Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
litespeed_wiki:changelog [2019/12/11 11:53]
Lucas Rolff 5.4.3 build 0
litespeed_wiki:changelog [2021/05/21 19:34] (current)
Lucas Rolff Add build 12
Line 1: Line 1:
 ====== LiteSpeed Web Server Changelog ====== ====== LiteSpeed Web Server Changelog ======
 +
 +**Note:** If a build is missing, you're always able to find it here as well: https://​groups.google.com/​g/​litespeed-edge-users
 +
 +===== Version 6.0 =====
 +=== Build 12 ===
 +  [Bug Fix] Address '​HTTP2_PROTOCOL_ERROR'​ bug introduced in v6.0 build 11
 +=== Build 11 ===
 +  [Bug Fix] Properly apply whitelist for Quic.cloud and Cloudflare IPs when server level ACL is blank.
 +  [Bug Fix] Address vhost level rewrite rule false positives.
 +  [Bug Fix] Perform stricter request header name validation.
 +  [Bug Fix] Use a more efficient HTTP/3 PLPMTUD implementation.
 +  [Bug Fix] Correct a cPanel NodeJS application configuration problem.
 +  [Bug Fix] Disable INFO level logging about "​Pending MODSEC operation"​.
 +  [Bug Fix] Avoid converting response header name to lower case for HTTP/1.1.
 +  [Bug Fix] Address a few random crashes.
 +=== Build 10 ===
 +  [Bug Fix] Fix compression cache corruption regression introduced in build 9.
 +  [Bug Fix] Address DirectAdmin default PHP handler issue.
 +=== Build 9 ===
 +  [Bug Fix] Address a regression in cgi-bin handling introduced in 6.0 build 7.
 +  [Bug Fix] Allow ProxyPreserveHost configuration in <​Location>​ context.
 +  [Bug Fix] Address a stack overflow in handling certain SSI expressions.
 +  [Bug Fix] Add missing "​message"​ entry in mod_secuirty json audit log.
 +  [Bug Fix] Address a false positive in handling mod_security remote rule.
 +  [Bug Fix] Address HTTP/3 DLPMTUD false positives. ​
 +=== Build 8 ===
 +  [Improvement] Make ProxyPass work exactly as it does in Apache.
 +  [Bug Fix] Address another corner case causing broken Java AJP connections.
 +  [Bug Fix] Address broken FastCGI backend.
 +  [Bug Fix] Properly handle multiple Content-Type response headers.
 +  [Bug Fix] Address a thread safety issue with mod_security engine.
 +=== Build 7 ===
 +  [Bug fix] Address a corner case that was causing broken Java AJP connections.
 +  [Bug fix] Address an HPACK dynamic table memory usage problem. ​
 +=== Build 6 ===
 +  [Bug Fix] Address a crash caused by HTTP/3 server push (introduced in 6.0 build 5).
 +  [Bug Fix] Address a crash in cache engine.
 +  [Bug Fix] Address high CPU usage when QUIC transport is unable to send pending packets.
 +=== Build 5 ===
 +  [Bug Fix] Address a corner case that caused a truncated proxy response.
 +  [Bug Fix] Address a random crash.
 +  [Bug Fix] Increase rewrite engine match limit to avoid unexpected mismatch.
 +  [Bug Fix] Follow HTTP/3 specification more strictly.
 +=== Build 4 ===
 +  [Bug Fix] Address a server crash when loading an outdated SSL certificate.
 +  [Bug Fix] Fix a bad response due to a false positive in mod_security engine.
 +  [Bug Fix] Address a corner case in HTTP/3 that causes high CPU usage.
 +  [Bug Fix] Fix a random failure loading a CA bundle file for SSL certificate configuration.
 +=== Build 3 ===
 +  [Bug Fix] Address broken process resource limits for external applications.
 +  [Bug Fix] Address broken gQUIC handshake after SSL certificate updates.
 +=== Build 2 ===
 +  [Bug Fix] Correct broken cPanel redirects for /​(cpanel|webmail|whm).
 +  [Bug Fix] Correct broken virtual host level reCAPTCHA sensitivity trigger.
 +  [Bug Fix] Address random crashing when proxying to a '​wss://'​ backend.
 +  [Bug Fix] Address a deadlock in asynchronous DNS event handling.
