lighttpd 1.4.53 釋出,高效能 Web 伺服器
Lighttpd 1.4.53 已釋出。Lighttpd 是一個開源 Web 伺服器軟體,旨在提供一個專門針對高效能網站,安全、快速、相容性好並且靈活的 Web Server 環境。具有非常低的記憶體開銷,CPU 佔用率低,效能好,以及豐富的模組等特點。
重要更新
支援 TLS-ALPN-01,systemd socket activation,bug 修復
未來預期變化 (Q1 2019)
2019 年第一季度開始,lighttpd 預設對 HTTP 請求進行有限的 URL 規範化。
從 lighttpd 1.4.50 開始,這個 URL 規範就可用於 server.http-parseopts <https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails>。除非已經對 lighttpd 配置做了明確設定,lighttpd 預設配置是 server.http-parseopts = (“url-normalize-unreserved” => “enable”, “url-path-2f-decode” => “enable”) 。預設開啟 URL 規範會為 mod_redirect 和 mod_rewrite 帶來更一致的行為,而這些行為會與(url 編碼的) URL 請求更加匹配。然而,出於對一致性需要的預設情況下解碼 %2F,對那些在 url-path 中解碼 URLs、並且依賴 “/” 作為分隔符的使用者,可能是個重大變化。對於這部分使用者,可以在 lighttpd 配置中明確設定 “url-path-2f-decode” => “disable”。
https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
server.http-parseopts 推薦設定如下:
server.http-parseopts = ( "header-strict"=> "enable", "host-strict"=> "enable", "host-normalize"=> "enable", "url-normalize"=> "enable", "url-normalize-unreserved" => "enable", "url-normalize-required"=> "enable", "url-ctrls-reject"=> "enable", "url-path-2f-decode"=> "enable", "url-path-dotseg-remove"=> "enable", "url-query-20-plus"=> "enable" )
下載地址
-
SHA256:
423b3951f212e3a30511eb86f4662a1848c6e857074289ff23fc310eef520266
-
SHA256:
3bdfce1cf3e9650a556a8c26fb15342c5717c63f530c54693db632b0371dcb78
自 1.4.52 以來的更改
-
[mod_cml,mod_flv_streaming] fix NULL ptr deref
-
[mod_simple_vhost] t/test_mod_simple_vhost
-
[mod_evhost] split uri handler func for testing
-
[mod_evhost] restructure for unit tests
-
[mod_evhost] t/test_mod_evhost
-
[mod_access] restructure for unit tests
-
[mod_access] t/test_mod_access
-
[tests] include first.h and NDEBUG early
-
[core] use kill_signal for gw_proc_kill()
-
[tests] t/test_keyvalue
-
[tests] some test config cleanup
-
[tests] update skip count in mod-fastcgi.t
-
[multiple] reduce initial buffer sz if large POST (fixes#2922 )
-
[mod_fastcgi] fix NULL ptr deref from bugfix#2922 (fixes #2923 )
-
[tests] more test config cleanup
-
[core] perf: incremental hash of pathname w/o copy
-
[core] perf: reuse buffer to redirect to directory
-
[core] do not free() reused buffer
-
[core] use connected sock port in dir redirect
-
[core] http_response_buffer_append_authority()
-
[core] use con→server_name for dir redir
-
[core] memeq compare rounded to 64, not next 1M
-
[core] define MD5_DIGEST_LENGTH 16
-
[mod_auth] permit additional auth backends to load
-
[core] send Connection: close if reqbody not read (fixes#2924 )
-
[core] cache rev DNS for localhost for dir redir
-
[doc/conf] resolve some mime type conflicts from debian buster, regenerate mime.conf
-
[core] move winsock init to network_init()
-
[core] move /dev/stdin graceful restart handling
-
[core] network_srv_sockets_append() shared code
-
[core] systemd socket activation support
-
[build] autotools: try mysqlclient.pc and mariadb.pc (fixes#2925 )
-
[mod_expire] look up expire fallback "" explicitly
-
[multiple] calloc match ptr type (clang —analyze)
-
[multiple] quiet clang —analyze where trivial
-
[mod_webdav] compare COPY, MOVE Destination scheme
-
[core] con→uri.scheme is maintained lowercase
-
[mod_openssl] ALPN and acme-tls/1 (fixes#2931 )
-
[core] Fix recursive include_shell invocations
-
[mod_openssl] ssl.privkey directive (optional)