Version 1.5.x

OpenLiteSpeed Release Log: Version 1.5.x



Server Core

  • [New Feature] Expired cache entries are now automatically removed to free up space.
  • [Update] Incorporated version 1.6.5 changes.
  • [Improvement] REFRESH URI cache requests are now equivalent to a stale purge.
  • [Improvement] Added request variable REQUEST_SCHEME.
  • [Improvement] Added response header entry for URI stale purge.
  • [Improvement] Improved cache purge accuracy.
  • [Bug Fix] Fixed cache sometimes serving empty responses.
  • [Bug Fix] Fixed cache entries sometimes being removed while they were in the process of being cached.
  • [Bug Fix] Fixed cache cleanup not getting called when “storagepath” config setting was not set.
  • [Bug Fix] Fix several server crash bugs.



Server Core

  • [New Feature] Added tool (switch server version, test running status, toggle debug log, etc).
  • [New Feature] Added support for ‘REF_BYTES_TOTAL’ and “SSL_*” reqvars. (Can be added to accesslog format as well)
  • [Improvement] Tested and fixed ownership/permissions for key directories when server starts.
  • [Improvement] Added a global varible to bypass static file cache checks when the pagespeed module is loaded.
  • [Update] Incorporated cache module into server core.
  • [Bug Fix] Fixed LsapiConn::onTimer() logging “No request delivery …” notice too often.
  • [Bug Fix] Fixed several memory leaks.
  • [Bug fix] Fixed IPv6 addresses being treated as IPv4 addresses.
  • [Bug Fix] Fixed a static file cache bug.
  • [Bug Fix] Fixed the old destination for a symlink directory being used when serving static files even after the symlink has been changed to a new location.
  • [Bug Fix] Fixed loaded modules being counted multiple times when multiple ModuleManager::loadModule() commands existed for those modules.
  • [Bug Fix] Fixed a bug where multi cert settings were not being inherited by VHosts.
  • [Bug Fix] Fixed “x-litespeed-cache: miss” header getting saved when storing a cache entry.
  • [Bug Fix] Fix Brotli compression not working in some cases.
  • [Bug Fix] Fix a bug where files larger than 2G could not be sent.
  • [Bug Fix] Fix some crashes.



Server Core

  • [Update] lsphp 73 is now used on Linux platforms.
  • [Bug Fix] Fixed a cache module and mod_security-ls conflict that could cause a crash.
  • [Bug Fix] Fix some mod_security-ls compilation issues.
  • [Bug Fix] Fixed permission issues with `autoupdate/` and `tmp/` directories.
  • [Bug Fix] Fixed a bug that caused excessive buffering for HTTP/2 connections.
  • [Bug Fix] Fix Context level external redirects causing errors.
  • [Bug Fix] Fixed a memory leak.



Server Core

  • [New Feature] Added support for ‘LS_STDERR_LOG’ environment variable to set up the stderr log file for started processes.
  • [Update] Removed libgeoip dependency.
  • [Update] Update mod_security-ls to always go through reqbody and respBody phases.
  • [Bug Fix] Fixed installation issue with the lshttpd service.
  • [Bug Fix] Fixed a network throttling bug that prevented paused SSL connections from being resumed.
  • [Bug Fix] Fixed a crash that occurred when failing to retrieving client info.
  • [Bug Fix] Fixed lsrecaptcha not being used with front-end proxies.

Cache Module

  • [Bug Fix] Fixed a rare crash that occurred when failing to create a new cache entry.



Server Core

  • [New Feature] Added, a new build tool to build from source code (including any dependencies) for most platforms in a single click.
  • [Improvement] Detached PHP processes will now restart when PHP binary is changed.
  • [Update] Disable TLSv1.0 by default for SSL.
  • [Update] Use LSPHP 7 by default.
  • [Bug Fix] Fixed a bug causing a “[modcompress] AddHooks failed” error.
  • [Bug Fix] Fixed debug log toggle not working.
  • [Bug Fix] Fixed a bug causing high CPU issues when using SSL.
  • [Bug Fix] Fixed PHP memory limit being unable to be set higher than 2GB.
  • [Bug Fix] Fixed stream traffic counter not being reset for new connections.
  • [Bug Fix] Fix Accept-Encoding header being case sensitive.

Cache Module

  • [New Feature] Added stale purge support. With this feature, only the first visitor to a stale cache page will hit the backend with subsequent visitors getting served the stale cache copy until the page has finished being re-cached by the first request.



Server Core

  • [Major New Feature] Keep PHP workers running through server restarts with detached mode.



