Version 1.4.x

OpenLiteSpeed Release Log: Version 1.4.x

V1.4.50 (Stable)


Server Core

  • [Security] Addressed recent HTTP/2 DoS advisories. Fixed CVE-2019-9512 “Ping Flood”, CVE-2019-9515 “Settings Flood”, CVE-2019-9516 “0-Length Headers Leak”, and CVE-2019-9518 “Empty Frames Flood” vulnerabilities. Completely blocks unaffected attacks: CVE-2019-9511 “Data Dribble”, CVE-2019-9513 “Resource Loop”, CVE-2019-9514 “Reset Flood”, and CVE-2019-9517 “Internal Data Buffering”.
  • [Improvement] Added support for HTTP response code 413: response is larger than defined max dynamic response length.
  • [Improvement] Updated script to make it compatible with FreeBSD.
  • [Bug Fix] Fixed a bug that was causing module modsecurity to fail to build on some operating systems.
  • [Bug Fix] Fixed a bug that caused the server to returned a 404 response code, instead of a 403 response code, when a file had a permission issue.
  • [Bug Fix] Fixed “empty response” bug when serving responses larger than 2GB.
  • [Bug Fix] Fixed an autoLoadHtaccess bug in automatically created contexts where only the first level sub-directory of a Vhost would be loaded.
  • [Bug Fix] Fixed a bug when attempting to get new directory paths when automatically adding missing contexts.
  • [Bug Fix] Fixed a forcedType bug causing extApps to always use server level settings regardless of VHost level settings.
  • [Bug Fix] Fixed a REMOTE_ADDR env bug for IPv6 that caused roundcube errors.


  • [Security] Updated jquery library from version 2.1.1 to 2.2.4, addressing a cross site scripting vulnerability present in the earlier version.

V1.4.49 (Stable)


Server Core

  • [Update] Added support for multi accesslog.
  • [Update] Updated to make it capable of more fetches and replacements.
  • [Update] Updated lswsctrl to stop the OpenLiteSpeed server in a smarter way.
  • [Bug Fix] Fixed an error with lsws/autoupdate directory permissions.
  • [Bug Fix] Fixed a bug which caused a crash while fetching the latest release file.


  • [Update] Removed unnecessary empty lines when saving the config file.
  • [Update] Added ReadOnly Mode, to avoid overwriting crucial config information, when an include file is detected in the config.
  • [Bug Fix] Fixed an issue where previous settings may have been wiped out when adding more Environment variables in External App.

V1.4.48 (Stable)


Server Core

  • [Improvement] Only check-in plain conf file with when the conf file is updated.
  • [Update] Added “DEBUG” to version info when running a debug version.
  • [Update] Updated core dump function to replace running release version with a debug version when encountering a crash.
  • [Bug Fix] Fixed module data sometimes not being released when a session is reused.
  • [Bug Fix] Fixed a GeoIpData2 memory leak.

Cache Module

  • [Improvement] Avoid toggling gzip for very small responses.
  • [Bug Fix] Fixed cache module not working when using a reverse proxy.

V1.4.47 (Stable)


Server Core

  • [Improvement] Added new ‘-t’ parameter for config testing (Command: ./openlitespeed -t, return 2 for error, 1 for warn, and 0 no issues).
  • [Improvement] Update HttpReq::processRequestLine to handle long lines.
  • [Update] Add user-agent and referrer to server push.
  • [Update] Change some “error” level log messages to “warn” when there is not a real error case.
  • [Update] Added support for coredump when WebAdmin is disabled.
  • [Update] Updated cgid.sock path in cases where admin DIR does not exist.
  • [Update] Disabled rcs checking conf file while loading when WebAdmin is disabled.
  • [Update] Add source code packing time to version info.
  • [Update] Add tool for quickly installing the latest stable version.
  • [Update] Add –enable-iptogeo support for configuring without the Geoip library as a dependency.
  • [Update] Increased the limit of request/response header length and overall header size.
  • [Bug Fix] Fixed a node.js application compatibility issue.
  • [Bug Fix] Fixed a bug where rules that do not have “\n” at the end would cause a parsing error.
  • [Bug Fix] Fix a bug where a redirect context would always go through rewrite rules, possibly causing a wrong redirect issue.
  • [Bug Fix] Fix cgid DIR permission issue.

Cache Module

  • [Improvement] Added vary support for cache module.
  • [Improvement] Added support to purge all varied copies when purge cache by a URI.
  • [Update] Updated to create cache storagepath when it does not already exists.
  • [Bug Fix] Fixed purge support for private cache.
  • [Bug Fix] Fixed a bug where re-cacultating hash would not work in some cases.
  • [Bug Fix] Fixed a bug where cache entry create time and purge time could be messy when compared if both happened in the same second.

