Legacy Releases

V1.6.21 Stable

2021-04-01

Server Core

[New Feature] Zero downtime graceful restart.
[New Feature] Allow Proxy External Apps to proxy to Unix Domain Sockets.
[Bug fix] Address random crashing in Layer4 handler.
[Misc] Address most compiler warnings.

V1.6.20 Stable

2021-02-16

Server Core

[Security] Sanitize external application commands and user/group configurations. (https://github.com/litespeedtech/openlitespeed/issues/217)
[Security] Do not allow setuid in external applications by dropping the SETUID capability.
[Feature] Simplify CGROUPS support.
[Bug Fix] Bubblewrap is now correctly enabled. (https://github.com/litespeedtech/openlitespeed/issues/223)
[Bug Fix] Eliminate random delay when proxying secured websocket connections to the backend. (https://github.com/litespeedtech/openlitespeed/issues/219)
[Bug Fix] Avoid excessive logging for proxy request headers. (https://github.com/litespeedtech/openlitespeed/issues/166)
[Bug Fix] Address proxy request body corruption caused by request header manipulations. (https://github.com/litespeedtech/openlitespeed/issues/192)
[Bug Fix] Improve logging for OCSP stapling errors. (https://github.com/litespeedtech/openlitespeed/issues/177)
[Bug Fix] Address hanging chunked input streams.
[Bug Fix] Add support for “noconntimeout” environment variable.

V1.6.19 Stable

2021-01-15

Server Core

[Improvement] Address Sanitizer build now works properly.
[Improvement] Better debug logging.
[Bug Fix] Address memory leaks in cache engine, server configuration, and other components.
[Bug Fix] Properly handle request/response headers up to 64KB in size.
[Bug Fix] Correct TLS session Ticket key rotation with short timeout.
[Bug Fix] Address memory access problems causing random crashes in a few cases.

V1.6.18 Stable

2020-11-24

Server Core

[Tuning] Update install.sh to support centos8 and ubuntu20.
[Tuning] Update HttpVHost::addPythonApp() to allow 4 ENV values (PYTHONPATH, LSAPI_STDERR_LOG, LSAPI_CHILDREN, LSAPI_KEEP_LISTEN) to be set from the config file (previously hard-coded).
[Tuning] Adjust HttpServerImpl::gracefulShutdown() to setSigStop to avoid crash.
[Bug Fix] Piped access logger should work now.
[Bug Fix] Update checkCtrlEnv() to enable multiple “vary” values to be added for cache varycookie.
[Bug Fix] Update HttpSession::smProcessReq() to add ‘HSF_REQ_BODY_DONE’ processing to ‘HSPS_HANDLER_PRE_PROCESSING’.

QUIC

[Bug Fix] Fixed two congestion controller bugs that led to poor performance in some circumstances.
[Bug Fix] Fixed a few small memory leaks.
[Bug Fix] Fixed a bug in HTTP/3 framing.
[Bug Fix] Fixed IETF QUIC handshake bug when client’s Initial packet arrives late.

V1.6.17 Stable

2020-10-29

Server Core

[Tuning] Update rc-inst.sh to create a symlinked file for lsws.service to improve lsws service compatibility in CentOS 7.
[Tuning] Follow ip2location 8.1.4 library API changes.
[Tuning] Add MIME type image/avif.
[Tuning] Send HTTP/2 connection GOAWAY frame as soon as all streams are finished during server graceful shutdown.
[Tuning] Use localtime instead of gmtime for strftime() when printing timestamps in access log.
[Bug Fix] Correct an IPv6 matching issue when accessing allow/deny IP list.
[Bug Fix] Remove some incorrect asserts that were causing crashes.
[Bug Fix] Add ‘connection’ header to cache module Bypass Header list so that cache can work with HTTP/2 for Safari, curl, and so on.
[Bug Fix] Corrected Reverse NOESCAPE flag logic for redirect actions.
[Bug Fix] Update AccessLog::customLog() to ensure appended buffer is less than available space.
[Bug Fix] Add Missing “x-Forwarded-For” header ID conversion from gpack decoded header.

QUIC

[Bug Fix] Plug memory leak in IETF full conn dtor: cleanup closed IDs sets.
[Bug Fix] Plug Memory leak: free pushed promise when refcnt is zero.
[Bug Fix] Deactivate only *recent* HQ frame, not any HQ frame.

WebAdmin Console

[Bug Fix] Correct access log settings in template config.
[Bug Fix] Address unwanted behavior for log viewer browsing buttons.

V1.6.16 Stable

2020-09-22

Server Core

[New Feature] Apply Expires header to range responses and FLV/h264 streams.
[New Feature] Add HTTP/2 GREASE frame and GREASE for SETTINGS support. (Refs: https://bugs.chromium.org/p/chromium/issues/detail?id=1123912, https://mikebishop.github.io/http-misc-extensions/draft-bishop-httpbis-grease.html)
[Update] Upgrade LSQUIC to v2.12.8 (https://github.com/litespeedtech/lsquic/releases/tag/v2.12.8)
[Update] Support ‘-b’ (under development) option in lsup.sh.
[Tuning] LSAPI get_req_header_by_id() now sets the returned valLen value in all cases.
[Tuning] No longer convert ‘*:port’ to ‘0.0.0.0:port’ while parsing the config.
[Tuning] Update build.sh to build libbcrypt when installing the server.
[Tuning] Update HttpContext::configRewriteRule() to match the max line length when using plain conf.
[Bug Fix] Normalize listener socket address, especially for IPv6, so it can match the listener address passed from the previous instance during a graceful restart.
[Bug Fix] Address a crash bug in cache module.
[Bug Fix] Address a bug that was preventing Rails applications from running correctly.
[Bug Fix] Update autoindex script to make page layout responsive and no longer follow symbolic links.
[Bug Fix] htmlspecialchars() no longer returns a blank string without the ENT_SUBSTITUTE flag for special chars.

WebAdmin

[Bug Fix] Correct access log settings in template config.
[Bug Fix] Address unwanted behavior for log viewer browsing buttons.

V1.6.15 Stable

2020-08-05

Server Core

[Major New Feature] Bubblewrap isolated CGI/PHP execution environments.
[Update] Upgrade installation LSPHP to v74.
[Update] Update LSQUIC to v2.12.7. (https://github.com/litespeedtech/lsquic/releases/tag/v2.12.7)
[Tuning] Localize WebAdmin Console Google fonts and JS files.
[Tuning] Set default server config file ‘compressibleTypes’ value to “default” (use the built-in defaults which already contain most common types such as ‘application/json’ etc).
[Tuning] Change reCAPTCHA API URL from ‘www.google.com’ to ‘www.recaptcha.net’ to avoid blocking in some countries.
[Tuning] Avoid reCAPTCHA verification for ‘/.well-known/’ URL.
[Tuning] Detect ‘X-Real-Ip’ header in a similar way to the ‘CF-Connecting-IP’ header and update client IP info accordingly.
[Tuning] Use $VH_NAME instead of ‘Example’ conf/vhosts/Example/vhconf.conf.
[Bug Fix] Address some crash issues in server DEBUG version.
[Bug Fix] Address uninitialized number comparison bug in HttpReq::classifyUrl().
[Bug Fix] Avoid crash caused by using failed ChunkOutputStream::write() call return values.
[Bug Fix] Do not suspend write if there is still pending data at the SSL layer
[Bug Fix] Address memory leak caused by failure to save pending xpool bigblock linked list.
[Bug Fix] Address PHP scripts changing error page status codes to 200.
[Bug Fix] HttpServerImpl::onTimer30Secs is no longer run while server is in the middle of quitting.
[Bug Fix] Tune RadixNode::getHeader() to avoid accessing passed in NULL pointers.

V1.6.14 Stable

2020-06-18

Server Core

[Update] Add ruby-lsapi-5.0 gem compatibility to RackRunner.rb. (Similar to LSWS implementation)
[Update] Cache module now bypasses a number of pre-defined varies to avoid encountering a 500 error for those cases.
[Update] Upgrade LSQUIC to v2.12.4
[Update] Add ubuntu 20 support to build.sh.
[Bug Fix] Correct a cache engine bug that was causing file writes to occur in the wrong location in the file.
[Bug Fix] Correct ownership/permissions for conf directory and its sub-directories.
[Bug Fix] Server should now correctly use a newly assigned unix domain socket address when the default socket address is already occupied.

V1.6.13 Stable

2020-04-30

Server Core

[Security] Limit sample upload testing page to only support jpeg file uploads.
[Security] Prevent access log from being set to ‘/etc’. ‘/tmp’, or ‘/bin’ directories.
[New Feature] Added support for error code 451 “Unavailable For Legal Reasons”.
[New Feature] Cache hit info is now included in real time stats file.
[Update] Updated LSQUIC Library to v2.12.2. (https://github.com/litespeedtech/lsquic/releases/tag/v2.12.2)
[Improvement] Update installation script to generate self-signed certificates that are supported by Mac OS browsers.
[Improvement] lsadm is now added to current server defined group on server start if not already set.
[Bug Fix] Fixed an uninitialized pointer bug introduced in the latest version of the mod_sec module.
[Bug Fix] Fixed a plainconf parsing bug with module handler contexts.
[Bug Fix] Fixed a pagespeed module compilation issue for Debian and Centos8 systems.
[Bug Fix] Fixed a variable not defined error when executing freebsdFix() in script build.sh.
[Bug Fix] Server no longer tries to add mod_gzip to the current session when session hook is not initialized.

