Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
litespeed_wiki:changelog [2019/12/03 20:44]
Lucas Rolff 5.4.2 build 7
litespeed_wiki:changelog [2020/09/18 15:41] (current)
Lucas Rolff version 4.4.9
Line 1: Line 1:
 ====== LiteSpeed Web Server Changelog ====== ====== LiteSpeed Web Server Changelog ======
 +
 +===== Version 6.0 =====
 +
 +=== RC1 ===
 +
 +  [Major New Feature] Apache 2.4 conditional context <If> <​Ifelse>​ <​Else>​ support.
 +  [Major New Feature] Asynchronous mod_security engine.
 +  [Major New Feature] Bubblewrap isolated CGI/PHP execution environments.
 +  [New Feature] HTTP/3 draft 29 support.
 +  [Major Enhancement] HTTP/2 has gone through a major rewrite with more efficient header handling.
 +  [Enhancement] Added ModSecurity JSON audit log.
 +
 +===== Version 5.4.9 =====
 +
 +=== Build 3 ===
 +
 +  [New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
 +  [New Feature] Update cPanel plugin to automatically apply new ECC certificates generated through the plugin.
 +  [Bug Fix] Normalize IPv6 address to properly reuse existing listener sockets.
 +  [Bug Fix] Close down HTTP3/QUIC streams reset by peer in timely manner. ​
 +
 +=== Build 2 ===
 +
 +  [New Feature] New ForceSecureCookie configuration directive to enforce "​secure"​ and "​SameSite"​ cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory'​s .htaccess file.
 +  [Bug Fix] Apply header operations for pages generated by python/​nodejs applications.
 +  [Bug Fix] Properly detect HTTP/2 GREASE frame and GREASE settings entry, avoiding protocol errors.
 +  [Tuning] Automatically detect and neutralize bad rewrite rules that cause looping proxy to the same server.
 +  [Tuning] Install alt-python38 wsgi-lsapi binary from source if rpm package is not available.
 +  [Bug Fix] Avoid releasing cache objects too early.
 +  [Bug Fix] Address a rare crash in ESI parser. ​
 +
 +=== Build 1 ===
 +
 +  [Feature] Apply Expires header to a partial response for a range request.
 +  [Bugfix] Force apply ACL configuration changes when client access level is cached in SHM.
 +  [Bugfix] For directory auto index, avoid a blank file name when special characters are in the name.
 +
 +=== Build 0 ===
 +
 +  [New Feature] WHM plugin 4.1 with Let's Encrypt ECC certificate support. QUIC.cloud integration with SSL certificates synchronization.
 +  [New Feature] Automatic CloudFlare CDN IP detection.
 +  [New Feature] Support for bcrypt password hash for HTTP authentication.
 +  [Improvement] PHP version detection for cPanel FCGId PHP handler.
 +
 +===== Version 5.4.8 =====
 +
 +=== Build 5 ===
 +
 +  [Bug fix] Properly pass CHUNK encoded request body to script handler to address random file upload failure.
 +  [Bug fix] Addressed graceful restart failure when the server has many IPs in use and is forced to create listeners for individual IP.
 +
 +=== Build 4 ===
 +
 +  [New Feature] Control whether to wait for the full request body or not before passing requests to the request handler with new environment variable "​wait-req-full-body"​. (Waiting allows the request handler to see the full request body immediately)
 +  [Tuning] Increase reCAPTCHA verified status timeout from 1-hour to 1-day.
 +  [Tuning] Increase .htaccess processing time limit from 500ms to 2.5sec to allow for the processing of larger .htaccess files.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] LiteMage cache object count is now more accurate.
 +  [Bug Fix] Address a few compatibility issues with Plesk admin console proxy through regular HTTPS access.
 +  [Bug Fix] Cache statistics access through IPv6.
 +  [Improvement] Protect WebAdmin listener port from duplicate regular listener configuration.
 +  [Improvement] Add Plesk git integration support.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Address 404 error for reCAPTCHA verification.
 +  [Bug Fix] '​SetEnv'​ directive is now properly applied inside <​Files>​ or <​FilesMatch>​ contexts. ​
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] Correct DirectAdmin PHP handler detection when "​DirectAdmin"​ panel is selected under "​PHP"​ config tab.
