Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
litespeed_wiki:changelog [2020/02/05 14:39]
Lucas Rolff Add latest versions
litespeed_wiki:changelog [2020/09/18 15:41] (current)
Lucas Rolff version 4.4.9
Line 1: Line 1:
 ====== LiteSpeed Web Server Changelog ====== ====== LiteSpeed Web Server Changelog ======
 +
 +===== Version 6.0 =====
 +
 +=== RC1 ===
 +
 +  [Major New Feature] Apache 2.4 conditional context <If> <​Ifelse>​ <​Else>​ support.
 +  [Major New Feature] Asynchronous mod_security engine.
 +  [Major New Feature] Bubblewrap isolated CGI/PHP execution environments.
 +  [New Feature] HTTP/3 draft 29 support.
 +  [Major Enhancement] HTTP/2 has gone through a major rewrite with more efficient header handling.
 +  [Enhancement] Added ModSecurity JSON audit log.
 +
 +===== Version 5.4.9 =====
 +
 +=== Build 3 ===
 +
 +  [New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
 +  [New Feature] Update cPanel plugin to automatically apply new ECC certificates generated through the plugin.
 +  [Bug Fix] Normalize IPv6 address to properly reuse existing listener sockets.
 +  [Bug Fix] Close down HTTP3/QUIC streams reset by peer in timely manner. ​
 +
 +=== Build 2 ===
 +
 +  [New Feature] New ForceSecureCookie configuration directive to enforce "​secure"​ and "​SameSite"​ cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory'​s .htaccess file.
 +  [Bug Fix] Apply header operations for pages generated by python/​nodejs applications.
 +  [Bug Fix] Properly detect HTTP/2 GREASE frame and GREASE settings entry, avoiding protocol errors.
 +  [Tuning] Automatically detect and neutralize bad rewrite rules that cause looping proxy to the same server.
 +  [Tuning] Install alt-python38 wsgi-lsapi binary from source if rpm package is not available.
 +  [Bug Fix] Avoid releasing cache objects too early.
 +  [Bug Fix] Address a rare crash in ESI parser. ​
 +
 +=== Build 1 ===
 +
 +  [Feature] Apply Expires header to a partial response for a range request.
 +  [Bugfix] Force apply ACL configuration changes when client access level is cached in SHM.
 +  [Bugfix] For directory auto index, avoid a blank file name when special characters are in the name.
 +
 +=== Build 0 ===
 +
 +  [New Feature] WHM plugin 4.1 with Let's Encrypt ECC certificate support. QUIC.cloud integration with SSL certificates synchronization.
 +  [New Feature] Automatic CloudFlare CDN IP detection.
 +  [New Feature] Support for bcrypt password hash for HTTP authentication.
 +  [Improvement] PHP version detection for cPanel FCGId PHP handler.
 +
 +===== Version 5.4.8 =====
 +
 +=== Build 5 ===
 +
 +  [Bug fix] Properly pass CHUNK encoded request body to script handler to address random file upload failure.
 +  [Bug fix] Addressed graceful restart failure when the server has many IPs in use and is forced to create listeners for individual IP.
 +
 +=== Build 4 ===
 +
 +  [New Feature] Control whether to wait for the full request body or not before passing requests to the request handler with new environment variable "​wait-req-full-body"​. (Waiting allows the request handler to see the full request body immediately)
 +  [Tuning] Increase reCAPTCHA verified status timeout from 1-hour to 1-day.
 +  [Tuning] Increase .htaccess processing time limit from 500ms to 2.5sec to allow for the processing of larger .htaccess files.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] LiteMage cache object count is now more accurate.
 +  [Bug Fix] Address a few compatibility issues with Plesk admin console proxy through regular HTTPS access.
 +  [Bug Fix] Cache statistics access through IPv6.
 +  [Improvement] Protect WebAdmin listener port from duplicate regular listener configuration.
 +  [Improvement] Add Plesk git integration support.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Address 404 error for reCAPTCHA verification.
 +  [Bug Fix] '​SetEnv'​ directive is now properly applied inside <​Files>​ or <​FilesMatch>​ contexts. ​
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] Correct DirectAdmin PHP handler detection when "​DirectAdmin"​ panel is selected under "​PHP"​ config tab.
 +  [Bug Fix] WebSocket ProxyPass configuration now works correctly inside the <​Location>​ context.
 +  [Bug Fix] Match Apache'​s Redirect behavior by discarding original query string if target URL has query string set.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Add the ability to load an extra ECC certificate for an Apache virtual host when multi-cert support is enabled.
 +  [New Feature] Apply header modification configurations in .htaccess to dynamic responses for CloudLinux Python/​Ruby/​NodeJS selector application.
 +  [New Feature] Update client IP using request header "​X-Real-IP"​.
 +  [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
 +  [Security] Block '​LD_*'​ environment variable overriding from .htaccess.
 +  [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0.
 +  [Improvement] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
 +  [Improvement] Update WHM plugin to v4.0 (drops support for EasyApache 3).