V1.6.12 Stable

2020-04-09

Server Core

[Bug Fix] Fixed a rewrite conf parsing bug that could cause a 404 for some existing pages.

V1.6.11 Stable

2020-04-02

Server Core

[Update] Updated LSQUIC to v2.12.1. (https://github.com/litespeedtech/lsquic/releases/tag/v2.12.1)
[Improvement] Config files are now parsed more quickly.
[Tuning] Change default “disableInitLogRotation” value to 1 for error log.
[Tuning] Updated some log message levels to reduce redundant log messages.
[Bug Fix] Fixed mod_security.cpp v3.0.4+ compilation errors .
[Bug Fix] HttpVHost::addPythonContext() now updates the python context to avoid naming the virtual directory to the same name as the physical directory.
[Bug Fix] Fixed a modverinfo.sh output result error.

V1.6.10 Stable

2020-03-16

Server Core

[Security] Prevent setting log file names ending in “.php”, “.php71”, etc.
[Improvement] Added support for Centos8.
[Update] Prevent assignment of port 80 or port 443 to WebAdmin Console.
[Update] Updated Example/upload.html to display more information about related optional modules.
[Update] Updated lsup.sh to support systemctl.
[Bug Fix] Fixed a rare logging crash.
[Bug Fix] Fixed a crash when UserAgent header value was empty.
[Bug Fix] Fixed a compilation issue on Centos.
[Bug Fix] Fixed lsphp installation issues for Centos.
[Bug Fix] Fixed a few hidden Http/2 bugs.
[Bug Fix] Fixed mod_security compilation issue.

V1.6.9

2020-02-20

Server Core

[Improvement] Fixed access log entries listing HTTP/1.1 for HTTP/2 connections.
[Update] Reduced the number of QUIC log entries written at lower levels.
[Update] Updated LSQUIC to v2.10.6.
[QUIC] Fixed HTTP/3 framing: don’t misinterpret rare occurence as error.
[QUIC] Fixed compilation on FreeBSD.
[Bug Fix] Fixed file uploads failing for QUIC connections.
[Bug Fix] Fixed some errors with the lsup.sh tool.
[Bug Fix] Fixed lswsctrl restart command failing on CentOS.

V1.6.8

2020-02-10

Server Core

[New Feature] Expired cache entries are now automatically removed to free up space.
[New Feature] Updated cache to only serve litespeed cache related headers for frontend requests.
[New Feature] Skip rewrite processing for Let’s Encrypt verification requests.
[Improvement] Fixed some minor issues in internal cache manager module.
[Improvement] REFRESH URI cache requests are now equivalent to a stale purge.
[Improvement] Added response header entry for URI stale purge.
[Improvement] Improved cache purge accuracy.
[Update] Update context configure to auto add a trailing ‘/’ to the location if it is a directory.
[Update] Update lsup.sh tool to add support the -e paramater flag which is used to only upgrade binaries.
[Bug Fix] Fixed cache cleanup not getting called when “storagepath” config setting was not set.
[Bug Fix] Fixed a crash bug when parsing rewrite rules that occured in very rare cases.

V1.6.7

2020-01-29

Server Core

[Tuning] Ensure that buffered SSL data is flushed near the end of related event processing.
[Update] Updated lsquic to version 2.10.1 (https://github.com/litespeedtech/lsquic/releases/tag/v2.10.1)
[Bug Fix] Fixed a code regression causing some old bugs to be reintroduced (Cannot enable QUIC, http2 upload issue, etc).
[Bug Fix] process start time is now detected correctly.
[Bug Fix] Fixed a NodeJS wrapper script failing to handle startup files referenced by absolute path.

V1.6.6

2020-01-23

Server Core

[Security] Update WebAdmin Console to avoid serving PHP files not belonging to it.
[New Feature] Skip rewrite processing for Let’s encrypt verification requests.
[New Feature] Add “Subject Alternative Name” item to self signed certificate.
[Update] Updated lsquic to version 2.9.0 (https://github.com/litespeedtech/lsquic/releases/tag/v2.9.0)
[Bug Fix] Fixed “uninitialized member”, “connect with empty socket address”, and “virtual memory buffer uninitialized” crash bugs.
[Bug Fix] Fixed a resource leak bug caused by unclosed file handles.
[Bug Fix] Fixed static file contexts not serving correctly.
[Bug Fix] reCAPTCHA verification page is no longer cached.
[Bug Fix] Fixed old server process lingering after restart when active QUIC clients existed.

V1.6.5

2020-01-03

Server Core

[Security] Initial webadmin password for new installations is now randomized.
[Security] Improved WebAdmin Console security by strictly checking request URLs.
[Update] Incorporated version 1.5.10 changes.
[Update] Updated lsquic to version 2.8.3 (https://github.com/litespeedtech/lsquic/releases/tag/v2.8.3).
[Update] Updated WebAdmin Console to show new releases for both the current release branch and the latest release branch.
[Update] Updated Cache module to track and write file errors and abort serving files from cache when an error occurs.
[Bug Fix] Disable memory mappping when serving static files to avoid crashes in some cases.
[Bug Fix] Fixed a memory access bug when logging errors.
[Bug Fix] Fixed some crashes involving Spdy connections in older browsers.
[Bug Fix] Fixed handling for virtual host URIs that do not end in a ‘/’ character.
[Bug Fix] Fixed cache timer not being called when no cache storage path was set.

V1.6.4

2019-11-18

Server Core

[Updated] Added some lsphp73 dependencies to installation.
[Update] Updated lsquic to version 2.6.5(https://github.com/litespeedtech/lsquic/releases/tag/v2.6.5).
[Bug Fix] Fixed “use after free” issue by Avoiding recursive NtwkIOLink::handleEvents() calls.
[Bug Fix] Fixed permission issues with `autoupdate/` and `tmp/` directories.
[Bug Fix] Fixed a bug that caused excessive buffering for HTTP/2 connections.
[Bug Fix] Fix Context level external redirects causing errors.

V1.6.3

2019-11-12

Server Core

[New Feature] Added support for ‘LS_STDERR_LOG’ environment variable to set up the stderr log file for started processes.
[Update] Update mod_security-ls to always go through reqbody and respBody phases.
[Update] lsphp 73 is now used on Linux platforms.
[Update] Updated lib lsquic to v2.6.3(https://github.com/litespeedtech/lsquic/releases/tag/v2.6.3)
[Update] Default conf values for maxConns, procSoftLimit, procHardLimit, and env PHP_LSAPI_CHILDREN have been changed to be more reasonable.
[Bug Fix] Fixed a cache module and mod_security-ls conflict that could cause a crash.
[Bug Fix] Fix some mod_security-ls compilation issues.

Cache Module

[Bug Fix] Fixed a rare crash that occurred when failing to create new cache entries.

V1.6.2

2019-10-24

Server Core

[Update] Removed libgeoip dependency.
[Update] Use LSPHP 7 by default.
[Update] Update to liblsquic 2.4.10 (fixing several bugs relating to QUIC and HTTP/3).
[Bug Fix] Fixed a bug causing a “[modcompress] AddHooks failed” error.
[Bug Fix] Fixed “No request delivery notification has been received from LSAPI application …” error being logged when a background process’ running time is larger than 10 seconds
[Bug Fix] Fixed debug log toggle not working.
[Bug Fix] Fixed Accept-Encoding header being case sensitive.
[Bug Fix] Fixed UDS files not being cleaned up.
[Bug Fix] Fixed installation issue with the lshttpd service.
[Bug Fix] Fixed a network throttling bug that prevented paused SSL connections from being resumed.

Cache Module

[New Feature] Added stale purge support. With this feature, only the first visitor to a stale cache page will hit the backend with subsequent visitors getting served the stale cache copy until the page has finished being re-cached by the first request.

V1.6.1

2019-09-22

Server Core

[Improvement] Restart detached PHP processes when PHP binary is changed.
[Update] Update HTTP/3 support to include the latest HTTP/3 draft (h3-23).
[Update] Update QUIC to make BBR congestion control the algorithm used by default.
[Update] Update some error log message levels to be more reasonable.
[Bug Fix] Fixed a memory issue in pagespeed module.
[Bug Fix] Fixed some build.sh errors to avoid errors.
[Bug Fix] Fixed a bug in Makefile.am to ensure that `./configure` still works.
[Bug Fix] Fixed an access log bug where traffic byte count was sometimes not reset between requests.

V1.6.0

2019-09-10

Server Core

[Major New Feature] Added Google QUIC and HTTP/3 (Internet Draft 22) support
[New Feature] Added build.sh, a new build tool to build from source code (including any dependencies) for most platforms in a single click.
[Improvement] Added compilation support for FreeBSD, Mac, Ubuntu 19.
[Bug Fix] Fixed a PHP memory limit bug.

V1.5.12

2020-03-17

Server Core

[Security] Update WebAdmin Console to avoid serving PHP files not belonging to it.
[Security] Prevent setting log file names ending in “.php”, “.php71”, etc.
[Improvement] Added support for Centos8.
[Update] Prevent assignment of port 80 or port 443 to WebAdmin Console.
[Update] Updated Example/upload.html to display more information about related optional modules.
[Update] Updated lsup.sh to support systemctl.
[Bug Fix] Fixed a crash when UserAgent header value was empty.
[Bug Fix] Fixed a compilation issue on Centos.
[Bug Fix] Fixed lsphp installation issues for Centos.
[New Feature] Updated cache to only serve litespeed cache related headers for frontend requests.
[Update] Update context configure to auto add a trailing ‘/’ to the location if it is a directory.
[Update] Update lsup.sh tool to add support the -e paramater flag which is used to only upgrade binaries.
[Bug Fix] Fixed cache cleanup not getting called when “storagepath” config setting was not set.
[Bug Fix] Fixed a crash bug when parsing rewrite rules that occured in very rare cases.
[Bug Fix] Process start time is now detected correctly.
[Buf Fix] Fixed a few pagespeed module errors.
[Bug Fix] reCAPTCHA verification page is no longer cached.