V1.4.46 (Stable)


Server Core

  • [New Feature] Added “listeners, listener1, listener2, … ” types listener-vhost mapping at the vhost level.
  • [Improvement] Added “X-Turbo-Charged-By” response header when CF IP is set.
  • [Bug Fix] Fixed an XSS vulnerability in directory auto index script.
  • [Bug Fix] Fixed a bug in sendfile which caused hanging.
  • [Bug Fix] Fixed an infinite loop error the sometimes occured while reading file in NFS.


  • [New Feature] Added support for purge-with-tags request to cache module.
  • [New Feature] Added “no-autoflush” parsing for use in cache module.
  • [New Feature] Added reqBody size and responseBody size checking in mod_security module to avoid beyond-limit content checking.
  • [Improvement] Updated cache module to not compress small-sized dynamic content.
  • [Improvement] Updated cache module to use the normal cache-control header in some cases.
  • [Bug Fix] Fixed a bug in cache module which could cause wrong data to be served.
  • [Bug Fix] Fixed a bug in modgzip to handle the memory error case during compression.

V1.4.45 (Stable)


Server Core

  • [New Feature] Updated suEXEC to enable LVE.
  • [New Feature] Added tool ‘’ for switching to the latest or specified OLS version more easily.
  • [Improvement] Updated cache module to dynamically switch between serving non-compressed and gzip compressed data based on request frequency.
  • [Improvement] Updated script handler config to support suffixes as comma-delimited lists.
  • [Improvement] Added support for duplicate Server level socket addresses for extprocessers.
  • [Improvement] Updated makefile.f for modules to support building the DEBUG version using ‘make -f Makefile.f CFG=debug’.
  • [Bug Fix] Fixed HTTP2 POST requests sometimes not getting read completely.
  • [Bug Fix] Automatically adding uid to extApp name no longer applies to proxies.

V1.4.44 (Stable)


Server Core

  • [Major Improvement] External applications defined at the server level no longer need to be re-defined at the virtual host level to be run as the user:group set at the virtual host level.
  • [Bug Fix] Fixed an error that occurred when using http/1.0 with keep-alive and gzip required.
  • [Bug Fix] Virtual hosts using the same external application name no longer cause a socket conflict .
  • [Bug Fix] Fixed a bug in connection close.
  • [Bug Fix] Fixed server sometimes timing out when using rainloop.

V1.4.43 (Stable)


Server Core

  • [New Feature] Added userID / groupID VHost settings (inherited at the app server level).
  • [Improvement] Improved static file handling performance.
  • [Update] Updated Example page content.
  • [Bug Fix] Fixed server push failing to set the accept-encoding header.
  • [Bug Fix] Fixed requests sometimes containing double “/” in their url.
  • [Bug Fix] Fixed lscpd using an incorrect process name.
  • [Bug Fix] Fixed Rails and Python applications being run in detached mode.
  • [Bug Fix] Fixed missing boolean feature bug in GeoIpData2.

V1.4.42 (Stable)


Server Core

  • [Update] Appserver context now supports env list.
  • [Update] MIME properties now support more types.
  • [Update] Simplified configuration now uses thedefault ROOT path for the relative paths.
  • [Update] Cache module is now enabled by default.
  • [Bug Fix] Fixed a ModSecurity module bug which caused POST requests to time out.
  • [Bug Fix] Fixed a bug where appserver did not overwrite the existing defined context.
  • [Bug Fix] Fixed a bug where Python/Django was not supported correctly.
  • [Bug Fix] Fixed a bug where rewrite rules would cause 500 errors in some cases.
  • [Bug Fix] Fixed a bug in SPDY which set the connection info in the wrong place.
  • [Bug Fix] Fixed a bug in the Cache module where HEAD requests were saved to cache storage.



Server Core

  • [New Feature] Added nodeJS, Python, and Ruby app server support.
  • [Update] Disabling WebAdmin will no longer disable coredumps.
  • [Bug Fix] Fixed a bug where trying to bind a in-use listening port could cause a crash.
  • [Bug Fix] Fixed a key and cert filenames error for lscpd.
  • [Bug Fix] Fixed an overflow bug which could cause a server crash.
  • [Bug Fix] Fixed a memory leak when reusing a ClientInfo object.
  • [Bug Fix] Fixed first two ENV entries not getting set.
  • [Bug Fix] Fixed HTTP/2 and Spdy server crash errors.



Server Core

  • [Improvement] Added support for the RewriteEngine directive in rewrite rules.
  • [Improvement] Fine tuned HTTP/2 event to avoid setting continueWrite() too early.
  • [Improvement] Improved SSL compatibility.
  • [Bug Fix] Fixed rewrite inherit and enable rewrite bugs.
  • [Bug Fix] Fixed a server PUSH stall bug.
  • [Bug Fix] Fixed a listener reuse bug that was causing a data init error.
  • [Bug Fix] Fixed NtwkIOLink::flush() checking the wrong ssl flush state.
  • [Bug Fix] Fixed bugs in buildCommonEnv.
  • [Bug Fix] Fixed a bug an incorrect H_CONTENT_DISPOSITION header length bug.

