- [Security] Addressed recent HTTP/2 DoS advisories. Fixed CVE-2019-9512 “Ping Flood”, CVE-2019-9515 “Settings Flood”, CVE-2019-9516 “0-Length Headers Leak”, and CVE-2019-9518 “Empty Frames Flood” vulnerabilities. Completely blocks unaffected attacks: CVE-2019-9511 “Data Dribble”, CVE-2019-9513 “Resource Loop”, CVE-2019-9514 “Reset Flood”, and CVE-2019-9517 “Internal Data Buffering”.
- [Bug Fix] Fixed a REMOTE_ADDR env bug for IPv6 that caused roundcube errors.
- [Security] Updated jquery library from version 2.1.1 to 2.2.4, addressing a cross site scripting vulnerability present in the earlier version.
- [Improvement] Added support for HTTP response code 413: response is larger than defined max dynamic response length.
- [Improvement] Updated install.sh script to make it compatible with FreeBSD.
- [Bug Fix] Fixed a dllibmodsecurity.sh bug that was causing module modsecurity to fail to build on some operating systems.
- [Bug Fix] Fixed lsrecaptcha build script getting called incorrectly in the configure.ac script.
- [Bug Fix] Fixed a bug that caused the server to returned a 404 response code, instead of a 403 response code, when a file had a permission issue.
- [Bug Fix] Fixed “empty response” bug when serving responses larger than 2GB.
- [Bug Fix] Fixed an autoLoadHtaccess bug in automatically created contexts where only the first level sub-directory of a Vhost would be loaded.
- [Bug Fix] Fixed a crash bug when server info was set to display in the response header.
- [Bug Fix] Fixed a bug when attempting to get new directory paths when automatically adding missing contexts.
- [Bug Fix] Fixed a forcedType bug of causing extApps to always use server level settings regardless of VHost level settings.
- [Security] Perform actions as the autoupdate directory owner in related function.sh and server core code.
- [New Feature] Added testbeta.sh file to final installation directory.
- [Update] Updated dllibmodsecurity.sh to improve modsecurity-ls module support and prevent failure to build on FreeBSD systems.
- [Update] Updated install.sh to make sure that the current user and group are checked correctly.
- [Bug Fix] Fixed a crash when detecting OS/platform.
- [Bug Fix]Fixed a server core bug that was causing high load.
- [Update] Removed unnecessary empty lines when saving the config file.
- [Update] Added ReadOnly Mode, to avoid overwriting crucial config information, when an include file is detected in the config.
- [Bug Fix] Fixed an issue where previous settings may have been wiped out when adding more Environment variables in External App.
- [New Feature] Added support fo multiple access logs (at most 4) for each Vhost.
- [Improvement] Only check-in plain conf file with when the conf file is updated.
- [Bug Fix] Fixed a bug where the “SERVER_ADDR” variable was not set.
- [Bug Fix] Fixed “listening port occupied” bug when using the service restart command.
- [Bug Fix] Fixed a VHost error log bug that where https content was only partially recorded.
- [Bug Fix] Fixed cache module not working when using a reverse proxy.
- [New] 1.5.1 includes updates from 1.4.43 to 1.4.47.
- [Update] Added lsrecaptcha support.
- [Update] Added support for CGroups, a Linux kernel feature that limits and isolates resource usage.
- [Bug Fix] Fixed an issue in modgzip which may cause a server crash in some cases.
- [Bug Fix] Fixed an issue where the HTTP_END hook point is not placed correctly, causing module data not to be released in some cases.
- [Bug Fix] Fixed an issue in the cache module, where backend errors cause zero-length content to be saved and served.
- [Bug Fix] Fixed a bug where using a NULL ntwkiolink Handler would cause a crash.
- [Bug Fix] Fixed a logger bug where a NULL appender was sometimes used causing a crash.
- [Bug Fix] Fixed a bug where cgi/php response body was being converted to lowercase.
- [Bug Fix] Fixed an ip2location configuration bug.
- [Bug Fix] Fixed a bug where cookies not reset on next use could cause a crash.
- [Bug Fix] Fixed a bug where loading and using cache and pagespeed modules at the same time could cause an internal
- [Bug Fix] Fixed a cipher previously rejected by chrome.
- [Bug Fix] Fixed a bug where comparing a string could cause a crash.
- [New] Multi-Thread APIs.
- [New] Module Developer Guide.
- [Update] Added more Multi-Thread example modules.
- [Bug Fix] All known bugs have been fixed.
- [New] Initial Release! See our Installation Guide.