V1.5.11

2020-01-14

Server Core

[New Feature] Expired cache entries are now automatically removed to free up space.
[Update] Incorporated version 1.6.5 changes.
[Improvement] REFRESH URI cache requests are now equivalent to a stale purge.
[Improvement] Added request variable REQUEST_SCHEME.
[Improvement] Added response header entry for URI stale purge.
[Improvement] Improved cache purge accuracy.
[Bug Fix] Fixed cache sometimes serving empty responses.
[Bug Fix] Fixed cache entries sometimes being removed while they were in the process of being cached.
[Bug Fix] Fixed cache cleanup not getting called when “storagepath” config setting was not set.
[Bug Fix] Fix several server crash bugs.

V1.5.10

2019-12-12

Server Core

[New Feature] Added lsup.sh tool (switch server version, test running status, toggle debug log, etc).
[New Feature] Added support for ‘REF_BYTES_TOTAL’ and “SSL_*” reqvars. (Can be added to accesslog format as well)
[Improvement] Tested and fixed ownership/permissions for key directories when server starts.
[Improvement] Added a global varible to bypass static file cache checks when the pagespeed module is loaded.
[Update] Incorporated cache module into server core.
[Bug Fix] Fixed LsapiConn::onTimer() logging “No request delivery …” notice too often.
[Bug Fix] Fixed several memory leaks.
[Bug fix] Fixed IPv6 addresses being treated as IPv4 addresses.
[Bug Fix] Fixed a static file cache bug.
[Bug Fix] Fixed the old destination for a symlink directory being used when serving static files even after the symlink has been changed to a new location.
[Bug Fix] Fixed loaded modules being counted multiple times when multiple ModuleManager::loadModule() commands existed for those modules.
[Bug Fix] Fixed a bug where multi cert settings were not being inherited by VHosts.
[Bug Fix] Fixed “x-litespeed-cache: miss” header getting saved when storing a cache entry.
[Bug Fix] Fix Brotli compression not working in some cases.
[Bug Fix] Fix a bug where files larger than 2G could not be sent.
[Bug Fix] Fix some crashes.

V1.5.9

2019-11-19

Server Core

[Update] lsphp 73 is now used on Linux platforms.
[Bug Fix] Fixed a cache module and mod_security-ls conflict that could cause a crash.
[Bug Fix] Fix some mod_security-ls compilation issues.
[Bug Fix] Fixed permission issues with `autoupdate/` and `tmp/` directories.
[Bug Fix] Fixed a bug that caused excessive buffering for HTTP/2 connections.
[Bug Fix] Fix Context level external redirects causing errors.
[Bug Fix] Fixed a memory leak.

V1.5.8

2019-11-05

Server Core

[New Feature] Added support for ‘LS_STDERR_LOG’ environment variable to set up the stderr log file for started processes.
[Update] Removed libgeoip dependency.
[Update] Update mod_security-ls to always go through reqbody and respBody phases.
[Bug Fix] Fixed installation issue with the lshttpd service.
[Bug Fix] Fixed a network throttling bug that prevented paused SSL connections from being resumed.
[Bug Fix] Fixed a crash that occurred when failing to retrieving client info.
[Bug Fix] Fixed lsrecaptcha not being used with front-end proxies.

Cache Module

[Bug Fix] Fixed a rare crash that occurred when failing to create a new cache entry.

V1.5.7

2019-10-16

Server Core

[New Feature] Added build.sh, a new build tool to build from source code (including any dependencies) for most platforms in a single click.
[Improvement] Detached PHP processes will now restart when PHP binary is changed.
[Update] Disable TLSv1.0 by default for SSL.
[Update] Use LSPHP 7 by default.
[Bug Fix] Fixed a bug causing a “[modcompress] AddHooks failed” error.
[Bug Fix] Fixed debug log toggle not working.
[Bug Fix] Fixed a bug causing high CPU issues when using SSL.
[Bug Fix] Fixed PHP memory limit being unable to be set higher than 2GB.
[Bug Fix] Fixed stream traffic counter not being reset for new connections.
[Bug Fix] Fix Accept-Encoding header being case sensitive.

Cache Module

[New Feature] Added stale purge support. With this feature, only the first visitor to a stale cache page will hit the backend with subsequent visitors getting served the stale cache copy until the page has finished being re-cached by the first request.

V1.5.6

2019-08-21

Server Core

[Major New Feature] Keep PHP workers running through server restarts with detached mode.

V1.5.5

2019-08-15

Server Core

[Security] Addressed recent HTTP/2 DoS advisories. Fixed CVE-2019-9512 “Ping Flood”, CVE-2019-9515 “Settings Flood”, CVE-2019-9516 “0-Length Headers Leak”, and CVE-2019-9518 “Empty Frames Flood” vulnerabilities. Completely blocks unaffected attacks: CVE-2019-9511 “Data Dribble”, CVE-2019-9513 “Resource Loop”, CVE-2019-9514 “Reset Flood”, and CVE-2019-9517 “Internal Data Buffering”.
[Bug Fix] Fixed a REMOTE_ADDR env bug for IPv6 that caused roundcube errors.

Web Admin

[Security] Updated jquery library from version 2.1.1 to 2.2.4, addressing a cross site scripting vulnerability present in the earlier version.

V1.5.4

2019-08-07

Server Core

[Improvement] Added support for HTTP response code 413: response is larger than defined max dynamic response length.
[Improvement] Updated install.sh script to make it compatible with FreeBSD.
[Bug Fix] Fixed a dllibmodsecurity.sh bug that was causing module modsecurity to fail to build on some operating systems.
[Bug Fix] Fixed lsrecaptcha build script getting called incorrectly in the configure.ac script.
[Bug Fix] Fixed a bug that caused the server to returned a 404 response code, instead of a 403 response code, when a file had a permission issue.
[Bug Fix] Fixed “empty response” bug when serving responses larger than 2GB.
[Bug Fix] Fixed an autoLoadHtaccess bug in automatically created contexts where only the first level sub-directory of a Vhost would be loaded.
[Bug Fix] Fixed a crash bug when server info was set to display in the response header.
[Bug Fix] Fixed a bug when attempting to get new directory paths when automatically adding missing contexts.
[Bug Fix] Fixed a forcedType bug of causing extApps to always use server level settings regardless of VHost level settings.

V1.5.3

2019-07-15

Server Core

[Security] Perform actions as the autoupdate directory owner in related function.sh and server core code.
[New Feature] Added testbeta.sh file to final installation directory.
[Update] Updated dllibmodsecurity.sh to improve modsecurity-ls module support and prevent failure to build on FreeBSD systems.
[Update] Updated install.sh to make sure that the current user and group are checked correctly.
[Bug Fix] Fixed a crash when detecting OS/platform.
[Bug Fix]Fixed a server core bug that was causing high load.

Web Admin

[Update] Removed unnecessary empty lines when saving the config file.
[Update] Added ReadOnly Mode, to avoid overwriting crucial config information, when an include file is detected in the config.
[Bug Fix] Fixed an issue where previous settings may have been wiped out when adding more Environment variables in External App.

V1.5.2

2019-06-28

Server Core

[New Feature] Added support fo multiple access logs (at most 4) for each Vhost.
[Improvement] Only check-in plain conf file with when the conf file is updated.
[Bug Fix] Fixed a bug where the “SERVER_ADDR” variable was not set.
[Bug Fix] Fixed “listening port occupied” bug when using the service restart command.
[Bug Fix] Fixed a VHost error log bug that where https content was only partially recorded.
[Bug Fix] Fixed cache module not working when using a reverse proxy.

V1.5.1

2019-05-28

[New] 1.5.1 includes updates from 1.4.43 to 1.4.47.
[Update] Added lsrecaptcha support.
[Update] Added support for CGroups, a Linux kernel feature that limits and isolates resource usage.
[Bug Fix] Fixed an issue in modgzip which may cause a server crash in some cases.
[Bug Fix] Fixed an issue where the HTTP_END hook point is not placed correctly, causing module data not to be released in some cases.
[Bug Fix] Fixed an issue in the cache module, where backend errors cause zero-length content to be saved and served.

V1.5.0

2018-01-02

Incorporated version 1.4.41, and 1.4.42 changes.

V1.5.0 RC6

2018-11-09

Incorporated version 1.4.38, 1.4.39, and 1.4.40 changes.

V1.5.0 RC5

2018-08-27

Incorporated version 1.4.35, 1.4.36, and 1.4.37 changes.

V1.5.0 RC5

2018-08-27

Incorporated version 1.4.35, 1.4.36, and 1.4.37 changes.

V1.5.0 RC4

2018-07-06

Incorporated version 1.4.32, 1.4.33, and 1.4.34 changes.

V1.5.0 RC3

2018-04-11
Server Core

[Bug Fix] Fixed a bug where using a NULL ntwkiolink Handler would cause a crash.
[Bug Fix] Fixed a logger bug where a NULL appender was sometimes used causing a crash.

V1.5.0 RC2

2018-02-15
Server Core

[Bug Fix] Fixed a bug where cgi/php response body was being converted to lowercase.
[Bug Fix] Fixed an ip2location configuration bug.
[Bug Fix] Fixed a bug where cookies not reset on next use could cause a crash.
[Bug Fix] Fixed a bug where loading and using cache and pagespeed modules at the same time could cause an internal
server error.
[Bug Fix] Fixed a cipher previously rejected by chrome.

