix] Improved detached mode process manager to accurately stop detached processes when requested. [Bug Fix] Added User-Agent and Referer headers to server pushed requests to avoid failing possible checks in a user's custom configuration. [Bug Fix] Fixed FreeBSD 100% cpu usage for kqueue event loops when AIO logging is enabled. [Bug Fix] Fixed an SSL OCSP stapling bug. [Bug Fix] Fixed broken server restart when port offset had been set. [Bug Fix] Fixed a memory leak in the GeoIP module.
Version 5.3.7
Build 8
[Bug Fix] Fixed a cache + ESI bug that could cause random crashes. [Bug Fix] Fixed a rewrite engine bug. [Bug Fix] Fixed a memory leak in the GeoIP module. [Bug Fix] Fixed a Plesk compatibility issue.
Build 7
[Improvement] Better WordPress brute force detection IP logging. [Improvement] Allow request header sizes greater than 32K. [Improvement] Added PID to error log messages for worker processes. [Bug fix] Fixed a Ruby selector regression introduced in v5.3.7 build 3. [Bug fix] Fixed an SSL OCSP stapling bug. [Bug Fix] Fixed broken server restart when port offset had been set.
Build 6
[New Feature] Added the ability to install/uninstall the LiteSpeed Web Cache Manager user-end plugin for cPanel using the lscmctl script. [Improvement] Fixed PHP handler compatibility issues with Plesk's updated configuration template. [Improvement] Improved LSAPI compatibility with LSAPI 7.3 . [Improvement] Improved HPACK encoding performance. [Improvement] Cache engine now updates X-LiteSpeed-Cache-Control max-age value based on actual expire time when a front-end lscache proxy exists. [Improvement] Natively configured detached PHP process groups are now gracefully restarted.
Build 5
[New Feature] Recommend a plugin or broadcast a message to all discovered WordPress installations with the dash notify feature available in the lscmctl script and WHM plugin. [Improvement] Ignore <if> <else> <elseif> configuration contexts. [Improvement] Added autoconfig for PHP 7.4. [Update] Updated WHM plugin to v3.3 and user-end cPanel plugin to v1.2. [Bug Fix] ESI engine bug fix. [Bug Fix] Fixed freeBSD 100% cpu usage for kqueue event loops. [Bug Fix] Fixed a detached mode process manager bug that accidentally killed other lshttpd worker processes.
Build 4
[Improvement] Improved lsup.sh with stable tier. [Improvement] Improved NodeJS application compatibility and mod_passenger configuration handling. [Bug Fix] Fixed a bug in detached mode process manager that failed to stop running processes under certain server environments. [Bug Fix] Added User-Agent and Referer headers to server pushed requests to avoid failing possible checks in a user's custom configuration. [Bug Fix] Implemented mod_security REQUEST_BODY as a dedicate variable.
Build 3
[Improvement] Improved rc-inst.sh to install systemd unit file for Plesk + Debain/Ubuntu. [Bug fix] Fixed an ESI engine memory management bug that caused random server crashes. [Bug fix] Fixed rewrite engine infinite loop when rewrite map file is stored in an NFS mount.
Build 2
[Bug Fix] Fixed a detached mode process manager bug introduced in build 1.
Build 1
[Security] Added built-in filter to block attempts to hack LitemMage with crafted ESI request. [Bug Fix] Fixed a detached mode process manager bug made killing other unrelated processes possible. [Bug Fix] Fixed an Apache SSL vhost SNI configuration bug. [Bug Fix] Fixed a QuicEngine bug that could cause broken responses.
Build 0
[Security] Fixed a XSS vulnerability in directory auto index script. [Improvement] Improved QUIC transport protocol performance and reliability. [Improvement] Improved default configuration for servers with heavy disk I/O wait. [Improvement] Made IP based SSL SNI configuration exactly match Apache's. [Improvement] Made .rtreport symbolic links root owned to avoid LFD file warnings. [Improvement] Improved ESI support for JSON responses. [Improvement] Improved lsup.sh script to check build number against latest build. [Update] Updated bundled WHM plugin to v3.2.0.3 and user-end cPanel plugin to v1.1.1.2 to address an integration issue with the recent LSCWP release. [Bug Fix] Fixed a file descriptor leak in piped logger. [Bug Fix] Fixed a bug that prevented changing the Cache-Control or Expire headers within PHP. [Bug Fix] Fixed inaccurate real-time statistics. [Bug Fix] Fixed a rewrite engine compatibility issue. [Bug Fix] Fixed a regression in "Redirect" directive handling. [Bug Fix] Fixed a QUIC engine bug when handling extra long response headers. [Bug Fix] Fixed a regression that broke the "SetHandler" directive. [Bug fix] Fixed a rewrite engine bug where target URLs containing "../" could cause problems. [Bug fix] Fixed an external loop redirect detection bug. [Bug Fix] Fixed a mod_security bug stopping response headers from being logged to the audit_log. [Bug Fix] Fixed a mod_security engine bug that was mistakenly skipping some rules for POST requests. [Bug Fix] Fixed an ESI engine bug that broke detection for looping includes, causing the server to run out of memory. [Bug Fix] Increased logging for detach mode process manager. A forced lock release will now occur if a dead lock is detected when starting detach mode processes. [Bug Fix] Fixed systemd unit file lshttpd.service by requiring network-online.target. [Bug Fix] Allow xx.xx.xx.xx/32 as valid IP in ACL configuration.
