Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
litespeed_wiki:changelog [2019/08/08 14:30]
Lucas Rolff Add no configuration required
litespeed_wiki:changelog [2019/08/21 14:10] (current)
Lucas Rolff 5.4.1 Build 1
Line 1: Line 1:
 ====== LiteSpeed Web Server Changelog ====== ====== LiteSpeed Web Server Changelog ======
 +
 +===== Version 5.4.1 =====
 +
 +=== Build 1 ===
 +
 +  [Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives.
 +  [Improvement] Make built-in error and reCAPTCHA verification pages responsive.
 +  [Improvement] Remove '​['​ '​]'​ enclosure for IPv6 addresses in the access log and request environment variable REMOTE_ADDR.
 +  [Bug Fix] Fixed a bug that caused HTTP/2 requests to stall under rare conditions.
 +  [Bug Fix] Fixed a bug that caused broken non-keepalive HTTPS responses.
 +  [Bug Fix] Fixed a bug that caused WordPress brute force protection false positive.
 +
 +=== Build 0 ===
 +
 +  [Security] Addressed recent HTTP/2 DoS advisories (https://​github.com/​Netflix/​security-bulletins/​blob/​master/​advisories/​third-party/​2019-002.md). Fixed CVE-2019-9516 ""​0-Length Headers Leak""​ vulnerability. Completely blocks unaffected attacks: ​ CVE-2019-9511 ""​Data Dribble"",​ CVE-2019-9512 ""​Ping Flood"",​ CVE-2019-9513 ""​Resource Loop"",​ CVE-2019-9514 ""​Reset Flood"",​ CVE-2019-9515 ""​Settings Flood"",​ CVE-2019-9517 ""​Internal Data Buffering"",​ and CVE-2019-9518 ""​Empty Frames Flood""​.
 +  [New Feature] Updated HTTP/3 support to Internet Draft 22.
 +  [New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly.
 +  [Improvement] reCAPTCHA engine has been improved to reduce false positives. ​
 +  [Bug fix] Fixed a chunk encoding bug that could cause data corruption.
 +  [Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services.
 +  [Bug Fix] Fixed a regression that prevented Apache vhosts from using PHP daemon mode.
 +  [Bug Fix] Fixed a cache engine bug that failed to forward the `X-Litespeed-purge2` response header to front-end ADC cache engines. ​
 +  [Bug Fix] Fixed a bug that causes Python WSGI applications to fork child processes frequently.
  
 ===== Version 5.4 ===== ===== Version 5.4 =====
  • Admin
  • Last modified: 2019/08/08 14:30
  • by Lucas Rolff