 +  [Bug Fix] WebSocket ProxyPass configuration now works correctly inside the <​Location>​ context.
 +  [Bug Fix] Match Apache'​s Redirect behavior by discarding original query string if target URL has query string set.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Add the ability to load an extra ECC certificate for an Apache virtual host when multi-cert support is enabled.
 +  [New Feature] Apply header modification configurations in .htaccess to dynamic responses for CloudLinux Python/​Ruby/​NodeJS selector application.
 +  [New Feature] Update client IP using request header "​X-Real-IP"​.
 +  [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
 +  [Security] Block '​LD_*'​ environment variable overriding from .htaccess.
 +  [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0.
 +  [Improvement] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
 +  [Improvement] Update WHM plugin to v4.0 (drops support for EasyApache 3).
 +  [Improvement] Make reCAPATCHA compatible with WordPress password protected pages.
 +  [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
 +  [Bug Fix] Correct Magento LiteMage2 cache object statistics.
 +  [Bug Fix] Address an AJPv13 hanging bug.
 +  [Bug Fix] Enabling bandwidth throttling no longer causes rare HTTP/2 response hangs.
 +  [Bug Fix] Properly apply UMASK configuration for external applications.
 +  [Bug Fix] Fix a problem with Plesk log rotation when LSWS overrode Apache'​s rc script with a symbolic link.
 +  [Bug Fix] NodeJS default being not properly set in httpd_config.xml no longer causes crashing.
 +  [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
 +
 +===== Version 5.4.7 =====
 +
 +=== Build 9 ===
 +
 +  [Bug Fix] Correct a SHM memory allocation issue.
 +  [Bug Fix] Address a URL handling regression introduced in build 7 that affected NextCloud WebDAV clients.
 +
 +=== Build 8 ===
 +
 +  [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
 +  [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
 +  [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
 +  [Bug Fix] Correct a crash bug in cache engine.
 +  [Tuning] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
 +
 +=== Build 7 ===
 +
 +  [New Feature] For CloudLinux Python/​Ruby/​NodeJS selector application,​ applies header modification configuration in .htaccess to dynamic response.
 +  [Bug Fix] A mod_security engine bug that causes random crash.
 +  [Bug Fix] A bug in access log format validation.
 +
 +=== Build 6 ===
 +
 +  [Bug Fix] Fixed Plesk log rotation issue when LSWS override Apache rc script with symbolic link. 
 +  [Bug Fix] Fixed a crash when NodeJS default was not properly set in httpd_config.xml. ​
 +
 +=== Build 5 ===
 +
 +  [Security] Blocks overriding LD_PRELOAD environment variable from .htaccess.
 +  [Bug Fix] Fixed a corner case that causes hanging HTTP/2 response when bandwidth throttling is enabled. ​
 +  [Bug Fix] Properly apply UMASK configuration for external application. ​
 +
 +=== Build 4 ===
 +
 +  [New Feature] Added the ability to load extra ECC certificate for Apache virtual host when multi-cert support is enabled.
 +  [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0. 
 +  [Tuning] Disable cache if a request is blocked by mod_security.
 +  [Bug Fix] Minor bug fixes in cache engine. ​
 +  [Bug Fix] Minor bug fix in mod_security engine.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Fixed an HTTP/2 protocol bug encountered when a PHP page failed without sending back a response header.
 +  [Bug Fix] Fixed an internal memory management bug that caused random crashing.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Fixed an AJPv13 protocol bug that caused requests containing a request body to hang.
 +  [Tuning] Improved reCAPATCHA verification to make it compatible with WordPress password protected pages.
 +
 +=== Build 0 ===
 +
 +  [Security] Fixed a symbolic link attack in directory auto index script. Thank you KnownHost for the bug report. (CloudLinux user is not affected.)
 +  [New Feature] Added strict suEXEC and ownership checking on scripts.
 +  [New Feature] Added ability to configure static/​dynamic request per second limit for Apache ghost.
 +  [Bug Fix] Fixed reCAPTCHA triggering for the first access of an allowed robot.
 +  [Bug Fix] Added "​Cache-Control:​ no-cache"​ to reCAPTCHA verification page to disallow CDN/proxy cache.
 +  [Bug fix] Fixed delayed .htaccess loading.