Version 5.3.6
Build 6
[Security] .rtreport no longer world readable. [Improvement] Improved QUIC transport protocol performance and reliability. [Improvement] Made IP based SSL SNI configuration exactly match Apache's. [Improvement] Made .rtreport symbolic links root owned to avoid LFD file warnings. [Bug Fix] Fixed inaccurate real-time statistics.
Build 5
[Update] Updated bundled WHM plugin to v3.2.0.3 and user-end cPanel plugin to v1.1.1.2. [Improvement] Improved lsup.sh script to check build number against latest build. [Bug Fix] Fixed systemd unit file lshttpd.service, by requiring network-online.target. [Bug Fix] Allow xx.xx.xx.xx/32 as valid IP in ACL configuration.
Build 4
[Update] Updated bundled WHM plugin to v3.2.0.2 and user-end cPanel plugin to v1.1.1.1 to address an integration issue with the recent LSCWP v2.9.3. [Bug Fix] Fixed a mod_security engine bug that was mistakenly skipping some rules for POST requests. [Bug Fix] Fixed an ESI engine bug that broke detection for looping includes, causing the server to run out of memory. [Bug Fix] Increased logging for detach mode process manager. A forced lock release will now occur if a dead lock is detected when starting detach mode processes.
Build 3
[Improvement] Improved ESI support for JSON responses. [Bug fix] Fixed rewrite engine bug where target URLs containing "../" could cause problems. [Bug fix] Fixed an external loop redirect detection bug. [Bug Fix] Fixed a mod_security bug stopping response headers from being logged to the audit_log.
Build 2
[Bug Fix] Fixed a regression that broke the "SetHandler" directive. [Bug Fix] OCSP cache directory now properly adjusted in chroot environments.
Build 1
[Improvement] Improved default configuration for servers with heavy disk I/O wait. [Bug Fix] Fixed a rewrite engine compatibility issue. [Bug Fix] Fixed a regression in "Redirect" directive handling. [Bug Fix] Fixed a QUIC engine bug when handling extra long response headers.
Build 0
[New Feature] lscmctl script can now be used to set custom server and virtual host cache roots with the 'setcacheroot' command. [Improvement] Added "ProxyPass"/"ProxyPassMatch" support for AJP backend. [Improvement] Added support for "IP:port" in "X-Forwarded-For" header. [Improvement] Reliably switch back to Apache in the case of a LiteSpeed licensing problem. [Improvement] Added back support for SecFilterEngine and SecFilterScanPOST directives for backward compatibility. [Update] Updated bundled WHM plugin to v3.2.0.1 and user-end cPanel plugin to v1.1.1. [Bug Fix] Fixed AddHandler directive behavior to be the same as AddType. [Bug Fix] Fixed an OCSP stapling bug that caused Mozilla connection issues. [Bug Fix] Stopped PHP from logging errors into the error log when stderr.log was disabled. [Bug Fix] Fixed a SecRemoteRule handling bug. [Bug Fix] Fixed a bug causing detached PHP processes to be stopped during graceful restarts, which may cause random 503 errors. [Bug Fix] Fixed a bug in processing GeoIP2 mmdb database. [Bug Fix] Fixed a bug introduced in v5.3.5 build 5 that broke cPanel/WHM's "redirect to closest matched domain" feature. [Bug Fix] Fixed cPanel two factor authentication. [Bug Fixes] Minor bug fixes involving Apache compatibility issues.
Version 5.3.5
Build 9
[Bug Fix] Fixed a bug causing detached PHP processes to be stopped during graceful restarts.
Build 8
[Bug Fix] Fixed an OCSP response verification bug (introduced in the previous build) that caused crashing. [Bugfix] Fixed a bug in processing GeoIP2 mmdb database. [Bugfix] Fixed a bug introduced in 5.3.5 build 5 that breaks cPanel/WHM redirect to closest matched domain feature.
Build 7
[Enhancement] Added extra validation on OCSP response to avoid outdated response for newly renewed certificate. [Integration] Made LSWS compatible with Apache configuration generated by cPanel v78. [Bug Fix] Fixed AddHandler directive behavior to be the same as AddType.