 +=== Build 1 ===
 +  [Security] Fix a bug that allowed bypassing of built-in blocked URLs.  ​
 +
 +=== Build 0 ===
 +  [New Feature] HTTP/3 v1 support with with DPLPMTUD, Adaptive congestion control, Delayed ACK, and zero-copy packetization.
 +  [New Feature] Asynchronous mod_security engine.
 +  [New Feature] Cache engine POST request caching capability.
 +  [New Feature] Dynamic DNS lookup for external application backends.
 +  [New Feature] Support for Apache 2.4 conditional contexts '<​If>',​ '<​Ifelse>',​ and '<​Else>'​.
 +  [New Feature] Bubblewrap isolated CGI/PHP execution environments.
 +  [New Feature] Cgroup resource throttling for CGI/PHP.
 +  [New Feature] Support for secure websocket backend (wss://).
 +  [New Feature] Auto whitelist QUIC.cloud IPs.
 +  [Improvement] Better out-of-box compatibility with Apache ProxyPass directive.
 +  [Improvement] ModSecurity scan response body support.
 +  [Improvement] ModSecurity persistent collection SHM storage.
 +  [Improvement] ModSecurity JSON audit log.
 +  [Improvement] Revamp of SSL Multi-Cert support.
 +  [Bug Fix] All applicable bug fixes from 5.4.X releases.
 +
 +=== RC3 ===
 +  [New Feature] Support external application configuration using domain name for target address.
 +  [New Feature] HTTP/3 draft 32 support.
 +  [New Feature] Support for secure websocket backend (wss://).
 +  [Major Improvement] Better Apache ProxyPass compatibility with any target domain/IP, without the need to explicitly create an external application.
 +  [Major Improvement] HTTP/3 Delayed ACK extension has been enabled to improve performance.
 +  [Improvement] Better support for various ModSecurity variables.
 +  [Improvement] Fix various HTTP/3 congestion control corner cases to maximize throughput.
 +
 +=== RC2 ===
 +  [New Feature] ModSecurity scan response body support.
 +  [New Feature] HTTP/3 draft 31 support.
 +  [Major Improvement] Improve HTTP/3 throughput with DPLPMTUD, Adaptive congestion control, and zero-copy packetization.
 +  [Major Improvement] ModSecurity persistent collection SHM storage.
 +  [Major Improvement] Revamp of SSL Multi-Cert support.
 +
 +=== RC1 ===
 +  [Major New Feature] Apache 2.4 conditional context <If> <​Ifelse>​ <​Else>​ support.
 +  [Major New Feature] Asynchronous mod_security engine.
 +  [Major New Feature] Bubblewrap isolated CGI/PHP execution environments.
 +  [New Feature] HTTP/3 draft 29 support.
 +  [Major Enhancement] HTTP/2 has gone through a major rewrite with more efficient header handling.
 +  [Enhancement] Added ModSecurity JSON audit log.
 +
 +===== Version 5.4.12 =====
 +=== Build 7 ===
 +  [Bug Fix] Address a native pipe logger configuration failure.
 +
 +=== Build 6 ===
 +  [Bug Fix] Increase rewrite engine match limit to avoid unexpected mismatch.
 +
 +=== Build 4 ===
 +  [Bug Fix] Address broken virtual host level reCAPTCHA sensitivity trigger.  ​
 +
 +=== Build 3 ===
 +  [Security] Fix a bug that allowed bypassing of built-in blocked URLs.  ​
 +
 +
 +=== Build 2 ===
 +  [Bug Fix]  Correct problematic PCRE flag causing false positives in mod_security.
 +=== Build 1 ===
 +
 +  [Bug Fix] Address external application command sanitizer blocking some PHP binary paths.
 +
 +=== Build 0 ===
 +
 +  [Security] Fix a bug that allowed bypassing of built-in blocked URLs.
 +  [Security] Block improperly configured user/group and commands for external apps.
 +  [Feature] Auto white list QUIC.cloud IPs.
 +  [Bug Fix] Address content corruption for ESI includes.
 +  [Bug Fix] Improve ESI parser to handle improperly escaped ESI directives.
 +  [Bug Fix] Add SSL OCSP stapling for redis dynamic vhosts.
 +  [Bug Fix] Address a random crash in Layer 4 forwarding to websocket backends.
 +  [Bug Fix] cPanel webmail proxy domain email attachment uploads no longer hang.
 +  [Bug Fix] Update wsgi-lsapi to v1.9 to address a unicode encoding problem for Django applications.