PageSpeed Module

  • [Bug Fix] Fixed a permissions error with the PageSpeed module temporary directory.

Cache Module

  • [Bug Fix] Fixed an error when trying to use gzip while A/B testing.
  • [Bug Fix] 304 responses should no longer be saved to cache.


Server Core

  • [Update] Reverted default OpenSSL v1.1.1 back to the more stable v1.1.0i.
  • [Update] Removed “Enable Hook” setting from context level module definitions to avoid conflicts with VHost level modules.
  • [Bug Fix] Fixed a crash related to SSL sessions and contexts.
  • [Bug Fix] Fixed a crash in mod_gzip.
  • [Bug Fix] Fix a crash in mod_security.cpp when module data is NULL.
  • [Bug Fix] Fix a crash that would occur when a context level module had more parameters set than it’s VHost level equivalent.


Server Core

  • [New Feature] Added ‘Auto Load from .htaccess’ server and virtual host level setting to auto load .htaccess files
    included in the configured context if the ‘Rewrite Rules’ setting does not already use the “rewriteFile” directive.
  • [Bug Fix] Fixed an extra header parsing operation bug to avoid a negative value length.
  • [Bug Fix] Updated to ignore “RewriteBase /” in ‘Rewrite Rules’ which caused subdirectory errors.
  • [Bug Fix] Fixed a RST_FRAME parsing bug in HTTP 2.
  • [Bug Fix] Fixed a boringSSL bug that caused a crash with the NPN callback function.
  • [Bug Fix] Fixed a server PUSH request bug when setting method and URL length.


Server Core

  • [Improvement] HttpContext is now added if it does not already exist when a directory is accessed, loading the
    .htaccess file in that directory if one exists.
  • [Improvement] Optimized request header decoding and parsing.
  • [Bug Fix] Fixed a rewriterule bug where lines that were too short could cause a crash.
  • [Bug Fix] Fixed a bug where rewriterule block content was used instead of the enable rewrite setting when testing if
    rewrites were enabled for a Vhost.
  • [Bug Fix] Fixed a bug in HttpContext::config() where an empty rewrite block in the config file could be used to
    prevent default values from being set.
  • [Bug Fix] Fixed a bug in ObjArray API which returned an error when growing the array failed.


Server Core

  • [Update] Updated WebAdmin PHP to a newer version.
  • [Update] Updated SSL to enable ECDHE with X25519 curve.
  • [Update] Updated to set default compressible MIME types.
  • [Bug Fix] Fixed an HTTP/2 server push bug.

Cache module

  • [Bug Fix] Fixed a memory leak.


Server Core

  • [New Feature] Virtual Host Context setting “Extra Headers” has been renamed to “Header Operations” and now supports
    Apache Header and RequestHeader directives set, append, merge, add, and unset.
  • [Improvement] Multiple flushes from different streams are now combined into a single flush to reduce the number of
    small data chunks for HTTP/2 connections.
  • [Update] OpenSSL 1.1.1 (supports TLS v1.3) is now used when installing.
  • [Update ] GeoIP lookup is now enabled by default if a database has been configured.
  • [Bug Fix] Fixed an error where Gzip compression was not being used as a fallback when Brotli was disabled or
  • [Bug Fix] Fix a crash when calling SslTicket::init().
  • [Bug Fix] Fixed SSL session caching breaking due to a typo in sslsesscache function newSessionCb().


Server Core

  • [Update] Added request and response header logging for HTTP/2 connections.
  • [Update] Request body is not longer read after a response has ended.
  • [Update] Cached static file copies are now only created when returned status code is 200 to avoid caching pages
    returning status code 404 and so on.
  • [Bug Fix] Fixed an installation bug that could cause OpenSSL to work incorrectly.
  • [Bug Fix] Fixed a WebAdmin Console bug that caused Script Handler tab to be replaced by a duplicate Vhost General
  • [Bug Fix] Fixed a WebAdmin Console rewrite map save/display issue.
  • [Bug Fix] Fixed phpiniOveride ignoring lines using an already encountered directive such as php_value, etc.

PageSpeed module

  • [Bug Fix] Fix a bug where JPEG images could not be optimized in some cases.