Server Core

  • [Security] Addressed recent HTTP/2 DoS advisories. Fixed CVE-2019-9512 “Ping Flood”, CVE-2019-9515 “Settings Flood”, CVE-2019-9516 “0-Length Headers Leak”, and CVE-2019-9518 “Empty Frames Flood” vulnerabilities. Completely blocks unaffected attacks: CVE-2019-9511 “Data Dribble”, CVE-2019-9513 “Resource Loop”, CVE-2019-9514 “Reset Flood”, and CVE-2019-9517 “Internal Data Buffering”.
  • [Bug Fix] Fixed a REMOTE_ADDR env bug for IPv6 that caused roundcube errors.

Web Admin

  • [Security] Updated jquery library from version 2.1.1 to 2.2.4, addressing a cross site scripting vulnerability present in the earlier version.



Server Core

  • [Improvement] Added support for HTTP response code 413: response is larger than defined max dynamic response length.
  • [Improvement] Updated script to make it compatible with FreeBSD.
  • [Bug Fix] Fixed a bug that was causing module modsecurity to fail to build on some operating systems.
  • [Bug Fix] Fixed lsrecaptcha build script getting called incorrectly in the script.
  • [Bug Fix] Fixed a bug that caused the server to returned a 404 response code, instead of a 403 response code, when a file had a permission issue.
  • [Bug Fix] Fixed “empty response” bug when serving responses larger than 2GB.
  • [Bug Fix] Fixed an autoLoadHtaccess bug in automatically created contexts where only the first level sub-directory of a Vhost would be loaded.
  • [Bug Fix] Fixed a crash bug when server info was set to display in the response header.
  • [Bug Fix] Fixed a bug when attempting to get new directory paths when automatically adding missing contexts.
  • [Bug Fix] Fixed a forcedType bug of causing extApps to always use server level settings regardless of VHost level settings.



Server Core

  • [Security] Perform actions as the autoupdate directory owner in related and server core code.
  • [New Feature] Added file to final installation directory.
  • [Update] Updated to improve modsecurity-ls module support and prevent failure to build on FreeBSD systems.
  • [Update] Updated to make sure that the current user and group are checked correctly.
  • [Bug Fix] Fixed a crash when detecting OS/platform.
  • [Bug Fix]Fixed a server core bug that was causing high load.

Web Admin

  • [Update] Removed unnecessary empty lines when saving the config file.
  • [Update] Added ReadOnly Mode, to avoid overwriting crucial config information, when an include file is detected in the config.
  • [Bug Fix] Fixed an issue where previous settings may have been wiped out when adding more Environment variables in External App.



Server Core

  • [New Feature] Added support fo multiple access logs (at most 4) for each Vhost.
  • [Improvement] Only check-in plain conf file with when the conf file is updated.
  • [Bug Fix] Fixed a bug where the “SERVER_ADDR” variable was not set.
  • [Bug Fix] Fixed “listening port occupied” bug when using the service restart command.
  • [Bug Fix] Fixed a VHost error log bug that where https content was only partially recorded.
  • [Bug Fix] Fixed cache module not working when using a reverse proxy.



  • [New] 1.5.1 includes updates from 1.4.43 to 1.4.47.
  • [Update] Added lsrecaptcha support.
  • [Update] Added support for CGroups, a Linux kernel feature that limits and isolates resource usage.
  • [Bug Fix] Fixed an issue in modgzip which may cause a server crash in some cases.
  • [Bug Fix] Fixed an issue where the HTTP_END hook point is not placed correctly, causing module data not to be released in some cases.
  • [Bug Fix] Fixed an issue in the cache module, where backend errors cause zero-length content to be saved and served.



V1.5.0 RC6


V1.5.0 RC5


V1.5.0 RC5


V1.5.0 RC4


V1.5.0 RC3

Server Core

  • [Bug Fix] Fixed a bug where using a NULL ntwkiolink Handler would cause a crash.
  • [Bug Fix] Fixed a logger bug where a NULL appender was sometimes used causing a crash.

V1.5.0 RC2

Server Core

  • [Bug Fix] Fixed a bug where cgi/php response body was being converted to lowercase.
  • [Bug Fix] Fixed an ip2location configuration bug.
  • [Bug Fix] Fixed a bug where cookies not reset on next use could cause a crash.
  • [Bug Fix] Fixed a bug where loading and using cache and pagespeed modules at the same time could cause an internal
    server error.
  • [Bug Fix] Fixed a cipher previously rejected by chrome.

Cache Module

  • [Bug Fix] Fixed a bug where comparing a string could cause a crash.

V1.5.0 RC1

Server Core

  • [New] Multi-Thread APIs.
  • [New] Module Developer Guide.
  • [Update] Added more Multi-Thread example modules.
  • [Bug Fix] All known bugs have been fixed.

ModLSPHP Module