 +  [Bug fix] Fixed a delayed server response bug with HTTP/2.
 +  [Bug fix] Fixed a NodeJS websocket backend configuration bug.
 +  [Bug fix] Shared lib for lscmctl script is now updated on server install/​update.
 +  [Tuning] Prevent ports 443 and 80 from being used as WebAdmin listener port.
 +  [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts,​ webdisk, ...) are unavailable.
 +  [Tuning] Automatically update /​proc/​sys/​net/​core/​somaxconn to 1024 whenever server performs a fresh startup.
 +  [Tuning] Added after=lve_namespaces.service to systemd unit file.
 +
 +===== Version 5.4.6 =====
 +
 +=== Build 5 ===
 +  [Bug Fix] Fixed a bug that reCAPTCHA was shown for the first access of an allowed robot.
 +  [Bug Fix] Added "​Cache-Control:​ no-cache"​ for reCAPTCHA verify page to disallow CDN/proxy cache. ​
 +
 +=== Build 4 ===
 +
 +  [Bug Fix] Minimize interference with mandatory rewrite processing when bypassing favicon URL rewrite.
 +  [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts,​ webdisk, ...) are unavailable.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Use request header value for RBL lookups.
 +  [Bug Fix] Fixed a configuration parser crash.
 +  [Bug Fix] Fixed HTTP/3 ALPN string to properly advertise h3-27.
 +  [Tuning] Automatically update /​proc/​sys/​net/​core/​somaxconn to 1024, when server performs a fresh startup.
 +  [Tuning] Avoid adjusting external application process priority based on server'​s priority.
 +
 +=== Build 2 ===
 +
 +  [New Feature] Added strict suEXEC and ownership checks for scripts.
 +  [New Feature] Added ability to configure static/​dynamic request per second limit for Apache vhost.
 +  [Tuning] Added after=lve_namespaces.service to systemd unit file.
 +  [Bug Fix] Fixed a bug when switching vhost log file.
 +  [Bug Fix] Fixed an HTTP/3 timestamp/​ACK ping-pong bug.
 +  [Bug Fix] Fixed a bug causing extra delay when response has content length = 0.
 +
 +=== Build 1 ===
 +
 +  [Bug fix] Fixed a bug causing delayed .htaccess loading.
 +  [Bug fix] Fixed an HTTP/2 bug that sometimes delayed server response.
 +  [Bug fix] Fixed a bug in NodeJS websocket backend configuration.
 +  [Bug fix] Shared lib for lscmctl is now updated on server install/​update.
 +  [Tuning] Prevent ports 443 and 80 for use as a WebAdmin listener.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Updated HTTP/3 support to include h3-27.
 +  [Bug Fix] Fixed a bug that caused ProxyPass ws:// target to stop working for certain configuration combination.
 +  [Bug Fix] Fixed a bug in HTTP/2 handling mismatched response content-length and actual reponse body size.
 +  [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
 +  [Bug Fix] Fixed a regression that broke /​tmp/​lshttpd/​swap auto cleanup.
 +  [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
 +  [Bug Fix] Fixed a crash in ModSecurity using libinjection.
 +  [Tuning] Set mod_security RBL DNS cache to 60 seconds.
 +  [Tuning] Disable TLSv1.1 by default.
 +  [Tuning] Enable SSL session tickets by default.
 +  [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.
 +
 +===== Version 5.4.5 =====
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
 +  [Bug Fix] Fixed a regression that broke /​tmp/​lshttpd/​swap auto cleanup.
 +  [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
 +  [Bug Fix] Fixed a crash in ModSecurity using libinjection.
 +  [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Minor ModSecurity compatibility fixes.
 +  [Bug Fix] Prevent WebAdmin Console 503 error on centos8 by installing libnsl package automatically.
 +  [Bug Fix] Minor bug fixes in HTTP/3 (QUIC) engine.
 +  [Tuning] Added add "​SameSite=Strict"​ attribute to ls_smartpush cookie.
 +  [Tuning] Update cp_switch_ws.sh script to work independently of any installed control panel plugins.
 +  [Bug Fix] Update uninstall.sh script to work properly when a control panel plugin is not installed.
 +  [Tuning] Downgraded some modsec log messages from "​error"​ to "​warning"​.