Server Core

  • [New] Added iptogeo2 support.
  • [New] Added new configure parameter to enable Brotli compression for static files:
    --enable-brotli=[yes/no] (default value is “no”).
  • [New] Added new configure parameter to enable iptogeo2, MaxMindDB must be built and have autotool installed:
    --enable-iptogeo2=[yes/no] (default value is “no”).
  • [New] Added support for client side SSL session resume.
  • [New] Added HTTPS proxy session resumption.
  • [Update] Improved Brotli compress support
  • [Update] Added image/webp and text/xml to MIME settings.
  • [Update] Added a document root context “/” for all sample configurations to automatically import rewrite rules
    from document root .htaccess.
  • [Update] Removed unneeded default rewrite rules from example conf and ccl conf.
  • [Update] Static file ETags are now updated when compressing with gzip or Brotli.
  • [Bug Fix] Bandwidth usage is no longer adjusted when not throttling.
  • [Bug Fix] Range requests with a starting position greater than 2GB will no longer cause a 400 error.
  • [Bug Fix] Fixed a memory leak in the server side SSL session cache.
  • [Bug Fix] Disabled TLSv1.3 for SSL client to avoid 0-RTT handshake failure.

Cache module

  • [Update] Added support for storing gzip and Brotli compressed content and serving it with the correct response
  • [Update] Updated cache ETags to be in the same format as static file ETags.


Server Core

  • [New] Add php.ini override support.
  • [Update] Increased default gzipMaxFileSize from 1M to 10M.
  • [Bug Fix] Fixed a WebAdmin bug where static context types were appearing as NULL.
  • [Bug Fix] Fixed an incorrect malloc size bug that could sometimes cause a crash.
  • [Bug Fix] Fixed a compilation bug on Ubuntu 17.

Cache Module

  • [Update] x-litespeed-tag and x-litespeed-cache-control headers are now hidden in response header when serving from


Server Core

  • [Bug Fix] Fixed a bug where using a NULL ntwkiolink Handler would cause a crash.
  • [Bug Fix] Fixed a logger bug where a NULL appender was sometimes used causing a crash.


Server Core

  • [Bug Fix] Fixed a bug where cgi/php response body was being converted to lowercase.
  • [Bug Fix] Fixed an ip2location configuration bug.
  • [Bug Fix] Fixed a bug where cookies not reset on next use could cause a crash.
  • [Bug Fix] Fixed a bug where loading and using cache and pagespeed modules at the same time could cause an internal
    server error.
  • [Bug Fix] Fixed a cipher previously rejected by chrome.

Cache Module

  • [Bug Fix] Fixed a bug where comparing a string could cause a crash.


Server Core

  • [New] “SMART SERVER PUSH” feature which prevents the server from unnecessarily re-pushing URLs to a client.
  • [Update] Added support for setting multiple module params or rewrite rules without requiring the use of here
    document syntax ( <<< ).
  • [Update] Upgraded module parameter parsing to support multiple lines using ",', or
    ` as the starting/ending flag.
  • [Update] VHosts can now inherit SERVER level defined PHP with it’s own user/group.
  • [Bug Fix] Fixed a bug where a module could be missing an init function, causing it to not be loaded.
  • [Bug Fix] Fixed an HTTP2 bug where a window size of 64K would be used when set to 256K.
  • [Bug Fix] Fixed a bug where a module’s config would not be initialized correctly when module parameters where not
    provided at the SERVER level.
  • [Bug Fix] Fixed a bug where sometimes no server response would be received when handling small PHP scripts, causing
    a timeout error.
  • [Bug Fix] Fixed a bug when setting vary ENV which caused the vary value to not work as intended.
  • [Bug Fix] Fixed a bug preventing server state from being reset properly when using a keep-alive connection.

PageSpeed Module

  • [Update] If gcc version is higher than 4.8, PSOL v1.11.33.4 lib is now used.

Cache Module

  • [Update] Update cache module to support the
    LSCache for WordPress Plugin
  • [Bug Fix] Fixed a bug of where “ismobile” was not being handled correctly.

ModSecurity Module


Server Core

  • [New] Added multithreading APIs for LSIAPI.
  • [Update] WebAdmin Console can now be disabled by adding “disablewebadmin” in httpd_config.conf.
  • [Update] Multiple instances of OLS can now be run at the same time by configuring additional OLS installations with
    –with-pidfile, with-exampleport, and (optional) –with-tempdir configuration flags.
  • [Update] Limited autoupdate checks to at most twice a day.
  • [Update] Updated caching to store the compressed data for all compressible file types excluding small static files.
  • [Bug Fix] Fixed bugs in lswsctrl and
  • [Bug Fix] Fixed a bug in http2 by breaking large header frames into smaller frames + CONTINUATION frames.

PageSpeed Module

  • [Update] Upgraded to PSOL lib and redesigned the execution flow to increase performance.


