Version 1.7.x

V1.7.6

2020-11-09

Server Core

  • [New Feature] Add more QUIC configuration settings.
  • [Tuning] Tune some cache module and modsecurity-ls module error messages.
  • [Tuning] Allow handling packets up to MTU 1500.
  • [Tuning] Update install.sh to support centos8 and ubuntu20.
  • [Bug Fix] Update HttpSession::smProcessReq() to add ‘HSF_REQ_BODY_DONE’ processing to ‘HSPS_HANDLER_PRE_PROCESSING’
  • [Bug Fix] Correct an IPv6 matching issue when accessing allow/deny IP list.
  • [Bug Fix] Remove some incorrect asserts that were causing crashes.
  • [Bug Fix] Add ‘connection’ header to cache module Bypass Header list so that cache can work with HTTP/2 for Safari, curl, and so on.

QUIC

  • [Bug fix] Path migration when client uses zero-length connection ID.
  • [Bug fix] Handshake fixes: packet padding and coalescing.

V1.7.5

2020-10-07

Server Core

  • [New Feature] Add HTTP/2 GREASE frame and GREASE for SETTINGS support. (Refs: https://bugs.chromium.org/p/chromium/issues/detail?id=1123912, https://mikebishop.github.io/http-misc-extensions/draft-bishop-httpbis-grease.html)
  • [Update] Support ‘-b” (under development) and ‘-s(address sanitizer version) option in lsup.sh.
  • [Tuning] LSAPI get_req_header_by_id() now sets the returned valLen value in all cases.
  • [Tuning] No longer convert ‘*:port’ to ‘0.0.0.0:port’ while parsing the config.
  • [Tuning] Update build.sh to build libbcrypt when installing the server.
  • [Tuning] Update HttpContext::configRewriteRule() to match the max line length when using plain conf.
  • [Bug Fix] Normalize listener socket address, especially for IPv6, so it can match the listener address passed from the previous instance during a graceful restart.
  • [Bug Fix] Address a crash bug in cache module.
  • [Bug Fix] Address a bug that was preventing Rails applications from running correctly.
  • [Bug Fix] Address a crash bug in HttpReq::shouldAddExpires().
  • [Bug Fix] Address a compilation issue on FreeBSD.
  • [Bug Fix] Address a memory overflow bug caused by an issue with access log custom formats.

QUIC

  • [New Feature] “QUIC bit grease” extension.
  • [New Feature] DPLPMTUD support (RFC 8899).
  • [New Feature] QUIC and HTTP/3 Internet Draft 30,31 support.
  • [New Feature] Adaptive congestion controller.

WebAdmin

  • [Bug Fix] Correct access log settings in template config.
  • [Bug Fix] Address unwanted behavior for log viewer browsing buttons.

V1.7.4

2020-08-26

Server Core

  • [New Feature] “Expires” header can now be applied to range responses and FLV/h264 streams.
  • [New Feature] Add dedicated bcrypt password hash support for HTTP authentication.
  • [Improvement] Add support for Alpine Linux.
  • [Update] Remove duplicate function calls in HttpSession::nextRequest().
  • [Update] Prevent starting cgid in config testing mode in CgidWorker::config().
  • [Update] Example index page now uses absolute paths for css and img files to avoid redirect errors.
  • [Tuning] Use $VH_NAME instead of ‘Example’ in conf/vhosts/Example/vhconf.conf.
  • [Bug Fix] Update autoindex script to make page layout responsive and stop the following of symbolic links.
  • [Bug Fix] delay_stop no longer breaks graceful restart.
  • [Bug Fix] Address PHP scripts changing error page status codes to 200.
  • [Bug Fix] htmlspecialchars() no longer returns a blank string without ENT_SUBSTITUTE flag for special chars.