 +  [Bug Fix] Improve NodeJS application compatibility.
 +  [Bug Fix] Start Ruby applications through a login bash shell to apply the necessary shell environment variables.
 +  [Bug Fix] Improve mod_security variables handling.
 +  [Bug Fix] Improve reCAPTCHA verification protection.
 +  ​
 +===== Version 5.4.11 =====
 +=== Build 9 ===
 +
 +  [Security] Fix a bug that allowed bypassing of built-in blocked URLs.
 +  [Bug Fix] Address a random crash in Layer 4 forwarding to websocket backends.
 +  [Bug Fix] Address content corruption for ESI includes.
 +  [Bug Fix] Apply vhost request rate throttling override when the bandwidth throttling is off.
 +  [Bug Fix] Add SSL OCSP stapling for redis dynamic vhosts.
 +  [Bug Fix] Persistent warning about lsws systemd unit file has been changed in Plesk environments.
 +  [Bug Fix] Make "​AddDefaultCharset"​ work for javscript and json response.
 +  [Tuning] Finetune vhost reCAPTCHA sensitivity.
 +
 +=== Build 8 ===
 +
 +  [Bug Fix] cPanel webmail proxy domain email attachment uploads no longer hang.
 +  [Bug Fix] Update wsgi-lsapi to v1.9 to address a unicode encoding problem for Django applications.
 +  [Bug Fix] Update bundled WHM plugin to v4.1.3.1.
 +  [Debug] Improve private PURGE debug log messages with private cookie values.
 +
 +=== Build 7 ===
 +
 +  [Security] Block improperly configured user/group and commands for external apps.
 +  [Bug Fix] Improve ESI parser to handle improperly escaped ESI directives.
 +  [Bug Fix] Fix NodeJS application helper script which may call undefined function.
 +  [Bug Fix] Avoid race condition when multiple workers try to start a detached external application.
 +
 +=== Build 6 ===
 +
 +  [Bug Fix] Properly support REQUEST_COOKIES collection in mod_security engine.
 +  [Bug Fix] Mod_security @rx operator now properly matches multi-line input.
 +  [Bug Fix] Improve NodeJS application compatibility.
 +  [Bug Fix] Start Ruby applications through a login bash shell to apply the necessary shell environment variables.
 +  [Bug Fix] Update ruby-lsapi gem to 5.2 for alt-ruby and Plesk ruby installations.
 +
 +=== Build 5 ===
 +
 +  [Bug Fix] Use long delay for access logging when AIO logging is enabled.
 +  [Bug Fix] Only throttle POST requests to wp-login.php for WordPress brute force protection.
 +  [Bug Fix] Log the correct value for the GEOIP environment variable in log message for a mod_security hit.
 +  [Bug Fix] Corner case that caused chunked input streams to hang (introduced in 5.4.11 build 3.) has been fixed.
 +  [Improvement] Allow the unsetting of non-indexed requested headers via the "​RequestHeader unset ..." directive.
 +
 +=== Build 4 ===
 +
 +  [Bug Fix] A timing issue with SSL ticket key rotation that causes brief SSL connection errors.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Rewrite rule triggered reCAPTCHA causing rare server hang.
 +  [Bug Fix] Chunk decoding hanging issue for request body.
 +  [Bug Fix] Response header count limit raise to 64K.
 +  [Bug Fix] Client info cache reference counting issue.
 +  [Tuning] Default timeout for SSL session ticket set to 1 hour.
 +  [Tuning] Default umask set to 022.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Matched Apache ModSecurity behavior by logging hits with "​pass"​ action to error log.
 +  [Bug Fix] Fixed NodeJS application directory index for static content.
 +  [Bug Fix] Improved lsquic busy loop detection to avoid false positives.
 +  [Bug Fix] Log and auto correct the issue where Python application switches the directory for serving static content.
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] Handle stream RESET in a timely manner for HTTP/3 and QUIC connections.
 +  [Bug Fix] Automatically add local IPv4 and IPv6 addresses to trusted IP list.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Support for Apache configuration directive '​AuthMerging'​.
 +  [Improvement] Support for RewriteCond operators added by Apache 2.4 which includes '>​='​ , '<​=',​ '​-eq'​ , '​-ge'​ , '​-gt',​ '​-le'​ , '​-lt',​ '​-ne',​ '​-h',​ '​-L',​ and '​-x'​.