Server Core

  • [New] Added support for libressl.
  • [New] Added support for Brotli.
  • [Update] Updated LSIAPI and all modules accordingly.
  • [Update] libundns will now be downloaded and installed when not already present.
  • [Update] Added parameter ‘–with-lsphp7’ to configure to support the installation of lsphp7 on CentOS, Debian and
  • [Update] Changed the IpToLoc::lookup() api to be able properly handle IPv6 lookup.
  • [Update] All module configurations are now parsed by the server instead of by each individual module.
  • [Bug Fix] Fixed a bug that sometimes caused an overflow in http2 server push.
  • [Bug Fix] Fixed a bug in httprespheader where headers >64K would not be handled correctly.
  • [Bug Fix] Fixed a bug where deleting HttpFetch could cause crashing.
  • [Bug Fix] Fixed a bug in HttpReq::processRequestLine that could cause crashing.
  • [Bug Fix] Fixed a bug in addrlookupCb which could cause crashing when hosts did not contain ‘,’ .

PageSpeed Module

  • [Bug Fix] Fixed a bug were an incorrect query string and request body were used.


Server Core

  • [New] Added TCP_FASTOPEN support.
  • [New] Added BoringSSL and TLS1.3 support.
  • [New] Added PHP 7.1.4 as a Compile PHP option.
  • [New] Added new module modreqparser to enable the ReqParser feature.
  • [New] Added more APIs.
  • [Update] Updated WebAdmin Console css and tooltips.
  • [Update] Updated ReqParser logic to allow parsing of query strings.
  • [Update] DNS lookup is now performed using the udns library.
  • [Update] Improved download tool.
  • [Bug Fix] Fixed a bug were a very long configuration file could crash the server.
  • [Bug Fix] Fixed a bug were a rewriterule “passthrough” flag would miss the implied “L” flag.
  • [Bug Fix] Fixed a bug were loading RewriteFile would fail if the RewriteFile directive was in the middle of the
    rewrite rules.

PageSpeed Module

  • [Bug Fix] Fixed a bug involving configuration parsing at the context level.

Cache Module

  • [Bug Fix] Fixed a bug involving shmpool using parameter no-vary.
  • [Bug Fix] Fixed a bug where the PURGE function would not work in some case.


Server Core

  • [Security] Removed DES-CBC3-SHA from default cipher suite to avoid failing current PCI scan.
  • [New] Added HTTP/2 Server Push.
  • [New] Added Japanese translations to the WebAdmin. (Thanks to Kazu Nito!)
  • [Update] Updated the Example VHost page.
  • [Bug Fix] Fixed a bug in sendstaticfile that caused too many memory mapped files to be opened.
  • [Bug Fix] Fixed a bug in StaticFilecache reference counting that sometimes caused crashes.
  • [Bug Fix] Fixed a bug in httpParser that sometimes caused crashing.
  • [Bug Fix] Fixed a bug in handleEvents that could result in an infinite loop.

Cache Module

  • [Update] Updated the default cache module settings to more reasonable values.
  • [Bug Fix] Fixed a bug where temporarily opened files would not be closed.


Server Core

  • Added module info to output when running OpenLiteSpeed with –version;
  • Added more PHP SERVER variables.
  • Fixed a bug that sometimes causes responses to have multiple content-type headers.
  • Fixed a bug that sometimes caused an ininite loop in spdy/http2 connections.
  • Fixed a bug where “requests per second” throttling would not work.
  • Updated rewrite rules to support ‘”‘ in the ENV value.

PageSpeed Module

  • Updated Pagespeed library to

Cache Module

  • Added addETag to cache parameters to make it possible to force add an etag for a cached item.
  • Fixed a bug related to “cache-vary” environments.
  • Updated status codes for stored dynamic content to allow values other than 200.
  • Updated to support multiple purge headers.
  • Updated to support multiple purged tags in one purge header.
  • Added functionality to the purge response header to mark a cached page as stale.
  • Added functionality to the purge response header to purge by URL.


Server Core

  • Added configuration options to specify the locations of the real time report and .status files.
  • Updated the look of the Example page.
  • Protected against the target=_blank vulnerability.
  • Fixed a bug where the server would return a 400 error when it received an HTTP PATCH requests.
  • Fixed a bug that sometimes caused core dumps due to a static file cache memory error.


Server Core

  • Updated ./configure to support customizing the WebAdmin listener port with the “–with-adminport” parameter.
  • Updated dist/ to handle incorrect parameters during installation and ./configure.
  • Updated the WebAdmin to add vhdomain and vhaliases to the virtual host’s .conf file when instantiating from a vhost
  • Fixed shm folder permissions.
  • Fixed a bug where vhost aliases weren’t being set correctly.
  • Fixed a bug where www.HOSTNAME and HOSTNAME did not have the same VHOST during comparison.
  • Fixed a bug where the server level External App suEXEC User and suEXEC Group settings were not used.
  • Fixed a bug that sometimes caused 503 errors.


