Version 1.6.x

Legacy Releases

V1.6.21 Stable


Server Core

  • [New Feature] Zero downtime graceful restart.
  • [New Feature] Allow Proxy External Apps to proxy to Unix Domain Sockets.
  • [Bug fix] Address random crashing in Layer4 handler.
  • [Misc] Address most compiler warnings.

V1.6.20 Stable


Server Core

V1.6.19 Stable


Server Core

  • [Improvement] Address Sanitizer build now works properly.
  • [Improvement] Better debug logging.
  • [Bug Fix] Address memory leaks in cache engine, server configuration, and other components.
  • [Bug Fix] Properly handle request/response headers up to 64KB in size.
  • [Bug Fix] Correct TLS session Ticket key rotation with short timeout.
  • [Bug Fix] Address memory access problems causing random crashes in a few cases.

V1.6.18 Stable


Server Core

  • [Tuning] Update to support centos8 and ubuntu20.
  • [Tuning] Update HttpVHost::addPythonApp() to allow 4 ENV values (PYTHONPATH, LSAPI_STDERR_LOG, LSAPI_CHILDREN, LSAPI_KEEP_LISTEN) to be set from the config file (previously hard-coded).
  • [Tuning] Adjust HttpServerImpl::gracefulShutdown() to setSigStop to avoid crash.
  • [Bug Fix] Piped access logger should work now.
  • [Bug Fix] Update checkCtrlEnv() to enable multiple “vary” values to be added for cache varycookie.
  • [Bug Fix] Update HttpSession::smProcessReq() to add ‘HSF_REQ_BODY_DONE’ processing to ‘HSPS_HANDLER_PRE_PROCESSING’.


  • [Bug Fix] Fixed two congestion controller bugs that led to poor performance in some circumstances.
  • [Bug Fix] Fixed a few small memory leaks.
  • [Bug Fix] Fixed a bug in HTTP/3 framing.
  • [Bug Fix] Fixed IETF QUIC handshake bug when client’s Initial packet arrives late.

V1.6.17 Stable


Server Core

  • [Tuning] Update to create a symlinked file for lsws.service to improve lsws service compatibility in CentOS 7.
  • [Tuning] Follow ip2location 8.1.4 library API changes.
  • [Tuning] Add MIME type image/avif.
  • [Tuning] Send HTTP/2 connection GOAWAY frame as soon as all streams are finished during server graceful shutdown.
  • [Tuning] Use localtime instead of gmtime for strftime() when printing timestamps in access log.
  • [Bug Fix] Correct an IPv6 matching issue when accessing allow/deny IP list.
  • [Bug Fix] Remove some incorrect asserts that were causing crashes.
  • [Bug Fix] Add ‘connection’ header to cache module Bypass Header list so that cache can work with HTTP/2 for Safari, curl, and so on.
  • [Bug Fix] Corrected Reverse NOESCAPE flag logic for redirect actions.
  • [Bug Fix] Update AccessLog::customLog() to ensure appended buffer is less than available space.
  • [Bug Fix] Add Missing “x-Forwarded-For” header ID conversion from gpack decoded header.


  • [Bug Fix] Plug memory leak in IETF full conn dtor: cleanup closed IDs sets.
  • [Bug Fix] Plug Memory leak: free pushed promise when refcnt is zero.
  • [Bug Fix] Deactivate only *recent* HQ frame, not any HQ frame.

WebAdmin Console

  • [Bug Fix] Correct access log settings in template config.
  • [Bug Fix] Address unwanted behavior for log viewer browsing buttons.

V1.6.16 Stable


Server Core

  • [New Feature] Apply Expires header to range responses and FLV/h264 streams.
  • [New Feature] Add HTTP/2 GREASE frame and GREASE for SETTINGS support. (Refs:,
  • [Update] Upgrade LSQUIC to v2.12.8 (
  • [Update] Support ‘-b’ (under development) option in
  • [Tuning] LSAPI get_req_header_by_id() now sets the returned valLen value in all cases.
  • [Tuning] No longer convert ‘*:port’ to ‘’ while parsing the config.
  • [Tuning] Update to build libbcrypt when installing the server.
  • [Tuning] Update HttpContext::configRewriteRule() to match the max line length when using plain conf.
  • [Bug Fix] Normalize listener socket address, especially for IPv6, so it can match the listener address passed from the previous instance during a graceful restart.
  • [Bug Fix] Address a crash bug in cache module.
  • [Bug Fix] Address a bug that was preventing Rails applications from running correctly.
  • [Bug Fix] Update autoindex script to make page layout responsive and no longer follow symbolic links.
  • [Bug Fix] htmlspecialchars() no longer returns a blank string without the ENT_SUBSTITUTE flag for special chars.