 +  [Bug Fix] Fixed a rewrite engine compatibility regression introduced in v5.4.4.
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] mod_security @validateUrlEncoding operator has been turned off to avoid unnecessary false positives.
 +  [Bug Fix] Fixed a cache engine bug that broke the "​Respect Cacheable"​ feature.
 +  [Bug Fix] Fixed a crash bug when detecting server startup time.
 +  [Tuning] Made HTML pages generated by the auto index script responsive.
 +  [Tuning] Hid confusing required/​restricted permission mask configurations in WebAdmin Console.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Added support for IETF HTTP/3 draft 25 (h3-25).
 +  [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database.
 +  [New Feature] Added full Captcha protection for WordPress login page.
 +  [New Feature] Optionally skip rewrite processing for Let's Encrypt verification requests.
 +  [New Feature] Automatically patch Set-Cookie with '​secure'​ flag when served over HTTPS.
 +  [Improvement] Added '​cssDecode'​ and '​utf8toUnicode'​ transformations to ModSecurity engine.
 +  [Improvement] Added support for '​REQUEST_SCHEME'​ request variable.
 +  [Improvement] Added '​-vb'​ command line option to print out version and build number.
 +  [Update] Updated WHM plugin to v3.3.7.
 +  [Bug Fix] Fixed websockets hanging on upgrade.
 +  [Bug Fix] Fixed a WebAdmin Console socket address validation bug.
 +  [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/​Ruby/​NodeJS applications.
 +  [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive.
 +  [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths.
 +  [Bug Fix] External application process startup time is now reliably detected.
 +  [Bug Fix] Fixed a minor regression with AHO string search.
 +  [Bug Fix] Fixed a bug using wrong log ID in error log. 
 +
 +===== Version 5.4.4 =====
 +
 +=== Build 8 ===
 +
 +  [Bug Fix] In cPanel environment,​ disable rewrite bypass for Let's Encrypt verification requests if dedicate rewrite rule for '​acme-challenge'​ detected.
 +
 +=== Build 7 ===
 +
 +  [Bug Fix] Fixed a random crash that occurred during SSL handshakes.
 +  [Bug Fix] Fixed a bug that rarely cased CPU usage to climb to 99% when shutting down SSL connections.
 +
 +=== Build 6 ===
 +
 +  [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths.
 +  [Bug Fix] Fixed a random reCAPTCHA verification failure with status code 500.
 +  [Bug Fix] External application process startup time is now reliably detected.
 +  [Bug Fix] Fixed a minor regression with AHO string search.
 +
 +=== Build 5 ===
 +
 +  [New Feature] Automatically patch Set-Cookie with '​secure'​ flag when served over HTTPS.
 +  [Bug Fix] Fixed a regression in Python/​Ruby/​NodeJS application '​tmp/​restart.txt'​ marker file handling.
 +  [Bug Fix] Fixed a WebAdmin Console socket address validation bug.
 +  [Bug Fix] Fixed a corner case to load trusted IP configured in document root .htaccess before reCAPTCHA verification. ​
 +
 +=== Build 4 ===
 +
 +  [New Feature] Skip rewrite processing for Let's Encrypt verification requests.
 +  [Bug Fix] Fixed websockets hanging on upgrade.
 +  [Bug Fix] Fixed a WebAdmin Console socket address validation bug.
 +  [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/​Ruby/​NodeJS applications.
 +  [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive.
 +
 +=== Build 3 ===
 +
 +  [New Feature] Added full Captcha protection for WordPress login page.
 +  [Bug Fix] Fixed a connection hang regression introduced in v5.4.4 build 2.
 +
 +=== Build 2 ===
 +
 +  [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database.
 +  [Bug Fix] Minor bug fixes to ModSecurity engine.
 +
 +=== Build 1 ===
 +
 +  [Improvement] Fine tuned HTTP/3 and QUIC engine performance.
 +  [Improvement] Added '​cssDecode'​ and '​utf8toUnicode'​ transformations to ModSecurity engine.
 +  [Improvement] Added '​ctl:​debugLogLevel'​ support to ModSecurity engine.
 +  [Improvement] Added support for '​REQUEST_SCHEME'​ request variable.