Cache Module

[Bug Fix] Fixed a bug where comparing a string could cause a crash.

V1.5.0 RC1

2018-02-02
Server Core

[New] Multi-Thread APIs.
[New] Module Developer Guide.
[Update] Added more Multi-Thread example modules.
[Bug Fix] All known bugs have been fixed.

ModLSPHP Module

[New] Initial Release! See our Installation Guide.

V1.4.51 (Stable)

2019-11-19

Server Core

[New Feature] Added support for ‘LS_STDERR_LOG’ environment variable to set up the stderr log file for started processes.
[Update] lsphp 73 is now used on Linux platforms.
[Update] Disable TLSv1.0 by default for SSL.
[Bug Fix] Fixed permission issues with `autoupdate/` and `tmp/` directories.
[Bug Fix] Fixed a bug that caused excessive buffering for HTTP/2 connections.
[Bug Fix] Fix Context level external redirects causing errors.
[Bug Fix] Fixed a network throttling bug that prevented paused SSL connections from being resumed.
[Bug Fix] Fixed debug log toggle not working.
[Bug Fix] Fixed PHP memory limit being unable to be set higher than 2GB.
[Bug Fix] Fixed stream traffic counter not being reset for new connections.
[Bug Fix] Fix Accept-Encoding header being case sensitive.
[Bug Fix] Fixed “No request delivery notification has been received from LSAPI application …” error being logged when a background process’ running time is larger than 10 seconds.
[Bug Fix] Fixed a bug causing a “[modcompress] AddHooks failed” error.

Cache Module

[New Feature] Added stale purge support. With this feature, only the first visitor to a stale cache page will hit the backend with subsequent visitors getting served the stale cache copy until the page has finished being re-cached by the first request.
[Bug Fix] Fixed a cache module and mod_security-ls conflict that could cause a crash.
[Bug Fix] Fixed a rare crash that occurred when failing to create a new cache entry.

mod_security-ls Module

[Update] Update mod_security-ls to always go through reqbody and respBody phases.
[Bug Fix] Fixed a cache module and mod_security-ls conflict that could cause a crash.
[Bug Fix] Fix some mod_security-ls compilation issues.

V1.4.50 (Stable)

2019-08-15

Server Core

[Security] Addressed recent HTTP/2 DoS advisories. Fixed CVE-2019-9512 “Ping Flood”, CVE-2019-9515 “Settings Flood”, CVE-2019-9516 “0-Length Headers Leak”, and CVE-2019-9518 “Empty Frames Flood” vulnerabilities. Completely blocks unaffected attacks: CVE-2019-9511 “Data Dribble”, CVE-2019-9513 “Resource Loop”, CVE-2019-9514 “Reset Flood”, and CVE-2019-9517 “Internal Data Buffering”.
[Improvement] Added support for HTTP response code 413: response is larger than defined max dynamic response length.
[Improvement] Updated install.sh script to make it compatible with FreeBSD.
[Bug Fix] Fixed a dllibmodsecurity.sh bug that was causing module modsecurity to fail to build on some operating systems.
[Bug Fix] Fixed a bug that caused the server to returned a 404 response code, instead of a 403 response code, when a file had a permission issue.
[Bug Fix] Fixed “empty response” bug when serving responses larger than 2GB.
[Bug Fix] Fixed an autoLoadHtaccess bug in automatically created contexts where only the first level sub-directory of a Vhost would be loaded.
[Bug Fix] Fixed a bug when attempting to get new directory paths when automatically adding missing contexts.
[Bug Fix] Fixed a forcedType bug causing extApps to always use server level settings regardless of VHost level settings.
[Bug Fix] Fixed a REMOTE_ADDR env bug for IPv6 that caused roundcube errors.

WebAdmin

[Security] Updated jquery library from version 2.1.1 to 2.2.4, addressing a cross site scripting vulnerability present in the earlier version.

V1.4.49 (Stable)

2019-07-09

Server Core

[Update] Added support for multi accesslog.
[Update] Updated testbeta.sh to make it capable of more fetches and replacements.
[Update] Updated lswsctrl to stop the OpenLiteSpeed server in a smarter way.
[Bug Fix] Fixed an error with lsws/autoupdate directory permissions.
[Bug Fix] Fixed a bug which caused a crash while fetching the latest release file.

WebAdmin

[Update] Removed unnecessary empty lines when saving the config file.
[Update] Added ReadOnly Mode, to avoid overwriting crucial config information, when an include file is detected in the config.
[Bug Fix] Fixed an issue where previous settings may have been wiped out when adding more Environment variables in External App.

V1.4.48 (Stable)

2019-06-21

Server Core

[Improvement] Only check-in plain conf file with when the conf file is updated.
[Update] Added “DEBUG” to version info when running a debug version.
[Update] Updated core dump function to replace running release version with a debug version when encountering a crash.
[Bug Fix] Fixed module data sometimes not being released when a session is reused.
[Bug Fix] Fixed a GeoIpData2 memory leak.

Cache Module

[Improvement] Avoid toggling gzip for very small responses.
[Bug Fix] Fixed cache module not working when using a reverse proxy.

V1.4.47 (Stable)

2019-05-09

Server Core

[Improvement] Added new ‘-t’ parameter for config testing (Command: ./openlitespeed -t, return 2 for error, 1 for warn, and 0 no issues).
[Improvement] Update HttpReq::processRequestLine to handle long lines.
[Update] Add user-agent and referrer to server push.
[Update] Change some “error” level log messages to “warn” when there is not a real error case.
[Update] Added support for coredump when WebAdmin is disabled.
[Update] Updated cgid.sock path in cases where admin DIR does not exist.
[Update] Disabled rcs checking conf file while loading when WebAdmin is disabled.
[Update] Add source code packing time to version info.
[Update] Add testbeta.sh tool for quickly installing the latest stable version.
[Update] Add –enable-iptogeo support for configuring without the Geoip library as a dependency.
[Update] Increased the limit of request/response header length and overall header size.
[Bug Fix] Fixed a node.js application compatibility issue.
[Bug Fix] Fixed a bug where rules that do not have “\n” at the end would cause a parsing error.
[Bug Fix] Fix a bug where a redirect context would always go through rewrite rules, possibly causing a wrong redirect issue.
[Bug Fix] Fix cgid DIR permission issue.

Cache Module

[Improvement] Added vary support for cache module.
[Improvement] Added support to purge all varied copies when purge cache by a URI.
[Update] Updated to create cache storagepath when it does not already exists.
[Bug Fix] Fixed purge support for private cache.
[Bug Fix] Fixed a bug where re-cacultating hash would not work in some cases.
[Bug Fix] Fixed a bug where cache entry create time and purge time could be messy when compared if both happened in the same second.

V1.4.46 (Stable)

2019-04-05

Server Core

[New Feature] Added “listeners, listener1, listener2, … ” types listener-vhost mapping at the vhost level.
[Improvement] Added “X-Turbo-Charged-By” response header when CF IP is set.
[Bug Fix] Fixed an XSS vulnerability in directory auto index script.
[Bug Fix] Fixed a bug in sendfile which caused hanging.
[Bug Fix] Fixed an infinite loop error the sometimes occured while reading file in NFS.

Modules

[New Feature] Added support for purge-with-tags request to cache module.
[New Feature] Added “no-autoflush” parsing for use in cache module.
[New Feature] Added reqBody size and responseBody size checking in mod_security module to avoid beyond-limit content checking.
[Improvement] Updated cache module to not compress small-sized dynamic content.
[Improvement] Updated cache module to use the normal cache-control header in some cases.
[Bug Fix] Fixed a bug in cache module which could cause wrong data to be served.
[Bug Fix] Fixed a bug in modgzip to handle the memory error case during compression.

V1.4.45 (Stable)

2019-03-07

Server Core

[New Feature] Updated suEXEC to enable LVE.
[New Feature] Added tool ‘testbeta.sh’ for switching to the latest or specified OLS version more easily.
[Improvement] Updated cache module to dynamically switch between serving non-compressed and gzip compressed data based on request frequency.
[Improvement] Updated script handler config to support suffixes as comma-delimited lists.
[Improvement] Added support for duplicate Server level socket addresses for extprocessers.
[Improvement] Updated makefile.f for modules to support building the DEBUG version using ‘make -f Makefile.f CFG=debug’.
[Bug Fix] Fixed HTTP2 POST requests sometimes not getting read completely.
[Bug Fix] Automatically adding uid to extApp name no longer applies to proxies.

V1.4.44 (Stable)

2019-02-11

Server Core

[Major Improvement] External applications defined at the server level no longer need to be re-defined at the virtual host level to be run as the user:group set at the virtual host level.
[Bug Fix] Fixed an error that occurred when using http/1.0 with keep-alive and gzip required.
[Bug Fix] Virtual hosts using the same external application name no longer cause a socket conflict .
[Bug Fix] Fixed a bug in connection close.
[Bug Fix] Fixed server sometimes timing out when using rainloop.

V1.4.43 (Stable)

2019-01-24

Server Core

[New Feature] Added userID / groupID VHost settings (inherited at the app server level).
[Improvement] Improved static file handling performance.
[Update] Updated Example page content.
[Bug Fix] Fixed server push failing to set the accept-encoding header.
[Bug Fix] Fixed requests sometimes containing double “/” in their url.
[Bug Fix] Fixed lscpd using an incorrect process name.
[Bug Fix] Fixed Rails and Python applications being run in detached mode.
[Bug Fix] Fixed missing boolean feature bug in GeoIpData2.