 +  [Improvement] Make reCAPATCHA compatible with WordPress password protected pages.
 +  [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
 +  [Bug Fix] Correct Magento LiteMage2 cache object statistics.
 +  [Bug Fix] Address an AJPv13 hanging bug.
 +  [Bug Fix] Enabling bandwidth throttling no longer causes rare HTTP/2 response hangs.
 +  [Bug Fix] Properly apply UMASK configuration for external applications.
 +  [Bug Fix] Fix a problem with Plesk log rotation when LSWS overrode Apache'​s rc script with a symbolic link.
 +  [Bug Fix] NodeJS default being not properly set in httpd_config.xml no longer causes crashing.
 +  [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
 +
 +===== Version 5.4.7 =====
 +
 +=== Build 9 ===
 +
 +  [Bug Fix] Correct a SHM memory allocation issue.
 +  [Bug Fix] Address a URL handling regression introduced in build 7 that affected NextCloud WebDAV clients.
 +
 +=== Build 8 ===
 +
 +  [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
 +  [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
 +  [Bug Fix] Invisible reCAPTCHA now works properly with IE 11 browser.
 +  [Bug Fix] Correct a crash bug in cache engine.
 +  [Tuning] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
 +
 +=== Build 7 ===
 +
 +  [New Feature] For CloudLinux Python/​Ruby/​NodeJS selector application,​ applies header modification configuration in .htaccess to dynamic response.
 +  [Bug Fix] A mod_security engine bug that causes random crash.
 +  [Bug Fix] A bug in access log format validation.
 +
 +=== Build 6 ===
 +
 +  [Bug Fix] Fixed Plesk log rotation issue when LSWS override Apache rc script with symbolic link. 
 +  [Bug Fix] Fixed a crash when NodeJS default was not properly set in httpd_config.xml. ​
 +
 +=== Build 5 ===
 +
 +  [Security] Blocks overriding LD_PRELOAD environment variable from .htaccess.
 +  [Bug Fix] Fixed a corner case that causes hanging HTTP/2 response when bandwidth throttling is enabled. ​
 +  [Bug Fix] Properly apply UMASK configuration for external application. ​
 +
 +=== Build 4 ===
 +
 +  [New Feature] Added the ability to load extra ECC certificate for Apache virtual host when multi-cert support is enabled.
 +  [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0. 
 +  [Tuning] Disable cache if a request is blocked by mod_security.
 +  [Bug Fix] Minor bug fixes in cache engine. ​
 +  [Bug Fix] Minor bug fix in mod_security engine.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Fixed an HTTP/2 protocol bug encountered when a PHP page failed without sending back a response header.
 +  [Bug Fix] Fixed an internal memory management bug that caused random crashing.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Fixed an AJPv13 protocol bug that caused requests containing a request body to hang.
 +  [Tuning] Improved reCAPATCHA verification to make it compatible with WordPress password protected pages.
 +
 +=== Build 0 ===
 +
 +  [Security] Fixed a symbolic link attack in directory auto index script. Thank you KnownHost for the bug report. (CloudLinux user is not affected.)
 +  [New Feature] Added strict suEXEC and ownership checking on scripts.
 +  [New Feature] Added ability to configure static/​dynamic request per second limit for Apache ghost.
 +  [Bug Fix] Fixed reCAPTCHA triggering for the first access of an allowed robot.
 +  [Bug Fix] Added "​Cache-Control:​ no-cache"​ to reCAPTCHA verification page to disallow CDN/proxy cache.
 +  [Bug fix] Fixed delayed .htaccess loading.
 +  [Bug fix] Fixed a delayed server response bug with HTTP/2.
 +  [Bug fix] Fixed a NodeJS websocket backend configuration bug.
 +  [Bug fix] Shared lib for lscmctl script is now updated on server install/​update.
 +  [Tuning] Prevent ports 443 and 80 from being used as WebAdmin listener port.
 +  [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts,​ webdisk, ...) are unavailable.
 +  [Tuning] Automatically update /​proc/​sys/​net/​core/​somaxconn to 1024 whenever server performs a fresh startup.
 +  [Tuning] Added after=lve_namespaces.service to systemd unit file.
 +
 +===== Version 5.4.6 =====
 +
 +=== Build 5 ===
 +  [Bug Fix] Fixed a bug that reCAPTCHA was shown for the first access of an allowed robot.
 +  [Bug Fix] Added "​Cache-Control:​ no-cache"​ for reCAPTCHA verify page to disallow CDN/proxy cache. ​
 +
 +=== Build 4 ===
 +
 +  [Bug Fix] Minimize interference with mandatory rewrite processing when bypassing favicon URL rewrite.
 +  [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts,​ webdisk, ...) are unavailable.
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Use request header value for RBL lookups.
 +  [Bug Fix] Fixed a configuration parser crash.
 +  [Bug Fix] Fixed HTTP/3 ALPN string to properly advertise h3-27.
 +  [Tuning] Automatically update /​proc/​sys/​net/​core/​somaxconn to 1024, when server performs a fresh startup.