 +  [Improvement] Update bundled WHM Plugin to v4.1.3 (bundled w/ cPanel plugin v2.1.2).
 +  [Bug Fix] Do not load .htaccess from parent directories beyond document root when AllowOverride is disabled for those parent directories in Apache configuration.
 +  [Bug Fix] Address a crash in ESI sub requests.
 +  [Bug Fix] Avoid restoring older system file backups if a switch back to Apache has been performed.
 +  [Bug Fix] Avoid throttling or blocking local IP.
 +  [Bug Fix] Address occasional slow down caused by long delays added by CUBIC congestion control for HTTP/3 (QUIC).
 +  [Bug Fix] CloudLinux App config now follow max connections configured in LSWS native App config.
 +  [Bug Fix] Properly apply environment variable configuration for CloudLinux Node selector.
 +  [Bug Fix] Address a false positive that was blocking IPs due to "too many new SSL connections"​.
 +  [Bug Fix] Plesk webstats page now works properly.
 +
 +===== Version 5.4.10 =====
 +
 +=== Build 4 ===
 +
 +  [Bug Fix] Do not load .htaccess from parent directories beyond document root when AllowOverride is disabled for those parent directories in Apache configuration.
 +  [Bug Fix] Address a crash in ESI sub request.
 +  [Bug Fix] Avoid restoring older system file backups if a switch back to Apache has been performed.
 +  [Bug Fix] Avoid throttling or blocking local IP.
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] Allow default PHP handler to follow explicit configurations for DirectAdmin.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Add ForceSecureCookie configuration directive to enforce "​secure"​ and "​SameSite"​ cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory'​s .htaccess file.
 +  [New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
 +  [New Feature] Update cPanel plugin to automatically apply new ECC certificates generated through the plugin.
 +  [Improvement] Apply Expires header to a partial response for a range request.
 +  [Improvement] Improve PHP default handler for DirectAdmin.
 +  [Improvement] Update bundled WHM plugin to v4.1.2 with improved WP cache scan logic.
 +  [Bug Fix] Avoid stapling expired OCSP responses.
 +  [Bug Fix] Properly apply URL encoding for Location URL generated by a rewrite rule.
 +  [Bug Fix] HTTP3/IETF QUIC: close immediately if crypto session can't be initialized.
 +  [Bug Fix] Close down HTTP3/QUIC streams reset by peer in a timely manner.
 +  [Bug Fix] Normalize IPv6 addresses to properly reuse existing listener sockets.
 +  [Bug Fix] Update Python application handler internal URL to avoid being blocked when .py suffix is blocked.
 +  [Bug Fix] Apply header operations for pages generated by python/​nodejs applications.
 +  [Bug Fix] Properly detect HTTP/2 GREASE frame and GREASE settings entry, avoiding protocol errors.
 +  [Bug Fix] Avoid releasing cache objects too early.
 +  [Bug Fix] Address a rare crash in ESI parser.
 +  [Bug Fix] Force apply ACL configuration changes when client access level is cached in SHM.
 +  [Bug Fix] Reset per client concurrent connection counter stored in SHM when server restarts.
 +  [Bug Fix] For directory auto index, avoid a blank file name when special characters are in the name.
 +  [Tuning] Automatically detect and neutralize bad rewrite rules that cause looping proxy to the same server.
 +  [Tuning] Install alt-python38 wsgi-lsapi binary from source if rpm package is not available.
 +  [Tuning] Add PHP 8.0 auto detection.
 +
 +===== Version 5.4.9 =====
 +
 +=== Build 4 ===
 +
 +  [Improvement] Improve PHP default handler for DirectAdmin.
 +  [Bug Fix] Avoid stapling expired OCSP responses.
 +  [Bug Fix] HTTP3/IETF QUIC: close immediately if crypto session can't be initialized.
 +  [Bug Fix] Address a rare/random crash.
 +
 +=== Build 3 ===
 +
 +  [New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
 +  [New Feature] Update cPanel plugin to automatically apply new ECC certificates generated through the plugin.
 +  [Bug Fix] Normalize IPv6 address to properly reuse existing listener sockets.
 +  [Bug Fix] Close down HTTP3/QUIC streams reset by peer in timely manner. ​
 +
 +=== Build 2 ===
 +
 +  [New Feature] New ForceSecureCookie configuration directive to enforce "​secure"​ and "​SameSite"​ cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory'​s .htaccess file.