V1.4.42 (Stable)

2018-12-31

Server Core

[Update] Appserver context now supports env list.
[Update] MIME properties now support more types.
[Update] Simplified configuration now uses thedefault ROOT path for the relative paths.
[Update] Cache module is now enabled by default.
[Bug Fix] Fixed a ModSecurity module bug which caused POST requests to time out.
[Bug Fix] Fixed a bug where appserver did not overwrite the existing defined context.
[Bug Fix] Fixed a bug where Python/Django was not supported correctly.
[Bug Fix] Fixed a bug where rewrite rules would cause 500 errors in some cases.
[Bug Fix] Fixed a bug in SPDY which set the connection info in the wrong place.
[Bug Fix] Fixed a bug in the Cache module where HEAD requests were saved to cache storage.

V1.4.41

2018-12-04

Server Core

[New Feature] Added nodeJS, Python, and Ruby app server support.
[Update] Disabling WebAdmin will no longer disable coredumps.
[Bug Fix] Fixed a bug where trying to bind a in-use listening port could cause a crash.
[Bug Fix] Fixed a key and cert filenames error for lscpd.
[Bug Fix] Fixed an overflow bug which could cause a server crash.
[Bug Fix] Fixed a memory leak when reusing a ClientInfo object.
[Bug Fix] Fixed first two ENV entries not getting set.
[Bug Fix] Fixed HTTP/2 and Spdy server crash errors.

V1.4.40

2018-10-31

Server Core

[Improvement] Added support for the RewriteEngine directive in rewrite rules.
[Improvement] Fine tuned HTTP/2 event to avoid setting continueWrite() too early.
[Improvement] Improved SSL compatibility.
[Bug Fix] Fixed rewrite inherit and enable rewrite bugs.
[Bug Fix] Fixed a server PUSH stall bug.
[Bug Fix] Fixed a listener reuse bug that was causing a data init error.
[Bug Fix] Fixed NtwkIOLink::flush() checking the wrong ssl flush state.
[Bug Fix] Fixed bugs in buildCommonEnv.
[Bug Fix] Fixed a bug an incorrect H_CONTENT_DISPOSITION header length bug.

PageSpeed Module

[Bug Fix] Fixed a permissions error with the PageSpeed module temporary directory.

Cache Module

[Bug Fix] Fixed an error when trying to use gzip while A/B testing.
[Bug Fix] 304 responses should no longer be saved to cache.

V1.4.39

2018-9-21
Server Core

[Update] Reverted default OpenSSL v1.1.1 back to the more stable v1.1.0i.
[Update] Removed “Enable Hook” setting from context level module definitions to avoid conflicts with VHost level modules.
[Bug Fix] Fixed a crash related to SSL sessions and contexts.
[Bug Fix] Fixed a crash in mod_gzip.
[Bug Fix] Fix a crash in mod_security.cpp when module data is NULL.
[Bug Fix] Fix a crash that would occur when a context level module had more parameters set than it’s VHost level equivalent.

V1.4.38

2018-9-10
Server Core

[New Feature] Added ‘Auto Load from .htaccess’ server and virtual host level setting to auto load .htaccess files
included in the configured context if the ‘Rewrite Rules’ setting does not already use the “rewriteFile” directive.
[Bug Fix] Fixed an extra header parsing operation bug to avoid a negative value length.
[Bug Fix] Updated to ignore “RewriteBase /” in ‘Rewrite Rules’ which caused subdirectory errors.
[Bug Fix] Fixed a RST_FRAME parsing bug in HTTP 2.
[Bug Fix] Fixed a boringSSL bug that caused a crash with the NPN callback function.
[Bug Fix] Fixed a server PUSH request bug when setting method and URL length.

V1.4.37

2018-8-27
Server Core

[Improvement] HttpContext is now added if it does not already exist when a directory is accessed, loading the
.htaccess file in that directory if one exists.
[Improvement] Optimized request header decoding and parsing.
[Bug Fix] Fixed a rewriterule bug where lines that were too short could cause a crash.
[Bug Fix] Fixed a bug where rewriterule block content was used instead of the enable rewrite setting when testing if
rewrites were enabled for a Vhost.
[Bug Fix] Fixed a bug in HttpContext::config() where an empty rewrite block in the config file could be used to
prevent default values from being set.
[Bug Fix] Fixed a bug in ObjArray API which returned an error when growing the array failed.

V1.4.36

2018-8-8
Server Core

[Update] Updated WebAdmin PHP to a newer version.
[Update] Updated SSL to enable ECDHE with X25519 curve.
[Update] Updated to set default compressible MIME types.
[Bug Fix] Fixed an HTTP/2 server push bug.

Cache module

[Bug Fix] Fixed a memory leak.

V1.4.35

2018-7-27
Server Core

[New Feature] Virtual Host Context setting “Extra Headers” has been renamed to “Header Operations” and now supports
Apache Header and RequestHeader directives set, append, merge, add, and unset.
[Improvement] Multiple flushes from different streams are now combined into a single flush to reduce the number of
small data chunks for HTTP/2 connections.
[Update] OpenSSL 1.1.1 (supports TLS v1.3) is now used when installing.
[Update ] GeoIP lookup is now enabled by default if a database has been configured.
[Bug Fix] Fixed an error where Gzip compression was not being used as a fallback when Brotli was disabled or
unsupported.
[Bug Fix] Fix a crash when calling SslTicket::init().
[Bug Fix] Fixed SSL session caching breaking due to a typo in sslsesscache function newSessionCb().

V1.4.34

2018-7-3
Server Core

[Update] Added request and response header logging for HTTP/2 connections.
[Update] Request body is not longer read after a response has ended.
[Update] Cached static file copies are now only created when returned status code is 200 to avoid caching pages
returning status code 404 and so on.
[Bug Fix] Fixed an installation bug that could cause OpenSSL to work incorrectly.
[Bug Fix] Fixed a WebAdmin Console bug that caused Script Handler tab to be replaced by a duplicate Vhost General
tab.
[Bug Fix] Fixed a WebAdmin Console rewrite map save/display issue.
[Bug Fix] Fixed phpiniOveride ignoring lines using an already encountered directive such as php_value, etc.

PageSpeed module

[Bug Fix] Fix a bug where JPEG images could not be optimized in some cases.

V1.4.33

2018-6-19
Server Core

[New] Added iptogeo2 support.
[New] Added new configure parameter to enable Brotli compression for static files:
--enable-brotli=[yes/no] (default value is “no”).
[New] Added new configure parameter to enable iptogeo2, MaxMindDB must be built and have autotool installed:
--enable-iptogeo2=[yes/no] (default value is “no”).
[New] Added support for client side SSL session resume.
[New] Added HTTPS proxy session resumption.
[Update] Improved Brotli compress support
[Update] Added image/webp and text/xml to MIME settings.
[Update] Added a document root context “/” for all sample configurations to automatically import rewrite rules
from document root .htaccess.
[Update] Removed unneeded default rewrite rules from example conf and ccl conf.
[Update] Static file ETags are now updated when compressing with gzip or Brotli.
[Bug Fix] Bandwidth usage is no longer adjusted when not throttling.
[Bug Fix] Range requests with a starting position greater than 2GB will no longer cause a 400 error.
[Bug Fix] Fixed a memory leak in the server side SSL session cache.
[Bug Fix] Disabled TLSv1.3 for SSL client to avoid 0-RTT handshake failure.

Cache module

[Update] Added support for storing gzip and Brotli compressed content and serving it with the correct response
header.
[Update] Updated cache ETags to be in the same format as static file ETags.

V1.4.32

2018-5-15
Server Core

[New] Add php.ini override support.
[Update] Increased default gzipMaxFileSize from 1M to 10M.
[Bug Fix] Fixed a WebAdmin bug where static context types were appearing as NULL.
[Bug Fix] Fixed an incorrect malloc size bug that could sometimes cause a crash.
[Bug Fix] Fixed a compilation bug on Ubuntu 17.

Cache Module

[Update] x-litespeed-tag and x-litespeed-cache-control headers are now hidden in response header when serving from
cache.

V1.4.31

2018-4-11
Server Core

[Bug Fix] Fixed a bug where using a NULL ntwkiolink Handler would cause a crash.
[Bug Fix] Fixed a logger bug where a NULL appender was sometimes used causing a crash.

V1.4.30

2018-2-14
Server Core

[Bug Fix] Fixed a bug where cgi/php response body was being converted to lowercase.
[Bug Fix] Fixed an ip2location configuration bug.
[Bug Fix] Fixed a bug where cookies not reset on next use could cause a crash.
[Bug Fix] Fixed a bug where loading and using cache and pagespeed modules at the same time could cause an internal
server error.
[Bug Fix] Fixed a cipher previously rejected by chrome.

Cache Module

[Bug Fix] Fixed a bug where comparing a string could cause a crash.

V1.4.29

2018-1-10
Server Core

[New] “SMART SERVER PUSH” feature which prevents the server from unnecessarily re-pushing URLs to a client.
[Update] Added support for setting multiple module params or rewrite rules without requiring the use of here
document syntax ( <<< ).
[Update] Upgraded module parameter parsing to support multiple lines using ",', or
` as the starting/ending flag.
[Update] VHosts can now inherit SERVER level defined PHP with it’s own user/group.
[Bug Fix] Fixed a bug where a module could be missing an init function, causing it to not be loaded.
[Bug Fix] Fixed an HTTP2 bug where a window size of 64K would be used when set to 256K.
[Bug Fix] Fixed a bug where a module’s config would not be initialized correctly when module parameters where not
provided at the SERVER level.
[Bug Fix] Fixed a bug where sometimes no server response would be received when handling small PHP scripts, causing
a timeout error.
[Bug Fix] Fixed a bug when setting vary ENV which caused the vary value to not work as intended.
[Bug Fix] Fixed a bug preventing server state from being reset properly when using a keep-alive connection.