Server Core

  • Improved open file cache efficiency.
  • Real time report data will now be written to /dev/shm if available.
    (instead of /tmp/lshttpd).
  • Fixed a bug where when handling static files, the number of open files would keep growing, sometimes causing a 503



  • Security: Automatically block HttpProxy attacks with no configuration needed.

Server Core

  • Remove dependency on the operating system’s version of openssl by statically linking to the latest stable openssl
    libraries from the source code.
  • Fixed a compatibility issue between chrome (versions 51+) and openssl versions < 1.0.2 that would force HTTP/2
    connections to HTTP 1.1.
  • Fixed a bug where openssl 1.0.2 sometimes caused server crashes.
  • Fixed a bug where sendfile may cause compiling error.


Server Core

  • Updated RewriteEngine::expandEnv() to parse cache-control:vary and cache-vary when setting the request environment.
  • Removed the “Content-Encoding: none” response header.
  • Fixed a bug that sometimes caused crashes when using SSL connections.
  • Fixed a bug that caused SSL connections to reset to HTTP in some cases.
  • Fixed a bug in rewritefile loading that could cause crashing.
  • Fixed a bug where envHashT was case-sensitive, causing matching problems.

PageSpeed Module

  • Updated to detect HTTPS connections more accurately.
  • Cache TTL time is now set to 30 seconds if the page is set for a longer time.
  • The cache-control header is now kept if contained in the original response.
  • Fixed a bug that sometimes caused crashes during a graceful restart.

Cache Module

  • Fixed bug where public cache was not being used.
  • Fixed a bug where IPs of different lengths would cause public cache key verification to fail.
  • Fixed a bug that caused cache-control: max-age to not work.
  • Fixed a bug where the X-Litespeed-Cache-Control response header would sometimes not work.


Server Core

  • Updated the eventCbQue to make it more stable.
  • Added APIs to support event callbacks.
  • Fixed a SPDY bug that caused the connection to drop if it cannot flush anything in 20 seconds.
  • Fixed a bug where SPDY and HTTP2 streams would hang when the connection buffer was full.
  • Fixed a bug that caused incorrect version information to be displayed in the WebAdmin Console.

PageSpeed Module .

  • Updated to the latest PSOL library.
  • Fixed a bug that could cause a crash when configuration parameters are empty.
  • Code optimization relating to memory use/passing.
  • Updated module configuration format to be compatible with PageSpeed module configurations for Apache and Nginx.
  • The outcome of parsing configuration parameters will now be written to log.

Cache Module

  • Fixed a bug that prevented the public cache from being purged.
  • Cache object hashkey are now re-calculated if the response headers contain a “set-cookie” header when creating a
    cache entry to avoid invalidating the cache.



  • WebAdmin will now display a notice when a newer version of OLS is available.
  • Added modinspector module which scans uploaded files.
  • Updated removed pushd and popd as some platforms don’t support them.
  • Improved static file serving speed by adding url and static file cache mapping.
  • Optimized epoll to avoid sending an extra EPOLL_CTL_MOD after EPOLL_CTL_ADD.
  • Optimized the fixed response header by adding a method.

Bug Fixes

  • Fixed a bug related to proxying name based rewrite rules.
  • Fixed a bug in the pagespeed module where query strings were not treated as a part of the uri.
  • Fixed a bug in our rewrite engine log where more parameters were printed than intended.
  • Fixed a bug where sendfile() sometimes caused crashes when the browser required gzip.
  • Fixed a bug where the H2Stream peer count was inaccurate due to a delay between sending FIN and removing the stream.



  • Updated GeoIP to detect bad databases.
  • Fixed a bug in HTTP2 stream window update handling.
  • Changed example vhost configuration to use server’s error.log.
  • Added more APIs to lsiapi.
  • Updated httpextconnector to handle big files.
  • Updated admin/misc/ to support more download methods.
  • Add $VH_DOMAIN variable support for VHost configuration.
  • Updated the case where the request is a small file and gzip is enabled. Previously, always used gzip. Now, only use
    gzip for larger files, as compressing smaller files made them larger.
  • Updated modpagespeed to be more compatible with the cache module.

Cache Module

  • Updated cache to support context level changes to the Vhost settings.
  • Fixed an error that occurred when calculating the length of cached headers.
  • Updated to store file size, inode, and lastMod to cacheHeader instead of entry. Cache Entries will lose this info
    after a server reboot.

PageSpeed Module

  • Update PSOL lib to v1.9.32.10 stable.
  • Fixed a bug in LsiBaseFetch::DecrefAndDeleteIfUnreferenced() that may cause crashes.
  • Fixed a bug where modpagespeed where it detected the http version incorrectly.
  • Updated InPlaceBodyFilter() to make it work with html-rewrite mode.
  • Added a response header X_LS_PAGESPEED for when this module handled the request.