 +  [Tuning] Avoid adjusting external application process priority based on server'​s priority.
 +
 +=== Build 2 ===
 +
 +  [New Feature] Added strict suEXEC and ownership checks for scripts.
 +  [New Feature] Added ability to configure static/​dynamic request per second limit for Apache vhost.
 +  [Tuning] Added after=lve_namespaces.service to systemd unit file.
 +  [Bug Fix] Fixed a bug when switching vhost log file.
 +  [Bug Fix] Fixed an HTTP/3 timestamp/​ACK ping-pong bug.
 +  [Bug Fix] Fixed a bug causing extra delay when response has content length = 0.
 +
 +=== Build 1 ===
 +
 +  [Bug fix] Fixed a bug causing delayed .htaccess loading.
 +  [Bug fix] Fixed an HTTP/2 bug that sometimes delayed server response.
 +  [Bug fix] Fixed a bug in NodeJS websocket backend configuration.
 +  [Bug fix] Shared lib for lscmctl is now updated on server install/​update.
 +  [Tuning] Prevent ports 443 and 80 for use as a WebAdmin listener.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Updated HTTP/3 support to include h3-27.
 +  [Bug Fix] Fixed a bug that caused ProxyPass ws:// target to stop working for certain configuration combination.
 +  [Bug Fix] Fixed a bug in HTTP/2 handling mismatched response content-length and actual reponse body size.
 +  [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
 +  [Bug Fix] Fixed a regression that broke /​tmp/​lshttpd/​swap auto cleanup.
 +  [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
 +  [Bug Fix] Fixed a crash in ModSecurity using libinjection.
 +  [Tuning] Set mod_security RBL DNS cache to 60 seconds.
 +  [Tuning] Disable TLSv1.1 by default.
 +  [Tuning] Enable SSL session tickets by default.
 +  [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.
 +
 +===== Version 5.4.5 =====
 +
 +=== Build 3 ===
 +
 +  [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
 +  [Bug Fix] Fixed a regression that broke /​tmp/​lshttpd/​swap auto cleanup.
 +  [Bug Fix] Fixed a false positive when handling ModSecrurity SecRemoteRule.
 +  [Bug Fix] Fixed a crash in ModSecurity using libinjection.
 +  [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.
 +
 +=== Build 2 ===
 +
 +  [Bug Fix] Minor ModSecurity compatibility fixes.
 +  [Bug Fix] Prevent WebAdmin Console 503 error on centos8 by installing libnsl package automatically.
 +  [Bug Fix] Minor bug fixes in HTTP/3 (QUIC) engine.
 +  [Tuning] Added add "​SameSite=Strict"​ attribute to ls_smartpush cookie.
 +  [Tuning] Update cp_switch_ws.sh script to work independently of any installed control panel plugins.
 +  [Bug Fix] Update uninstall.sh script to work properly when a control panel plugin is not installed.
 +  [Tuning] Downgraded some modsec log messages from "​error"​ to "​warning"​.
 +  [Bug Fix] Fixed a rewrite engine compatibility regression introduced in v5.4.4.
 +
 +=== Build 1 ===
 +
 +  [Bug Fix] mod_security @validateUrlEncoding operator has been turned off to avoid unnecessary false positives.
 +  [Bug Fix] Fixed a cache engine bug that broke the "​Respect Cacheable"​ feature.
 +  [Bug Fix] Fixed a crash bug when detecting server startup time.
 +  [Tuning] Made HTML pages generated by the auto index script responsive.
 +  [Tuning] Hid confusing required/​restricted permission mask configurations in WebAdmin Console.
 +
 +=== Build 0 ===
 +
 +  [New Feature] Added support for IETF HTTP/3 draft 25 (h3-25).
 +  [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database.
 +  [New Feature] Added full Captcha protection for WordPress login page.
 +  [New Feature] Optionally skip rewrite processing for Let's Encrypt verification requests.
 +  [New Feature] Automatically patch Set-Cookie with '​secure'​ flag when served over HTTPS.
 +  [Improvement] Added '​cssDecode'​ and '​utf8toUnicode'​ transformations to ModSecurity engine.
 +  [Improvement] Added support for '​REQUEST_SCHEME'​ request variable.
 +  [Improvement] Added '​-vb'​ command line option to print out version and build number.
 +  [Update] Updated WHM plugin to v3.3.7.
 +  [Bug Fix] Fixed websockets hanging on upgrade.
 +  [Bug Fix] Fixed a WebAdmin Console socket address validation bug.
 +  [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/​Ruby/​NodeJS applications.
 +  [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive.
 +  [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths.
 +  [Bug Fix] External application process startup time is now reliably detected.
 +  [Bug Fix] Fixed a minor regression with AHO string search.
 +  [Bug Fix] Fixed a bug using wrong log ID in error log. 
  
 ===== Version 5.4.4 ===== ===== Version 5.4.4 =====
  • Admin
  • Last modified: 2020/02/05 14:39
  • by Lucas Rolff