  • [Bug Fix] Correct access log settings in template config.
  • [Bug Fix] Address unwanted behavior for log viewer browsing buttons.

V1.6.15 Stable


Server Core

  • [Major New Feature] Bubblewrap isolated CGI/PHP execution environments.
  • [Update] Upgrade installation LSPHP to v74.
  • [Update] Update LSQUIC to v2.12.7. (
  • [Tuning] Localize WebAdmin Console Google fonts and JS files.
  • [Tuning] Set default server config file ‘compressibleTypes’ value to “default” (use the built-in defaults which already contain most common types such as ‘application/json’ etc).
  • [Tuning] Change reCAPTCHA API URL from ‘’ to ‘’ to avoid blocking in some countries.
  • [Tuning] Avoid reCAPTCHA verification for ‘/.well-known/’ URL.
  • [Tuning] Detect ‘X-Real-Ip’ header in a similar way to the ‘CF-Connecting-IP’ header and update client IP info accordingly.
  • [Tuning] Use $VH_NAME instead of ‘Example’ conf/vhosts/Example/vhconf.conf.
  • [Bug Fix] Address some crash issues in server DEBUG version.
  • [Bug Fix] Address uninitialized number comparison bug in HttpReq::classifyUrl().
  • [Bug Fix] Avoid crash caused by using failed ChunkOutputStream::write() call return values.
  • [Bug Fix] Do not suspend write if there is still pending data at the SSL layer
  • [Bug Fix] Address memory leak caused by failure to save pending xpool bigblock linked list.
  • [Bug Fix] Address PHP scripts changing error page status codes to 200.
  • [Bug Fix] HttpServerImpl::onTimer30Secs is no longer run while server is in the middle of quitting.
  • [Bug Fix] Tune RadixNode::getHeader() to avoid accessing passed in NULL pointers.

V1.6.14 Stable


Server Core

  • [Update] Add ruby-lsapi-5.0 gem compatibility to RackRunner.rb. (Similar to LSWS implementation)
  • [Update] Cache module now bypasses a number of pre-defined varies to avoid encountering a 500 error for those cases.
  • [Update] Upgrade LSQUIC to v2.12.4
  • [Update] Add ubuntu 20 support to
  • [Bug Fix] Correct a cache engine bug that was causing file writes to occur in the wrong location in the file.
  • [Bug Fix] Correct ownership/permissions for conf directory and its sub-directories.
  • [Bug Fix] Server should now correctly use a newly assigned unix domain socket address when the default socket address is already occupied.

V1.6.13 Stable


Server Core

  • [Security] Limit sample upload testing page to only support jpeg file uploads.
  • [Security] Prevent access log from being set to ‘/etc’. ‘/tmp’, or ‘/bin’ directories.
  • [New Feature] Added support for error code 451 “Unavailable For Legal Reasons”.
  • [New Feature] Cache hit info is now included in real time stats file.
  • [Update] Updated LSQUIC Library to v2.12.2. (
  • [Improvement] Update installation script to generate self-signed certificates that are supported by Mac OS browsers.
  • [Improvement] lsadm is now added to current server defined group on server start if not already set.
  • [Bug Fix] Fixed an uninitialized pointer bug introduced in the latest version of the mod_sec module.
  • [Bug Fix] Fixed a plainconf parsing bug with module handler contexts.
  • [Bug Fix] Fixed a pagespeed module compilation issue for Debian and Centos8 systems.
  • [Bug Fix] Fixed a variable not defined error when executing freebsdFix() in script
  • [Bug Fix] Server no longer tries to add mod_gzip to the current session when session hook is not initialized.