Bug Fixes

  • Fixed a bug where in some cases, OLS will reply “Content-length: -1”.
  • Fixed a bug where if the response header contains a key without a value, it will crash.
  • Fixed a bug where HttpReq::postProcessHost() gives a wrong m_iHostLen value and may cause a crash.
  • Fixed a bug in HttpReq::getUGidChroot() to handle the case where m_pVHost is set, but m_pContext is NULL.



  • Updated pagespeed module to work with the cache module.
  • Updated cache module to support more parameters, use a shared memory cache manager, and PURGE from trust IP.
  • Added more APIs to LSIAPI.

Bug Fixes

  • Fixed an HTTP/2 bug that selected ‘h2c’ during negotiation.
  • Fixed an HTTP2 bug which caused multiple line headers errors.
  • Fixed an xpool bug that could cause crashing.
  • Fixed a bug that caused partial content to be returned when a proxy server replies with content-length and OLS
    compresses/decompresses with content-length unchanged.
  • Fixed a bug where in some cases modgzip and the internal gzip both perform compression, causing the client to
    display incorrectly.
  • Fixed a bug in ls_lock which caused an error on MAC and FreeBSD.
  • Fixed a bug in rewrite map configuration parsing which caused crashing.
  • Fixed a bug that failed to flush ending chunk “0\r\n\r\n” when EAGAIN returned from a previous write().
  • Fixed a bug where request rate throttling would not work.
  • Fixed a bug where GeoIP config didn’t match the conf file.



  • Updated HttpMime and HttpContext level MIME code
  • WebAdmin and tooltips updated

Bug Fixes

  • Fixed a bug where matching contexts used server level suffix handler instead of vhost level.
  • Fixed a bug in plain text configuration parsing.
  • Fixed a lua module bug.
  • Fixed a bug causing a seg fault in aho if input was not valid.
  • Fixed a bug where an errorlog would sent even if successful.



  • Added SSL Session configuration to Webadmin.
  • Added support for ARM architecture.
  • Added logic to skip chacha ciphers.

Bug Fixes

  • Fixed a bug that sometimes caused SSL context to fail.



  • Added SSL Ticket and SNI logic.
  • PageSpeed module upgraded and psol lib changed to version
  • Support added for large files in API, sendfile, and request body.

Bug Fixes

  • Fixed a bug in testing mmap() causing a return failure.
  • Fixed a bug in reqParser where 0 byte files were treated as 2 byte files.
  • Fixed HTTP/2 related errors reported by h2spec 1.1.1.
  • Fixed a bug causing crashing in xmlnode If node is null.
  • Fixed a bug that caused PHP generated 304 pages to hang (github issue #48).
  • Fixed a bug in updateClientInfoFromProxyHeader() that broke IPv6 support.
  • Fixed various bugs and updated tooltips in WebAdmin.



  • Includes PHP 7 Beta 1 support.
  • SPDY/HTTP2 will now be installed by default. To disable, use ./configure –enable-spdy=no during installation.
  • Changed internal logging system (Logs will still look the same).
  • Refactored userEventNotifier and renamed it to EvtCbQue.
  • PageSpeed module upgraded to use Google PSOL Library v1.9.32.4.

Bug Fixes

  • Fixed a bug that may cause SPDY to hang.
  • Fixed a bug in HttpRespHeader that may cause a crash.
  • Fixed a bug related to range request handling.
  • Fixed a bug in the pagespeed module that may cause a file size increase.


Bug Fixes

  • Fixed some HTTP/2 and SPDY bugs introduced in 1.4.9, which may cause 404 errors and long page loading time.



  • Added PHP 7 compilation support.
  • Added Request Body Parser.
  • Created new LSIAPI functions to access parsed request body data.
  • Created an internal file upload module which makes files upload faster and saves server CPU time.
  • Added an uploadprogress module which displays the progress of uploading files.
  • Added demonstration page “upload.html” and “upload.php” to example/index.html to show how to use new features.
  • Added an uploadchecker example module demonstrating examples of how to use new features and APIs.
  • Updated default cipher configuration.

Bug Fixes

  • Fixed a SPDY bug involving the default window size setting.
  • Fixed bug in httpvhost that could cause a potential crash.
  • Fixed internal bugs in SPDY/HTTP2.
  • Fixed bug causing URL encoding issues.



  • Created Adaptive Array Structure, updated internal structures to use the new class.
  • Contexts now accept path wildcard matches.