 +  [Bug Fix] Apply header operations for pages generated by python/​nodejs applications.
 +  [Bug Fix] Properly detect HTTP/2 GREASE frame and GREASE settings entry, avoiding protocol errors.
 +  [Tuning] Automatically detect and neutralize bad rewrite rules that cause looping proxy to the same server.
 +  [Tuning] Install alt-python38 wsgi-lsapi binary from source if rpm package is not available.
 +  [Bug Fix] Avoid releasing cache objects too early.
 +  [Bug Fix] Address a rare crash in ESI parser. ​
 +
 +=== Build 1 ===
 +
 +  [Feature] Apply Expires header to a partial response for a range request.
 +  [Bugfix] Force apply ACL configuration changes when client access level is cached in SHM.
 +  [Bugfix] For directory auto index, avoid a blank file name when special characters are in the name.
 +
 +=== Build 0 ===
 +
 +  [New Feature] WHM plugin 4.1 with Let's Encrypt ECC certificate support. QUIC.cloud integration with SSL certificates synchronization.
 +  [New Feature] Automatic CloudFlare CDN IP detection.
 +  [New Feature] Support for bcrypt password hash for HTTP authentication.
 +  [Improvement] PHP version detection for cPanel FCGId PHP handler.
 +
 +===== Version 5.4.8 =====
 +
 +=== Build 5 ===
 +
 +  [Bug fix] Properly pass CHUNK encoded request body to script handler to address random file upload failure.
 +  [Bug fix] Addressed graceful restart failure when the server has many IPs in use and is forced to create listeners for individual IP.
 +
 +=== Build 4 ===
 +
 +  [New Feature] Control whether to wait for the full request body or not before passing requests to the request handler with new environment variable "​wait-req-full-body"​. (Waiting allows the request handler to see the full request body immediately)
 +  [Tuning] Increase reCAPTCHA verified status timeout from 1-hour to 1-day.
 +  [Tuning] Increase .htaccess processing time limit from 500ms to 2.5sec to allow for the processing of larger .htaccess files.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] LiteMage cache object count is now more accurate.
 +  [Bug Fix] Address a few compatibility issues with Plesk admin console proxy through regular HTTPS access.
 +  [Bug Fix] Cache statistics access through IPv6.
 +  [Improvement] Protect WebAdmin listener port from duplicate regular listener configuration.
 +  [Improvement] Add Plesk git integration support.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Address 404 error for reCAPTCHA verification.
 +  [Bug Fix] '​SetEnv'​ directive is now properly applied inside <​Files>​ or <​FilesMatch>​ contexts. ​
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] Correct DirectAdmin PHP handler detection when "​DirectAdmin"​ panel is selected under "​PHP"​ config tab.
 +  [Bug Fix] WebSocket ProxyPass configuration now works correctly inside the <​Location>​ context.
 +  [Bug Fix] Match Apache'​s Redirect behavior by discarding original query string if target URL has query string set.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Add the ability to load an extra ECC certificate for an Apache virtual host when multi-cert support is enabled.
 +  [New Feature] Apply header modification configurations in .htaccess to dynamic responses for CloudLinux Python/​Ruby/​NodeJS selector application.
 +  [New Feature] Update client IP using request header "​X-Real-IP"​.
 +  [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
 +  [Security] Block '​LD_*'​ environment variable overriding from .htaccess.
 +  [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0.
 +  [Improvement] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
 +  [Improvement] Update WHM plugin to v4.0 (drops support for EasyApache 3).
 +  [Improvement] Make reCAPATCHA compatible with WordPress password protected pages.
 +  [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
 +  [Bug Fix] Correct Magento LiteMage2 cache object statistics.
 +  [Bug Fix] Address an AJPv13 hanging bug.
 +  [Bug Fix] Enabling bandwidth throttling no longer causes rare HTTP/2 response hangs.
 +  [Bug Fix] Properly apply UMASK configuration for external applications.
 +  [Bug Fix] Fix a problem with Plesk log rotation when LSWS overrode Apache'​s rc script with a symbolic link.
 +  [Bug Fix] NodeJS default being not properly set in httpd_config.xml no longer causes crashing.
 +  [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
 +
 +===== Version 5.4.7 =====
 +
 +=== Build 9 ===
 +
 +  [Bug Fix] Correct a SHM memory allocation issue.