Build 6
[New Feature] Added "ProxyPass"/"ProxyPassMatch" support for AJP backend. [New Feature] Added support for "IP:port" in "X-Forwarded-For" header. [Improvement] Detached PHP processes are now detected and restarted more reliably. [Bug Fix] Applied a SecRemoteRules fix to avoid rule file corruption. [Bug Fix] Fixed a bug that could cause a blank response body for pre-compressed content.
Build 5
[Update] Updated default welcome page content. [Bug Fix] Fixed a SecRemoteRule handling bug. [Bug Fix] Fixed a bug causing detached mode PHP processes to log PHP stderr messages to the server's error log file. [Bug Fix] Fixed an awstats integration bug that broke dynamic page generation mode. [Bug Fix] Fixed an infinite loop bug that occurred with badly configured contexts.
Build 4
[Improvement] Reliably switch back to Apache when there is a LiteSpeed licensing problem. [Improvement] Added back support for SecFilterEngine and SecFilterScanPOST directives for backward compatibility. [Bug Fix] Stopped PHP error logging into error log when stderr.log is disabled.
Build 3
[Bug Fix] Fixed a bug that causes excessive requests to OSCP responder. [Bug Fix] Fixed a bug that failed to handle some types of Node.js selector configurations. [Bug Fix] Fixed a bug that failed cPanel two factor authentication. [Bug Fix] Fixed a bug in LiteMage combined subrequest handling.
Build 0
[Improvement] Improvements to HTTP/2, QUIC, and rewrite engine. [Bug Fix] HTTP/2, QUIC, and rewrite engine bug fixes. [Bug Fix] Fixed mod_security engine not handling skipAfter properly in the `SecAction` directive. [Bug Fix] Fixed server failing to automatically fix cache directory permission problems.
Version 5.3.4
Build 8
[Bug Fix] Fixed a rewrite engine bug introduced in 5.3.4 build 7, which could cause ERR_SPDY_PROTOCOL_ERROR and redirect problems.
Build 7
[Improvement] Improved mod_rewrite compatibility. [Improvement] Improved QUIC engine by dynamically adjust batch size of outgoing packets.
Build 5
[Improvement] Improved PHP process abort feature to occur in a more timely manner. [Bug Fix] Fixed an HTTP/2 engine bug that caused connections to reset under certain situations.
Build 4
[Improvement] Improved mod_security engine with UNIQUE_ID support. [Update] Disabled 503 auto fix by default. [Bug Fix] Fixed an SSL OCSP stapling bug. [Bug Fix] Fixed memory and resource leaks. [Bug Fix] Fixed incompatible behavior with Python selector support. [Bug Fix] Fixed a license information display bug in WebAdmin Console.
Build 2
[Improvement] Improved compatibility for WebCache manager. [Bug Fix] This build include a fix for gQUIC v044 support
Build 1
[Improvement] Improved NODEJS support. [Improvement] Detect curl + HTTP/2 combination and disable HTTP/2 for future access. [Update] Updated WHM plugin to v3.1.3.2 to address a compatibility issue with newer versions of the LSCWP plugin. [Update] Updated cPanel user-end plugin to v1.0.2.1 to address a compatibility issue with newer versions of the LSCWP plugin.
Build 0
[MAJOR NEW FEATURE] Added support for Google QUIC v44. [NEW FEATURE] Improved Ruby/Python selector support and apply engine version changes on the fly. [NEW FEATURE] Allow overriding external application environment at vhost level. [NEW FEATURE] Log HTTP/2 in access log for HTTP/2 connection. [NEW FEATURE] Auto detect and use cPanel signed certificate for WebAdmin. [NEW FEATURE] Auto correct bad HTTPS proxy backend configured as HTTP. [IMPROVEMENT] Improved compatibility with ColdFusion engine. [UPDATE] Updated bundled WHM plugin to v3.1.3.1 [UPDATE] Updated bundled cPanel user-end plugin to v1.0.2. [BUGFIX] Fixed mod_security engine compatibility issue with latest COMODO ruleset. [BUGFIX] Added "Accept-Range: bytes" header back for static files. [BUGFIX] Fixed bug in rewrite engine loop redirection detection.
Version 5.3.3
Build 3
[Bug Fix] Fixed a mod_security engine bug that caused incorrect behavior with the comodo ruleset.
Build 2
[Bug Fix] Made adjustments to PHP handler configuration to fix broken PHP selector. [Bug Fix] Fixed a memory leak in HTTP/2. [Bug Fix] Fixed a crash when parsing Apache configuration.
Build 0
[Bug Fix] Emergency release to ignore faulty rewrite rule introduced by cPanel