V1.7.3

2020-07-09

Server Core

  • [Update] Upgrade LSQUIC to v2.18.0.
  • [Update] Upgrade installation LSPHP to v74.
  • [Update] Change reCAPTCHA API URL from ‘www.google.com’ to ‘www.recaptcha.net’ to avoid blocking in some countries.
  • [Tuning] Set ‘compressibleTypes’ value in the default server config file to “default” to use the server built-in defaults which already contain most common types such as ‘application/json’ etc.
  • [Tuning] Avoid reCAPTCHA verification for ‘/.well-known/’ URL.
  • [Tuning] Detect ‘X-Real-Ip’ header in a similar way to the ‘CF-Connecting-IP’ header and update client IP info accordingly.
  • [Tuning] Improve suspend/resume event logic in cases where there is pending data at the SSL layer.
  • [Bug Fix] Correct GeoIP not working issue introduced in v1.7.2.
  • [Bug Fix] Serving chunk encoding data no longer causes crashing.
  • [Bug Fix] Plug a memory leak caused when failing to save pending xpool bigblock link list.
  • [Bug Fix] Updating a file while it is being served no longer causes crashing.

V1.7.2

2020-06-26

Server Core

  • [New Feature] “Use Client IP in Header” setting can now be set to use the last IP listed in the X-Forwarded-For header. (for servers behind AWS ELB)
  • [Update] Incorporate changes from versions 1.6.13 and 1.6.14.
  • [Update] Upgrade LSQUIC to v2.16.3.
  • [Update] Bypass m_request verification in HttpSession::processContextAuth() for /.well-known/acme-challenge/.
  • [Tuning] Improved HTTP/2 code.
  • [Tuning] Set ‘compressibleTypes’ value in the default server config file to “default” to use the server built-in defaults which already contain most common types such as ‘application/json’ etc.
  • [Bug Fix] Correct a VMemBuf::mapNextWBlock bug that was causing crashes.
  • [Bug Fix] Handle unknown status codes by using status code 200 instead.
  • [Bug Fix] Stop comparisons on uninitialized numbers in HttpReq::classifyUrl().
  • [Bug Fix] Address lsrecaptcha incompatibility with IE 11 due to Javascript ‘async’ and ‘await’ keywords.
  • [Bug Fix] Resolve multiple memory related bugs.

V1.7.1

2020-04-17

Server Core

  • [Security] Prevent setting log file names ending in “.php”, “.php71”, etc.
  • [New Feature] Added support for error code 451 “Unavailable For Legal Reasons”.
  • [Update] Updated LSQUIC to v2.12.1. (https://github.com/litespeedtech/lsquic/releases/tag/v2.12.1)
  • [Update] Prevent assignment of port 80 or port 443 to WebAdmin Console.
  • [Improvement] Config files are now parsed more quickly.
  • [Improvement] Added support for Centos8.
  • [Tuning] Change default “disableInitLogRotation” value to 1 for error log.
  • [Bug Fix] Fixed some modsecurity module compilation errors.
  • [Bug Fix] Fixed a rewrite conf parsing bug that could cause a 404 for some existing pages.
  • [Bug Fix] HttpVHost::addPythonContext() now updates the python context to avoid naming the virtual directory to the same name as the physical directory.

V1.7.0 RC1

2020-03-04

Server Core

  • [New Feature] Added SO_REUSEPORT feature for server listening sockets to improve server performance.
  • [Improvement] Added support for Centos8.
  • [Improvement] Improved detail of logged cache errors.
  • [Update] Incorporated all changes up to version 1.6.9.
  • [Update] Updated Example/upload.html to display more information about related optional modules.
  • [Update] Updated lsup.sh to support systemctl.
  • [Bug Fix] Fixed a bug where server process would not always release the assigned port during “restart service” causing this action to fail.
  • [Bug Fix] Fixed a crash when UserAgent header value was empty.
  • [Bug Fix] Fixed a compilation issue on Centos.
  • [Bug Fix] Fixed lsphp installation issues for Centos.
  • [Bug Fix] Fixed a few hidden Http/2 bugs.
  • [Bug Fix] Fixed mod_security compilation issue.