 +  [Bug Fix] Address a URL handling regression introduced in build 7 that affected NextCloud WebDAV clients.
 +
 +=== Build 8 ===
 +
 +  [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
 +  [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
 +  [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
 +  [Bug Fix] Correct a crash bug in cache engine.
 +  [Tuning] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
 +
 +=== Build 7 ===
 +
 +  [New Feature] For CloudLinux Python/​Ruby/​NodeJS selector application,​ applies header modification configuration in .htaccess to dynamic response.
 +  [Bug Fix] A mod_security engine bug that causes random crash.
 +  [Bug Fix] A bug in access log format validation.
 +
 +=== Build 6 ===
 +
 +  [Bug Fix] Fixed Plesk log rotation issue when LSWS override Apache rc script with symbolic link. 
 +  [Bug Fix] Fixed a crash when NodeJS default was not properly set in httpd_config.xml. ​
 +
 +=== Build 5 ===
 +
 +  [Security] Blocks overriding LD_PRELOAD environment variable from .htaccess.
 +  [Bug Fix] Fixed a corner case that causes hanging HTTP/2 response when bandwidth throttling is enabled. ​
 +  [Bug Fix] Properly apply UMASK configuration for external application. ​
 +
 +=== Build 4 ===
 +
 +  [New Feature] Added the ability to load extra ECC certificate for Apache virtual host when multi-cert support is enabled.
 +  [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0. 
 +  [Tuning] Disable cache if a request is blocked by mod_security.
 +  [Bug Fix] Minor bug fixes in cache engine. ​
 +  [Bug Fix] Minor bug fix in mod_security engine.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Fixed an HTTP/2 protocol bug encountered when a PHP page failed without sending back a response header.
 +  [Bug Fix] Fixed an internal memory management bug that caused random crashing.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Fixed an AJPv13 protocol bug that caused requests containing a request body to hang.
 +  [Tuning] Improved reCAPATCHA verification to make it compatible with WordPress password protected pages.
 +
 +=== Build 0 ===
 +
 +  [Security] Fixed a symbolic link attack in directory auto index script. Thank you KnownHost for the bug report. (CloudLinux user is not affected.)
 +  [New Feature] Added strict suEXEC and ownership checking on scripts.
 +  [New Feature] Added ability to configure static/​dynamic request per second limit for Apache ghost.
 +  [Bug Fix] Fixed reCAPTCHA triggering for the first access of an allowed robot.
 +  [Bug Fix] Added "​Cache-Control:​ no-cache"​ to reCAPTCHA verification page to disallow CDN/proxy cache.
 +  [Bug fix] Fixed delayed .htaccess loading.
 +  [Bug fix] Fixed a delayed server response bug with HTTP/2.
 +  [Bug fix] Fixed a NodeJS websocket backend configuration bug.
 +  [Bug fix] Shared lib for lscmctl script is now updated on server install/​update.
 +  [Tuning] Prevent ports 443 and 80 from being used as WebAdmin listener port.
 +  [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts,​ webdisk, ...) are unavailable.
 +  [Tuning] Automatically update /​proc/​sys/​net/​core/​somaxconn to 1024 whenever server performs a fresh startup.
 +  [Tuning] Added after=lve_namespaces.service to systemd unit file.
 +
 +===== Version 5.4.6 =====
 +
 +=== Build 5 ===
 +  [Bug Fix] Fixed a bug that reCAPTCHA was shown for the first access of an allowed robot.
 +  [Bug Fix] Added "​Cache-Control:​ no-cache"​ for reCAPTCHA verify page to disallow CDN/proxy cache. ​
 +
 +=== Build 4 ===
 +
 +  [Bug Fix] Minimize interference with mandatory rewrite processing when bypassing favicon URL rewrite.
 +  [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts,​ webdisk, ...) are unavailable.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Use request header value for RBL lookups.
 +  [Bug Fix] Fixed a configuration parser crash.
 +  [Bug Fix] Fixed HTTP/3 ALPN string to properly advertise h3-27.
 +  [Tuning] Automatically update /​proc/​sys/​net/​core/​somaxconn to 1024, when server performs a fresh startup.
 +  [Tuning] Avoid adjusting external application process priority based on server'​s priority.
 +
 +=== Build 2 ===
 +
 +  [New Feature] Added strict suEXEC and ownership checks for scripts.