V1.6.12 Stable


Server Core

  • [Bug Fix] Fixed a rewrite conf parsing bug that could cause a 404 for some existing pages.

V1.6.11 Stable


Server Core

  • [Update] Updated LSQUIC to v2.12.1. (
  • [Improvement] Config files are now parsed more quickly.
  • [Tuning] Change default “disableInitLogRotation” value to 1 for error log.
  • [Tuning] Updated some log message levels to reduce redundant log messages.
  • [Bug Fix] Fixed mod_security.cpp v3.0.4+ compilation errors .
  • [Bug Fix] HttpVHost::addPythonContext() now updates the python context to avoid naming the virtual directory to the same name as the physical directory.
  • [Bug Fix] Fixed a output result error.

V1.6.10 Stable


Server Core

  • [Security] Prevent setting log file names ending in “.php”, “.php71”, etc.
  • [Improvement] Added support for Centos8.
  • [Update] Prevent assignment of port 80 or port 443 to WebAdmin Console.
  • [Update] Updated Example/upload.html to display more information about related optional modules.
  • [Update] Updated to support systemctl.
  • [Bug Fix] Fixed a rare logging crash.
  • [Bug Fix] Fixed a crash when UserAgent header value was empty.
  • [Bug Fix] Fixed a compilation issue on Centos.
  • [Bug Fix] Fixed lsphp installation issues for Centos.
  • [Bug Fix] Fixed a few hidden Http/2 bugs.
  • [Bug Fix] Fixed mod_security compilation issue.



Server Core

  • [Improvement] Fixed access log entries listing HTTP/1.1 for HTTP/2 connections.
  • [Update] Reduced the number of QUIC log entries written at lower levels.
  • [Update] Updated LSQUIC to v2.10.6.
  • [QUIC] Fixed HTTP/3 framing: don’t misinterpret rare occurence as error.
  • [QUIC] Fixed compilation on FreeBSD.
  • [Bug Fix] Fixed file uploads failing for QUIC connections.
  • [Bug Fix] Fixed some errors with the tool.
  • [Bug Fix] Fixed lswsctrl restart command failing on CentOS.



Server Core

  • [New Feature] Expired cache entries are now automatically removed to free up space.
  • [New Feature] Updated cache to only serve litespeed cache related headers for frontend requests.
  • [New Feature] Skip rewrite processing for Let’s Encrypt verification requests.
  • [Improvement] Fixed some minor issues in internal cache manager module.
  • [Improvement] REFRESH URI cache requests are now equivalent to a stale purge.
  • [Improvement] Added response header entry for URI stale purge.
  • [Improvement] Improved cache purge accuracy.
  • [Update] Update context configure to auto add a trailing ‘/’ to the location if it is a directory.
  • [Update] Update tool to add support the -e paramater flag which is used to only upgrade binaries.
  • [Bug Fix] Fixed cache cleanup not getting called when “storagepath” config setting was not set.
  • [Bug Fix] Fixed a crash bug when parsing rewrite rules that occured in very rare cases.



Server Core

  • [Tuning] Ensure that buffered SSL data is flushed near the end of related event processing.
  • [Update] Updated lsquic to version 2.10.1 (
  • [Bug Fix] Fixed a code regression causing some old bugs to be reintroduced (Cannot enable QUIC, http2 upload issue, etc).
  • [Bug Fix] process start time is now detected correctly.
  • [Bug Fix] Fixed a NodeJS wrapper script failing to handle startup files referenced by absolute path.



Server Core

  • [Security] Update WebAdmin Console to avoid serving PHP files not belonging to it.
  • [New Feature] Skip rewrite processing for Let’s encrypt verification requests.
  • [New Feature] Add “Subject Alternative Name” item to self signed certificate.
  • [Update] Updated lsquic to version 2.9.0 (
  • [Bug Fix] Fixed “uninitialized member”, “connect with empty socket address”, and “virtual memory buffer uninitialized” crash bugs.
  • [Bug Fix] Fixed a resource leak bug caused by unclosed file handles.
  • [Bug Fix] Fixed static file contexts not serving correctly.
  • [Bug Fix] reCAPTCHA verification page is no longer cached.
  • [Bug Fix] Fixed old server process lingering after restart when active QUIC clients existed.