PageSpeed Module

[Update] If gcc version is higher than 4.8, PSOL v1.11.33.4 lib is now used.

Cache Module

[Update] Update cache module to support the
LSCache for WordPress Plugin
crawler.
[Bug Fix] Fixed a bug of where “ismobile” was not being handled correctly.

ModSecurity Module

[New] Initial Release! See our

Installation Guide
.

V1.4.28

2017-11-8
Server Core

[New] Added multithreading APIs for LSIAPI.
[Update] WebAdmin Console can now be disabled by adding “disablewebadmin” in httpd_config.conf.
[Update] Multiple instances of OLS can now be run at the same time by configuring additional OLS installations with
–with-pidfile, with-exampleport, and (optional) –with-tempdir configuration flags.
[Update] Limited autoupdate checks to at most twice a day.
[Update] Updated caching to store the compressed data for all compressible file types excluding small static files.
[Bug Fix] Fixed bugs in lswsctrl and install.sh.
[Bug Fix] Fixed a bug in http2 by breaking large header frames into smaller frames + CONTINUATION frames.

PageSpeed Module

[Update] Upgraded to PSOL lib 1.11.33.3 and redesigned the execution flow to increase performance.

V1.4.27

2017-8-16
Server Core

[New] Added support for libressl.
[New] Added support for Brotli.
[Update] Updated LSIAPI and all modules accordingly.
[Update] libundns will now be downloaded and installed when not already present.
[Update] Added parameter ‘–with-lsphp7’ to configure to support the installation of lsphp7 on CentOS, Debian and
Ubuntu.
[Update] Changed the IpToLoc::lookup() api to be able properly handle IPv6 lookup.
[Update] All module configurations are now parsed by the server instead of by each individual module.
[Bug Fix] Fixed a bug that sometimes caused an overflow in http2 server push.
[Bug Fix] Fixed a bug in httprespheader where headers >64K would not be handled correctly.
[Bug Fix] Fixed a bug where deleting HttpFetch could cause crashing.
[Bug Fix] Fixed a bug in HttpReq::processRequestLine that could cause crashing.
[Bug Fix] Fixed a bug in addrlookupCb which could cause crashing when hosts did not contain ‘,’ .

PageSpeed Module

[Bug Fix] Fixed a bug were an incorrect query string and request body were used.

V1.4.26

2017-6-1
Server Core

[New] Added TCP_FASTOPEN support.
[New] Added BoringSSL and TLS1.3 support.
[New] Added PHP 7.1.4 as a Compile PHP option.
[New] Added new module modreqparser to enable the ReqParser feature.
[New] Added more APIs.
[Update] Updated WebAdmin Console css and tooltips.
[Update] Updated ReqParser logic to allow parsing of query strings.
[Update] DNS lookup is now performed using the udns library.
[Update] Improved download tool.
[Bug Fix] Fixed a bug were a very long configuration file could crash the server.
[Bug Fix] Fixed a bug were a rewriterule “passthrough” flag would miss the implied “L” flag.
[Bug Fix] Fixed a bug were loading RewriteFile would fail if the RewriteFile directive was in the middle of the
rewrite rules.

PageSpeed Module

[Bug Fix] Fixed a bug involving configuration parsing at the context level.

Cache Module

[Bug Fix] Fixed a bug involving shmpool using parameter no-vary.
[Bug Fix] Fixed a bug where the PURGE function would not work in some case.

V1.4.25

2017-3-13
Server Core

[Security] Removed DES-CBC3-SHA from default cipher suite to avoid failing current PCI scan.
[New] Added HTTP/2 Server Push.
[New] Added Japanese translations to the WebAdmin. (Thanks to Kazu Nito!)
[Update] Updated the Example VHost page.
[Bug Fix] Fixed a bug in sendstaticfile that caused too many memory mapped files to be opened.
[Bug Fix] Fixed a bug in StaticFilecache reference counting that sometimes caused crashes.
[Bug Fix] Fixed a bug in httpParser that sometimes caused crashing.
[Bug Fix] Fixed a bug in handleEvents that could result in an infinite loop.

Cache Module

[Update] Updated the default cache module settings to more reasonable values.
[Bug Fix] Fixed a bug where temporarily opened files would not be closed.

V1.4.24

2016-12-1
Server Core

Added module info to output when running OpenLiteSpeed with –version;
Added more PHP SERVER variables.
Fixed a bug that sometimes causes responses to have multiple content-type headers.
Fixed a bug that sometimes caused an ininite loop in spdy/http2 connections.
Fixed a bug where “requests per second” throttling would not work.
Updated rewrite rules to support ‘”‘ in the ENV value.

PageSpeed Module

Updated Pagespeed library to 1.11.33.3.

Cache Module

Added addETag to cache parameters to make it possible to force add an etag for a cached item.
Fixed a bug related to “cache-vary” environments.
Updated status codes for stored dynamic content to allow values other than 200.
Updated to support multiple purge headers.
Updated to support multiple purged tags in one purge header.
Added functionality to the purge response header to mark a cached page as stale.
Added functionality to the purge response header to purge by URL.

V1.4.23

2016-8-29
Server Core

Added configuration options to specify the locations of the real time report and .status files.
Updated the look of the Example page.
Protected against the target=_blank vulnerability.
Fixed a bug where the server would return a 400 error when it received an HTTP PATCH requests.
Fixed a bug that sometimes caused core dumps due to a static file cache memory error.

V1.4.22

2016-8-17
Server Core

Updated ./configure to support customizing the WebAdmin listener port with the “–with-adminport” parameter.
Updated dist/install.sh to handle incorrect parameters during installation and ./configure.
Updated the WebAdmin to add vhdomain and vhaliases to the virtual host’s .conf file when instantiating from a vhost
template.
Fixed shm folder permissions.
Fixed a bug where vhost aliases weren’t being set correctly.
Fixed a bug where www.HOSTNAME and HOSTNAME did not have the same VHOST during comparison.
Fixed a bug where the server level External App suEXEC User and suEXEC Group settings were not used.
Fixed a bug that sometimes caused 503 errors.

V1.4.21

2016-8-2
Server Core

Improved open file cache efficiency.
Real time report data will now be written to /dev/shm if available.
(instead of /tmp/lshttpd).
Fixed a bug where when handling static files, the number of open files would keep growing, sometimes causing a 503
error.

V1.4.20

2016-7-25
Security

Security: Automatically block HttpProxy attacks with no configuration needed.

Server Core

Remove dependency on the operating system’s version of openssl by statically linking to the latest stable openssl
libraries from the source code.
Fixed a compatibility issue between chrome (versions 51+) and openssl versions < 1.0.2 that would force HTTP/2
connections to HTTP 1.1.
Fixed a bug where openssl 1.0.2 sometimes caused server crashes.
Fixed a bug where sendfile may cause compiling error.

V1.4.19

2016-7-12
Server Core

Updated RewriteEngine::expandEnv() to parse cache-control:vary and cache-vary when setting the request environment.
Removed the “Content-Encoding: none” response header.
Fixed a bug that sometimes caused crashes when using SSL connections.
Fixed a bug that caused SSL connections to reset to HTTP in some cases.
Fixed a bug in rewritefile loading that could cause crashing.
Fixed a bug where envHashT was case-sensitive, causing matching problems.

PageSpeed Module

Updated to detect HTTPS connections more accurately.
Cache TTL time is now set to 30 seconds if the page is set for a longer time.
The cache-control header is now kept if contained in the original response.
Fixed a bug that sometimes caused crashes during a graceful restart.

Cache Module

Fixed bug where public cache was not being used.
Fixed a bug where IPs of different lengths would cause public cache key verification to fail.
Fixed a bug that caused cache-control: max-age to not work.
Fixed a bug where the X-Litespeed-Cache-Control response header would sometimes not work.

V1.4.18

2016-6-21
Server Core

Updated the eventCbQue to make it more stable.
Added APIs to support event callbacks.
Fixed a SPDY bug that caused the connection to drop if it cannot flush anything in 20 seconds.
Fixed a bug where SPDY and HTTP2 streams would hang when the connection buffer was full.
Fixed a bug that caused incorrect version information to be displayed in the WebAdmin Console.

PageSpeed Module .

Updated to the latest PSOL library.
Fixed a bug that could cause a crash when configuration parameters are empty.
Code optimization relating to memory use/passing.
Updated module configuration format to be compatible with PageSpeed module configurations for Apache and Nginx.
The outcome of parsing configuration parameters will now be written to log.

Cache Module

Fixed a bug that prevented the public cache from being purged.
Cache object hashkey are now re-calculated if the response headers contain a “set-cookie” header when creating a
cache entry to avoid invalidating the cache.

V1.4.17

2016-5-2
Updates

WebAdmin will now display a notice when a newer version of OLS is available.
Added modinspector module which scans uploaded files.
Updated dlpsol.sh removed pushd and popd as some platforms don’t support them.
Improved static file serving speed by adding url and static file cache mapping.
Optimized epoll to avoid sending an extra EPOLL_CTL_MOD after EPOLL_CTL_ADD.
Optimized the fixed response header by adding a method.