 +  [New Feature] Added ability to configure static/​dynamic request per second limit for Apache vhost.
 +  [Tuning] Added after=lve_namespaces.service to systemd unit file.
 +  [Bug Fix] Fixed a bug when switching vhost log file.
 +  [Bug Fix] Fixed an HTTP/3 timestamp/​ACK ping-pong bug.
 +  [Bug Fix] Fixed a bug causing extra delay when response has content length = 0.
 +
 +=== Build 1 ===
 +
 +  [Bug fix] Fixed a bug causing delayed .htaccess loading.
 +  [Bug fix] Fixed an HTTP/2 bug that sometimes delayed server response.
 +  [Bug fix] Fixed a bug in NodeJS websocket backend configuration.
 +  [Bug fix] Shared lib for lscmctl is now updated on server install/​update.
 +  [Tuning] Prevent ports 443 and 80 for use as a WebAdmin listener.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Updated HTTP/3 support to include h3-27.
 +  [Bug Fix] Fixed a bug that caused ProxyPass ws:// target to stop working for certain configuration combination.
 +  [Bug Fix] Fixed a bug in HTTP/2 handling mismatched response content-length and actual reponse body size.
 +  [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
 +  [Bug Fix] Fixed a regression that broke /​tmp/​lshttpd/​swap auto cleanup.
 +  [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
 +  [Bug Fix] Fixed a crash in ModSecurity using libinjection.
 +  [Tuning] Set mod_security RBL DNS cache to 60 seconds.
 +  [Tuning] Disable TLSv1.1 by default.
 +  [Tuning] Enable SSL session tickets by default.
 +  [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.
 +
 +===== Version 5.4.5 =====
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
 +  [Bug Fix] Fixed a regression that broke /​tmp/​lshttpd/​swap auto cleanup.
 +  [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
 +  [Bug Fix] Fixed a crash in ModSecurity using libinjection.
 +  [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Minor ModSecurity compatibility fixes.
 +  [Bug Fix] Prevent WebAdmin Console 503 error on centos8 by installing libnsl package automatically.
 +  [Bug Fix] Minor bug fixes in HTTP/3 (QUIC) engine.
 +  [Tuning] Added add "​SameSite=Strict"​ attribute to ls_smartpush cookie.
 +  [Tuning] Update cp_switch_ws.sh script to work independently of any installed control panel plugins.
 +  [Bug Fix] Update uninstall.sh script to work properly when a control panel plugin is not installed.
 +  [Tuning] Downgraded some modsec log messages from "​error"​ to "​warning"​.
 +  [Bug Fix] Fixed a rewrite engine compatibility regression introduced in v5.4.4.
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] mod_security @validateUrlEncoding operator has been turned off to avoid unnecessary false positives.
 +  [Bug Fix] Fixed a cache engine bug that broke the "​Respect Cacheable"​ feature.
 +  [Bug Fix] Fixed a crash bug when detecting server startup time.
 +  [Tuning] Made HTML pages generated by the auto index script responsive.
 +  [Tuning] Hid confusing required/​restricted permission mask configurations in WebAdmin Console.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Added support for IETF HTTP/3 draft 25 (h3-25).
 +  [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database.
 +  [New Feature] Added full Captcha protection for WordPress login page.
 +  [New Feature] Optionally skip rewrite processing for Let's Encrypt verification requests.
 +  [New Feature] Automatically patch Set-Cookie with '​secure'​ flag when served over HTTPS.
 +  [Improvement] Added '​cssDecode'​ and '​utf8toUnicode'​ transformations to ModSecurity engine.
 +  [Improvement] Added support for '​REQUEST_SCHEME'​ request variable.
 +  [Improvement] Added '​-vb'​ command line option to print out version and build number.
 +  [Update] Updated WHM plugin to v3.3.7.
 +  [Bug Fix] Fixed websockets hanging on upgrade.
 +  [Bug Fix] Fixed a WebAdmin Console socket address validation bug.
 +  [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/​Ruby/​NodeJS applications.
 +  [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive.
 +  [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths.
 +  [Bug Fix] External application process startup time is now reliably detected.
 +  [Bug Fix] Fixed a minor regression with AHO string search.
 +  [Bug Fix] Fixed a bug using wrong log ID in error log. 
 +
 +===== Version 5.4.4 =====
 +
 +=== Build 8 ===
 +
 +  [Bug Fix] In cPanel environment,​ disable rewrite bypass for Let's Encrypt verification requests if dedicate rewrite rule for '​acme-challenge'​ detected.