Server Core

  • [Security] Initial webadmin password for new installations is now randomized.
  • [Security] Improved WebAdmin Console security by strictly checking request URLs.
  • [Update] Incorporated version 1.5.10 changes.
  • [Update] Updated lsquic to version 2.8.3 (
  • [Update] Updated WebAdmin Console to show new releases for both the current release branch and the latest release branch.
  • [Update] Updated Cache module to track and write file errors and abort serving files from cache when an error occurs.
  • [Bug Fix] Disable memory mappping when serving static files to avoid crashes in some cases.
  • [Bug Fix] Fixed a memory access bug when logging errors.
  • [Bug Fix] Fixed some crashes involving Spdy connections in older browsers.
  • [Bug Fix] Fixed handling for virtual host URIs that do not end in a ‘/’ character.
  • [Bug Fix] Fixed cache timer not being called when no cache storage path was set.



Server Core

  • [Updated] Added some lsphp73 dependencies to installation.
  • [Update] Updated lsquic to version 2.6.5(
  • [Bug Fix] Fixed “use after free” issue by Avoiding recursive NtwkIOLink::handleEvents() calls.
  • [Bug Fix] Fixed permission issues with `autoupdate/` and `tmp/` directories.
  • [Bug Fix] Fixed a bug that caused excessive buffering for HTTP/2 connections.
  • [Bug Fix] Fix Context level external redirects causing errors.



Server Core

  • [New Feature] Added support for ‘LS_STDERR_LOG’ environment variable to set up the stderr log file for started processes.
  • [Update] Update mod_security-ls to always go through reqbody and respBody phases.
  • [Update] lsphp 73 is now used on Linux platforms.
  • [Update] Updated lib lsquic to v2.6.3(
  • [Update] Default conf values for maxConns, procSoftLimit, procHardLimit, and env PHP_LSAPI_CHILDREN have been changed to be more reasonable.
  • [Bug Fix] Fixed a cache module and mod_security-ls conflict that could cause a crash.
  • [Bug Fix] Fix some mod_security-ls compilation issues.

Cache Module

  • [Bug Fix] Fixed a rare crash that occurred when failing to create new cache entries.



Server Core

  • [Update] Removed libgeoip dependency.
  • [Update] Use LSPHP 7 by default.
  • [Update] Update to liblsquic 2.4.10 (fixing several bugs relating to QUIC and HTTP/3).
  • [Bug Fix] Fixed a bug causing a “[modcompress] AddHooks failed” error.
  • [Bug Fix] Fixed “No request delivery notification has been received from LSAPI application …” error being logged when a background process’ running time is larger than 10 seconds
  • [Bug Fix] Fixed debug log toggle not working.
  • [Bug Fix] Fixed Accept-Encoding header being case sensitive.
  • [Bug Fix] Fixed UDS files not being cleaned up.
  • [Bug Fix] Fixed installation issue with the lshttpd service.
  • [Bug Fix] Fixed a network throttling bug that prevented paused SSL connections from being resumed.

Cache Module

  • [New Feature] Added stale purge support. With this feature, only the first visitor to a stale cache page will hit the backend with subsequent visitors getting served the stale cache copy until the page has finished being re-cached by the first request.



Server Core

  • [Improvement] Restart detached PHP processes when PHP binary is changed.
  • [Update] Update HTTP/3 support to include the latest HTTP/3 draft (h3-23).
  • [Update] Update QUIC to make BBR congestion control the algorithm used by default.
  • [Update] Update some error log message levels to be more reasonable.
  • [Bug Fix] Fixed a memory issue in pagespeed module.
  • [Bug Fix] Fixed some errors to avoid errors.
  • [Bug Fix] Fixed a bug in to ensure that `./configure` still works.
  • [Bug Fix] Fixed an access log bug where traffic byte count was sometimes not reset between requests.



Server Core

  • [Major New Feature] Added Google QUIC and HTTP/3 (Internet Draft 22) support
  • [New Feature] Added, a new build tool to build from source code (including any dependencies) for most platforms in a single click.
  • [Improvement] Added compilation support for FreeBSD, Mac, Ubuntu 19.
  • [Bug Fix] Fixed a PHP memory limit bug.