 +  [Improvement] Added '​-vb'​ command line option to print out version and build number.
 +  [Update] Updated WHM plugin to v3.3.6.
 +  [Bug Fix] Minor bug fixes in ModSecurity engine.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Added support for Google QUIC Q050. 
 +  [Security] Improved WebAdmin Console security by strictly checking request URLs. 
 +  [Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled. ​
 +  [Bug Fix] Fixed an ESI/​Litemage output corruption bug. 
 +  [Bug Fix] Fixed a bug in AIO logging that caused the access log to stop working. ​
 +  [Bug Fix] Fixed a bug causing 100% CPU usage for FreeBSD. ​
 +  [Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/​tmp/​lshttpd"​. ​
 +  [Bug Fix] Fixed a crash caused by memory mapped files being truncated.
 +
 +===== Version 5.4.3 =====
 +
 +=== Build 5 ===
 +
 +  [Bug Fix] Fixed a regression for mod_security request parser introduced in 5.4.3 build 4.
 +  [Bug Fix] Fixed a crash due to memory mapped file being truncated. ​
 +
 +=== Build 4 ===
 +
 +  [Security] Improved WebAdmin console security by strictly checking request URL. 
 +  [Bug Fix] Fixed a regression for FastCGI protocol support, introduced in 5.4.3 build 0.
 +  [Bug Fix] There are minor bug fixes for mod_security engine. ​
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Fixed a mutex dead-lock regression introduced in build 2 for AIO logging.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Fixed a bug in AIO logging that caused access log stop working.
 +  [Bug Fix] Fixed a bug caused 100% CPU usage for FreeBSD.
 +  [Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/​tmp/​lshttpd"​.
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled.
 +  [Bug Fix] Fixed an ESI/​Litemage output corruption bug.
 +  [Tuning] Fine tuned keepalive timeout for detached PHP processes to reduce the number of idle PHP processes.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Websocket backend support via the "​ProxyPass"​ directive. ​
 +  [Enhancement] Improved WordPress brute force protection when facing large botnet attacks.
 +  [Tuning] Updated HTTP/3 QUIC engine default congestion control method to CUBIC for better performance in good network conditions.
 +  [Update] Updated WHM plugin to v3.3.5 (includes support for displaying "​critical alerts"​).
 +  [Bug Fix] Fixed a few bugs in HTTP/3 QUIC engine.
 +  [Bug Fix] Fixed a bug in PID verification that failed to stop processes for detached applications.
 +  [Bug Fix] Fixed a bug in modsecurity engine where LOGGING phase processing was bypassed if a client was using a QUIC connection. ​
 +  [Bug Fix] Properly count 3 character second level domains against license domain limit.
 +  [Bug Fix] Properly parse IPv6 mapped IPv4 addresses in request header.
 +  [Bug Fix] Fixed missing "​REMOTE_USER"​ request environment variable when HTTP authentication is used.
 +  [Bug Fix] Fixed a problem with utf-8 characters in request URLs for Python applications.
 +  [Bug Fix] Improved lock contention handling when detached mode PHP processes are started concurrently by multiple server worker processes.
 +  [Bug Fix] Fixed an ESI sub-request bug that could stall proxy to backend communication.
 +  [Bug Fix] Fixed a DirectAdmin userdir bug.
  
 ===== Version 5.4.2 ===== ===== Version 5.4.2 =====
Line 5: Line 375:
 === Build 7 === === Build 7 ===
  
-  [Bug Fix] Fixed an HTTP/3 QUIC engine bug intorduced ​in build 6 that could cause action connections to close at random.+  [Bug Fix] Fixed an HTTP/3 QUIC engine bug introduced ​in build 6 that could cause action connections to close at random.
   [Tuning] Updated HTTP/3 QUIC engine default congestion control method to CUBIC for better performance in good network conditions.   [Tuning] Updated HTTP/3 QUIC engine default congestion control method to CUBIC for better performance in good network conditions.
   [Tuning] Lowered WordpressProtect minimum limit from 5 to 2 to better pairing with reCAPTCHA verification.   [Tuning] Lowered WordpressProtect minimum limit from 5 to 2 to better pairing with reCAPTCHA verification.
  • Admin
  • Last modified: 2019/12/03 20:44
  • by Lucas Rolff