 +
 +=== Build 7 ===
 +
 +  [Bug Fix] Fixed a random crash that occurred during SSL handshakes.
 +  [Bug Fix] Fixed a bug that rarely cased CPU usage to climb to 99% when shutting down SSL connections.
 +
 +=== Build 6 ===
 +
 +  [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths.
 +  [Bug Fix] Fixed a random reCAPTCHA verification failure with status code 500.
 +  [Bug Fix] External application process startup time is now reliably detected.
 +  [Bug Fix] Fixed a minor regression with AHO string search.
 +
 +=== Build 5 ===
 +
 +  [New Feature] Automatically patch Set-Cookie with '​secure'​ flag when served over HTTPS.
 +  [Bug Fix] Fixed a regression in Python/​Ruby/​NodeJS application '​tmp/​restart.txt'​ marker file handling.
 +  [Bug Fix] Fixed a WebAdmin Console socket address validation bug.
 +  [Bug Fix] Fixed a corner case to load trusted IP configured in document root .htaccess before reCAPTCHA verification. ​
 +
 +=== Build 4 ===
 +
 +  [New Feature] Skip rewrite processing for Let's Encrypt verification requests.
 +  [Bug Fix] Fixed websockets hanging on upgrade.
 +  [Bug Fix] Fixed a WebAdmin Console socket address validation bug.
 +  [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/​Ruby/​NodeJS applications.
 +  [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive.
 +
 +=== Build 3 ===
 +
 +  [New Feature] Added full Captcha protection for WordPress login page.
 +  [Bug Fix] Fixed a connection hang regression introduced in v5.4.4 build 2.
 +
 +=== Build 2 ===
 +
 +  [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database.
 +  [Bug Fix] Minor bug fixes to ModSecurity engine.
 +
 +=== Build 1 ===
 +
 +  [Improvement] Fine tuned HTTP/3 and QUIC engine performance.
 +  [Improvement] Added '​cssDecode'​ and '​utf8toUnicode'​ transformations to ModSecurity engine.
 +  [Improvement] Added '​ctl:​debugLogLevel'​ support to ModSecurity engine.
 +  [Improvement] Added support for '​REQUEST_SCHEME'​ request variable.
 +  [Improvement] Added '​-vb'​ command line option to print out version and build number.
 +  [Update] Updated WHM plugin to v3.3.6.
 +  [Bug Fix] Minor bug fixes in ModSecurity engine.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Added support for Google QUIC Q050. 
 +  [Security] Improved WebAdmin Console security by strictly checking request URLs. 
 +  [Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled. ​
 +  [Bug Fix] Fixed an ESI/​Litemage output corruption bug. 
 +  [Bug Fix] Fixed a bug in AIO logging that caused the access log to stop working. ​
 +  [Bug Fix] Fixed a bug causing 100% CPU usage for FreeBSD. ​
 +  [Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/​tmp/​lshttpd"​. ​
 +  [Bug Fix] Fixed a crash caused by memory mapped files being truncated.
  
 ===== Version 5.4.3 ===== ===== Version 5.4.3 =====
 +
 +=== Build 5 ===
 +
 +  [Bug Fix] Fixed a regression for mod_security request parser introduced in 5.4.3 build 4.
 +  [Bug Fix] Fixed a crash due to memory mapped file being truncated. ​
 +
 +=== Build 4 ===
 +
 +  [Security] Improved WebAdmin console security by strictly checking request URL. 
 +  [Bug Fix] Fixed a regression for FastCGI protocol support, introduced in 5.4.3 build 0.
 +  [Bug Fix] There are minor bug fixes for mod_security engine. ​
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Fixed a mutex dead-lock regression introduced in build 2 for AIO logging.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Fixed a bug in AIO logging that caused access log stop working.
 +  [Bug Fix] Fixed a bug caused 100% CPU usage for FreeBSD.
 +  [Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/​tmp/​lshttpd"​.
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled.
 +  [Bug Fix] Fixed an ESI/​Litemage output corruption bug.
 +  [Tuning] Fine tuned keepalive timeout for detached PHP processes to reduce the number of idle PHP processes.
  
 === Build 0 === === Build 0 ===
  • Admin
  • Last modified: 2019/12/11 11:53
  • by Lucas Rolff