Bug Fixes

Fixed a bug related to proxying name based rewrite rules.
Fixed a bug in the pagespeed module where query strings were not treated as a part of the uri.
Fixed a bug in our rewrite engine log where more parameters were printed than intended.
Fixed a bug where sendfile() sometimes caused crashes when the browser required gzip.
Fixed a bug where the H2Stream peer count was inaccurate due to a delay between sending FIN and removing the stream.

V1.4.16

2016-3-24
Updates

Updated GeoIP to detect bad databases.
Fixed a bug in HTTP2 stream window update handling.
Changed example vhost configuration to use server’s error.log.
Added more APIs to lsiapi.
Updated httpextconnector to handle big files.
Updated admin/misc/build_admin_php.sh to support more download methods.
Add $VH_DOMAIN variable support for VHost configuration.
Updated the case where the request is a small file and gzip is enabled. Previously, always used gzip. Now, only use
gzip for larger files, as compressing smaller files made them larger.
Updated modpagespeed to be more compatible with the cache module.

Cache Module

Updated cache to support context level changes to the Vhost settings.
Fixed an error that occurred when calculating the length of cached headers.
Updated to store file size, inode, and lastMod to cacheHeader instead of entry. Cache Entries will lose this info
after a server reboot.

PageSpeed Module

Update PSOL lib to v1.9.32.10 stable.
Fixed a bug in LsiBaseFetch::DecrefAndDeleteIfUnreferenced() that may cause crashes.
Fixed a bug where modpagespeed where it detected the http version incorrectly.
Updated InPlaceBodyFilter() to make it work with html-rewrite mode.
Added a response header X_LS_PAGESPEED for when this module handled the request.

Bug Fixes

Fixed a bug where in some cases, OLS will reply “Content-length: -1”.
Fixed a bug where if the response header contains a key without a value, it will crash.
Fixed a bug where HttpReq::postProcessHost() gives a wrong m_iHostLen value and may cause a crash.
Fixed a bug in HttpReq::getUGidChroot() to handle the case where m_pVHost is set, but m_pContext is NULL.

V1.4.15

2016-1-21
Updates

Updated pagespeed module to work with the cache module.
Updated cache module to support more parameters, use a shared memory cache manager, and PURGE from trust IP.
Added more APIs to LSIAPI.

Bug Fixes

Fixed an HTTP/2 bug that selected ‘h2c’ during negotiation.
Fixed an HTTP2 bug which caused multiple line headers errors.
Fixed an xpool bug that could cause crashing.
Fixed a bug that caused partial content to be returned when a proxy server replies with content-length and OLS
compresses/decompresses with content-length unchanged.
Fixed a bug where in some cases modgzip and the internal gzip both perform compression, causing the client to
display incorrectly.
Fixed a bug in ls_lock which caused an error on MAC and FreeBSD.
Fixed a bug in rewrite map configuration parsing which caused crashing.
Fixed a bug that failed to flush ending chunk “0\r\n\r\n” when EAGAIN returned from a previous write().
Fixed a bug where request rate throttling would not work.
Fixed a bug where GeoIP config didn’t match the conf file.

V1.4.14

2015-12-2
Updates

Updated HttpMime and HttpContext level MIME code
WebAdmin and tooltips updated

Bug Fixes

Fixed a bug where matching contexts used server level suffix handler instead of vhost level.
Fixed a bug in plain text configuration parsing.
Fixed a lua module bug.
Fixed a bug causing a seg fault in aho if input was not valid.
Fixed a bug where an errorlog would sent even if successful.

V1.4.13

2015-10-28
Updates

Added SSL Session configuration to Webadmin.
Added support for ARM architecture.
Added logic to skip chacha ciphers.

Bug Fixes

Fixed a bug that sometimes caused SSL context to fail.

V1.4.12

2015-10-19
Updates

Added SSL Ticket and SNI logic.
PageSpeed module upgraded and psol lib changed to version 1.9.32.6.
Support added for large files in API, sendfile, and request body.

Bug Fixes

Fixed a bug in testing mmap() causing a return failure.
Fixed a bug in reqParser where 0 byte files were treated as 2 byte files.
Fixed HTTP/2 related errors reported by h2spec 1.1.1.
Fixed a bug causing crashing in xmlnode If node is null.
Fixed a bug that caused PHP generated 304 pages to hang (github issue #48).
Fixed a bug in updateClientInfoFromProxyHeader() that broke IPv6 support.
Fixed various bugs and updated tooltips in WebAdmin.

V1.4.11

2015-7-23
Updates

Includes PHP 7 Beta 1 support.
SPDY/HTTP2 will now be installed by default. To disable, use ./configure –enable-spdy=no during installation.
Changed internal logging system (Logs will still look the same).
Refactored userEventNotifier and renamed it to EvtCbQue.
PageSpeed module upgraded to use Google PSOL Library v1.9.32.4.

Bug Fixes

Fixed a bug that may cause SPDY to hang.
Fixed a bug in HttpRespHeader that may cause a crash.
Fixed a bug related to range request handling.
Fixed a bug in the pagespeed module that may cause a file size increase.

V1.4.10

2015-6-26
Bug Fixes

Fixed some HTTP/2 and SPDY bugs introduced in 1.4.9, which may cause 404 errors and long page loading time.

V1.4.9

2015-6-24
Updates

Added PHP 7 compilation support.
Added Request Body Parser.
Created new LSIAPI functions to access parsed request body data.
Created an internal file upload module which makes files upload faster and saves server CPU time.
Added an uploadprogress module which displays the progress of uploading files.
Added demonstration page “upload.html” and “upload.php” to example/index.html to show how to use new features.
Added an uploadchecker example module demonstrating examples of how to use new features and APIs.
Updated default cipher configuration.

Bug Fixes

Fixed a SPDY bug involving the default window size setting.
Fixed bug in httpvhost that could cause a potential crash.
Fixed internal bugs in SPDY/HTTP2.
Fixed bug causing URL encoding issues.

V1.4.8

2015-5-18
Updates

Created Adaptive Array Structure, updated internal structures to use the new class.
Contexts now accept path wildcard matches.

Bug Fixes

Fixed bugs in HTTP/2 implementation.
Fixed bugs in Object Pool, caused memory access errors.
Fixed bug in Pagespeed, did not handle a specific error code.
Fixed bug with server side max stream limit.
Fixed bug with default process count, causing server to create too many processes.
Fixed various bugs related to SSL, caused different issues.
Fixed bug that caused compiler based issues.
Fixed bug in lua makefile.
Fixed bug in ChunkOS.
Fixed bug in HTTP session handling, may cause crash.
Fixed bug in module handling, may cause crash.
Fixed bug in SPDY.
Fixed bug in accesslog, possible buffer overflow.

V1.4.7

2015-4-10
Updates

Improved HTTP/2 implementation to be more strictly conforming to HTTP/2 specification. It now passes H2Spec test
suite.
Improved HTTP/2 Performance.
Improved LSIAPI internal logic.
Improved SHM locking and SHM hash container stability.
SSLv2 ciphers are now disabled by default.
Enhanced the server’s SSL Renegotiation Protection.

Bug Fixes

Fixed a memory leak in the request header handling logic.
Fixed bugs within the Server API related to accessing AutoBuf memory.
Fixed bug causing static file compression to not work.
Fixed bug causing static file compression to bypass the module decompression flag.
Fixed bug in LSIAPI causing some modules to not work properly.
Fixed bug in modpagespeed’s basefetch class that may cause the server to crash.

V1.4.6

2015-3-19
OpenLiteSpeed

Added more HTTP/2 error handling to detect invalid compression code.
Updated httprespheader to support header size limit settings.
Improved the method of searching both static header table and dynamic header table.
Improved LSIAPI callback function calling implementation.
Fixed bug causing high CPU use with HTTP/2.
Fixed HTTP/2 encoding error.
Fixed bug causing sendfile to not work properly in certain cases.
Fixed bug causing AIO-related crashes.
Fixed a locking bug in lsshmpool.

Cache Module

Fixed a memory leak.

V1.4.5

2015-2-26
OpenLiteSpeed

Updated HTTP/2 support to draft 17.
Fixed bug causing HTTP/2 string to not be displayed in the error log.
Fixed bug causing HTTP/2 to not handle uploading big files.
Fixed bug causing OPTIONS requests to not be handled.
Fixed bug in PCRE functions.
Fixed bug in PHP build tool when used on Debian.

PageSpeed Module

Update module to use latest stable PSOL library: 1.9.32.3.

Lua Module

Added More Lua SAPI support and improved internal Lua logic.

LiteSpeed Runtime Library

Updated shared memory internal logic.

V1.4.4

2015-1-23
OpenLiteSpeed

Added support for HTTP/2 draft 16 (ALPN, NPN and upgrade).

V1.4.3

2014-12-5
OpenLiteSpeed

Automatically redirect to HTTPS when SSL_Accept fails for an HTTPS page because the request is a plain HTTP request.
Added more LSIAPI functions.
Updated fixtimestamp.sh.
Fixed a bug causing shared memory to fail while initializing.
Updated PCRE m4 file that may cause installation failure.
All bug fixes included in 1.3.6.

Cache Module

Updated cache module to use $VH_ROOT, $VH_NAME and $SERVER_ROOT variables in storagepath parameter.
Fixed a hidden URL path bug which may cause errors.

PageSpeed Module

Added support of In-Place Resource Optimization.
Update supported PSOL to 1.9.32.1-beta.
Fixed bug causing PageSpeed to not build correctly on CentOS 5.