Bug Fixes

  • Fixed bugs in HTTP/2 implementation.
  • Fixed bugs in Object Pool, caused memory access errors.
  • Fixed bug in Pagespeed, did not handle a specific error code.
  • Fixed bug with server side max stream limit.
  • Fixed bug with default process count, causing server to create too many processes.
  • Fixed various bugs related to SSL, caused different issues.
  • Fixed bug that caused compiler based issues.
  • Fixed bug in lua makefile.
  • Fixed bug in ChunkOS.
  • Fixed bug in HTTP session handling, may cause crash.
  • Fixed bug in module handling, may cause crash.
  • Fixed bug in SPDY.
  • Fixed bug in accesslog, possible buffer overflow.



  • Improved HTTP/2 implementation to be more strictly conforming to HTTP/2 specification. It now passes H2Spec test
  • Improved HTTP/2 Performance.
  • Improved LSIAPI internal logic.
  • Improved SHM locking and SHM hash container stability.
  • SSLv2 ciphers are now disabled by default.
  • Enhanced the server’s SSL Renegotiation Protection.

Bug Fixes

  • Fixed a memory leak in the request header handling logic.
  • Fixed bugs within the Server API related to accessing AutoBuf memory.
  • Fixed bug causing static file compression to not work.
  • Fixed bug causing static file compression to bypass the module decompression flag.
  • Fixed bug in LSIAPI causing some modules to not work properly.
  • Fixed bug in modpagespeed’s basefetch class that may cause the server to crash.



  • Added more HTTP/2 error handling to detect invalid compression code.
  • Updated httprespheader to support header size limit settings.
  • Improved the method of searching both static header table and dynamic header table.
  • Improved LSIAPI callback function calling implementation.
  • Fixed bug causing high CPU use with HTTP/2.
  • Fixed HTTP/2 encoding error.
  • Fixed bug causing sendfile to not work properly in certain cases.
  • Fixed bug causing AIO-related crashes.
  • Fixed a locking bug in lsshmpool.

Cache Module

  • Fixed a memory leak.



  • Updated HTTP/2 support to draft 17.
  • Fixed bug causing HTTP/2 string to not be displayed in the error log.
  • Fixed bug causing HTTP/2 to not handle uploading big files.
  • Fixed bug causing OPTIONS requests to not be handled.
  • Fixed bug in PCRE functions.
  • Fixed bug in PHP build tool when used on Debian.

PageSpeed Module

  • Update module to use latest stable PSOL library:

Lua Module

  • Added More Lua SAPI support and improved internal Lua logic.

LiteSpeed Runtime Library

  • Updated shared memory internal logic.



  • Added support for HTTP/2 draft 16 (ALPN, NPN and upgrade).



  • Automatically redirect to HTTPS when SSL_Accept fails for an HTTPS page because the request is a plain HTTP request.
  • Added more LSIAPI functions.
  • Updated
  • Fixed a bug causing shared memory to fail while initializing.
  • Updated PCRE m4 file that may cause installation failure.
  • All bug fixes included in 1.3.6.

Cache Module

  • Updated cache module to use $VH_ROOT, $VH_NAME and $SERVER_ROOT variables in storagepath parameter.
  • Fixed a hidden URL path bug which may cause errors.

PageSpeed Module

  • Added support of In-Place Resource Optimization.
  • Update supported PSOL to
  • Fixed bug causing PageSpeed to not build correctly on CentOS 5.


Feature enhancements

  • Added LiteSpeed runtime library.
  • LSIAPI code refactoring.
  • Re-engineered WebAdmin console.
  • Added multiple language support. (English and Chinese currently included.)
  • Added PageSpeed Module v1.0- (beta).
  • Security: Block headers starting with Shellshock signature.

Bug fixes

  • Bug fix: Problem with range requests for a file with a size of zero.
  • Bug fix: SSL error during OCSP response verification.
  • Bug fix: Firefox does not send “Accept-Encoding” header over SPDY.


Feature enhancements

  • Secure ciphers used by default.
  • Added “Proxy-Host” environment handling for rewrite engine.
  • HTTP_END HANDLER_RESTART hook no longer initialized statically. It is only set up when gzip is used.
  • Optimized HttpRespHeaders::reset().
  • Eliminated error message when RCS does not exist.
  • Internal modules have default priority set.
  • If both .conf and .xml configuration files exist when upgrading to 1.4.x, the old .conf file will be removed before
    converting .xml config files to .conf.

Bug fixes

  • Fixed a bug that referenced a NULL pointer.
  • Fixed pointer not advancing after appending query string.
  • Fixed gzip bugs.
  • Fixed uninitialized variable bug.


Major feature enhancements

  • Added mod_lua, a module for handling Lua.
  • Added shared memory functionality to LSIAPI.
  • All configuration files are converted to plain text (including those generated by the WebAdmin console).
  • Virtual host configuration files are now stored under the new /usr/local/lsws/conf/vhosts directory.
  • Added RCS (Revision Control System) integration to allow automatic backups and version control of all config files.
  • Added script for recovering previous XML configurations when downgrading below version