V1.4.2

2014-10-3
Feature enhancements

Added LiteSpeed runtime library.
LSIAPI code refactoring.
Re-engineered WebAdmin console.
Added multiple language support. (English and Chinese currently included.)
Added PageSpeed Module v1.0-1.8.31.4 (beta).
Security: Block headers starting with Shellshock signature.

Bug fixes

Bug fix: Problem with range requests for a file with a size of zero.
Bug fix: SSL error during OCSP response verification.
Bug fix: Firefox does not send “Accept-Encoding” header over SPDY.

V1.4.1

2014-8-26
Feature enhancements

Secure ciphers used by default.
Added “Proxy-Host” environment handling for rewrite engine.
HTTP_END HANDLER_RESTART hook no longer initialized statically. It is only set up when gzip is used.
Optimized HttpRespHeaders::reset().
Eliminated error message when RCS does not exist.
Internal modules have default priority set.
If both .conf and .xml configuration files exist when upgrading to 1.4.x, the old .conf file will be removed before
converting .xml config files to .conf.

Bug fixes

Fixed a bug that referenced a NULL pointer.
Fixed pointer not advancing after appending query string.
Fixed gzip bugs.
Fixed uninitialized variable bug.

V1.4

2014-7-18
Major feature enhancements

Added mod_lua, a module for handling Lua.
Added shared memory functionality to LSIAPI.
All configuration files are converted to plain text (including those generated by the WebAdmin console).
Virtual host configuration files are now stored under the new /usr/local/lsws/conf/vhosts directory.
Added RCS (Revision Control System) integration to allow automatic backups and version control of all config files.
Added recover_xml.sh script for recovering previous XML configurations when downgrading below version
1.4.

V1.3.12

2015-6-30

Updates

Added PHP 7 compilation support.
Updated default cipher configuration.
SPDY/HTTP2 will now be installed by default. To disable, use ./configure –enable-spdy=no during installation.

Bug Fixes

Fixed a SPDY bug involving the default window size setting.
Fixed some internal bugs in SPDY/HTTP2.

V1.3.11

2015-5-18

Bug Fixes

Fixed bugs in HTTP/2 implementation.
Fixed bug in SPDY.
Fixed various bugs related to SSL, caused different issues.
Fixed bugs in response header.
Fixed bugs that caused buffer overflow.

V1.3.10

2015-4-10

Updates

Improved HTTP/2 implementation to be more strictly conforming to HTTP/2 specification. It now passes H2Spec test suite.
Improved HTTP/2 Performance.
SSLv2 ciphers are now disabled by default.
Enhanced the server’s SSL Renegotiation Protection.

Bug Fixes

Fixed bugs within the Server API related to accessing AutoBuf memory.
Fixed bug causing static file compression to not work.
Fixed bug causing static file compression to bypass the module decompression flag.

V1.3.9

2015-3-20

OpenLiteSpeed

Added more HTTP/2 error handling to detect invalid compression code.
Updated httprespheader to support header size limit settings.
Improved the method of searching both static header table and dynamic header table.
Fixed bug causing high CPU use with HTTP/2.
Fixed HTTP/2 encoding error.
Fixed bug causing sendfile to not work properly in certain cases.

Cache Module

Fixed a memory leak.

V1.3.8

2015-2-25

OpenLiteSpeed

Updated HTTP/2 support to draft 17.
Fixed bug causing HTTP/2 string to not be displayed in the error log.
Fixed bug causing HTTP/2 to not handle uploading big files.
Fixed bug causing OPTIONS requests to not be handled.
Added support for “dontlog” tag in rewrite rules.

V1.3.7

2015-1-23

OpenLiteSpeed

Added support for HTTP/2 draft 16 (ALPN, NPN and upgrade).
Automatically redirect to HTTPS when SSL_Accept fails for an HTTPS page because the request is a plain HTTP request.
Fixed a GZIP bug where buffered flag was not set when buffered data could not be sent out.
Fixed a hidden SPDY bug in making request headers.

Cache module

Fixed a bug where cache was using the wrong pointer.

V1.3.6

2014-11-17 (Designated as stable release)

Feature enhancements

Added code to detect user database hash type.

Cache module enhancements

Updated cache module to use $VH_ROOT, $VH_NAME and $SERVER_ROOT variables in storagepath parameter.

Bug fixes

Fixed bug for response bodies larger than 2MB
Fixed bug when SSL connection read() return -1.
Fixed FreeBSD installation script.
Fixed bug causing an OSX compiling issue.

V1.3.5

2014-9-26

Feature enhancements

Security: Block headers starting with Shellshock signature.

Bug fixes

Bug fix: Problem with range requests for a file with a size of zero.
Bug fix: SSL error during OCSP response verification.
Bug fix: Firefox does not send “Accept-Encoding” header over SPDY.

V1.3.4

2014-8-20

Feature enhancements

Added new LSIAPI functions.
CPU affinity mask now resets after fork() when an external application needs to be started.
Added logic to take HSF_RECV_RESP_BUFFERED and HSF_SEND_RESP_BUFFERED into consideration.

Cache module enhancements

Create storage path while parsing configs.
Memory related improvements.

Bug fixes

Fixed rewrite rule bugs.
Fixed pointer not advancing after appending query string.
Fixed bug returning -1 when gzip actually succeeds.
Fixed uninitialized variable bug.
Fixed error page gzip bug.

V1.3.3

2014-7-8

Feature enhancements

Added HTTPS proxy support.
Added several new hook points and new API functions to LSIAPI.

Bug fixes

Upgraded and refactored cache module to decrease errors and fix a bug that may cause a memory leak.
Fixed bug causing etag settings to not take effect.
Fixed bug in mod-gzip causing it to always compress when the client accepts compression, whether or not the content type is compressible.
Fixed various bugs of installation/uninstallation related scripts.

V1.3.2

2014-5-22

Feature enhancements

Added fixtimestamp.sh to fix the timestamp on files that lost their timestamp when using “git clone” (causing “make” to always need re-configuration, etc.).
Added “storagepath” parameter to cache module to allow custom cache locations (including per-vhost).

Bug fixes

Fixed bug breaking HTTP authentication.
Fixed bug causing graceful restart to fail on Mac OSX.

V1.3.1

2014-5-6

Feature enhancements

Added more functionality to LSIAPI and updated some existing LSIAPI functionality.
Added the hook point LSI_HKPT_HANDLER_RESTART to handle cases such as redirects.
Added support for internal modules.
Added modcompress and moddecompress internal modules.
Added openssl version log message at server startup.
Added on_clean_up callback function for module handler.

Cache module updates

Added support for PURGE, REFRESH, and HEAD commands.
No longer stores error page and static files.
Enhanced cache control usage.
Automatically makes and installs during OpenLiteSpeed installation.

Bug fixes

Fixed bug in VMemBuf reading and releasing of memory.
Code refactoring and response process tuning.

V1.3

2014-3-28

Major feature enhancements

Added LiteSpeed Internal Application Programming Interface (LSIAPI) for support of third-party modules.
Added OpenLiteSpeed page caching module.
Added example modules for reference.

V1.2.11

2014-9-26

Feature enhancements

Security: Block headers starting with Shellshock signature.

Bug fixes

Bug fix: Problem with range requests for a file with a size of zero.
Bug fix: SSL error during OCSP response verification.
Bug fix: Firefox does not send “Accept-Encoding” header over SPDY.

V1.2.10

2014-8-20

Feature enhancements

Added %>U and %<q to access log format to improve Apache compatibility.

Bug fixes

Fixed RewriteCond parsing bug.
Object pool size tracking variable now reduced when pool is shrunken.
Fixed bug causing request status code to not be iniated properly.
Fixed bug causing FreeBSD x64 PHP not to start.

V1.2.9

2014-1-22

Feature enhancements

Added SSL_MODE_RELEASE_BUFFERS to save memory on idle SSL connections.
Removed http/1.0 from SPDY NPN String.
Updated MIME configurations based on user feedback.
Added SSLContext::setSessionCacheSize(), SSLContext::setSession timeout and updated default ssl session timeout to 100800, default cache size to 40K.
Updated configure.ac to avoid malloc() replacement issue on some systems.
Make sure connection keepalive is not used for SPDY.

Bug fixes

Fixed bug: SPDY stream kept open resulting in a growing number of SSL connections.

V1.2.8

2013-12-23

Feature enhancements

Added X-Forwarded-For response header to WebSocket proxy traffic.
Added X-LiteSpeed-Location response header processing code.
Turned off log7080. It causes trouble if server is very busy and has many socket connections.

Bug fixes

Fixed bug: make sure SPDY Streams are released before recycling SpdyConnection.
Fixed bug: exec() “litespeed” instead of “lshttpd” during graceful restart.
Fixed bug: make sure -1 status code is not stored in HttpReq, so it will not be used for logging.
Fixed bug: Installer now uses symbolic link with relative path for lsws/bin/lshttpd.
Fixed bug: relocated m_pContext to reset to NULL after each request.
Fixed bug: relocated m_pHttpHandler to reset to NULL after each request.
Fixed bug: old rtreport files now removed during startup in case number of worker configuration has been changed.* SPDY/3.1 support.

V1.2.7

2013-11-26

Feature enhancements

SPDY/3.1 support.
Added more font-related MIME types.
Adjusted default configurations to avoid unnecessary problem due to low default limits.
Changed default buffer size from 8K to 16K when using a global buffer.

Bug fixes

Fixed bug: read partial file when /proc/net/if_inet6 larger than 4096 bytes.

V1.2.6

2013-10-16

Feature enhancements

Added ECDHE_XXX ciphers support.
Added DHE support and DH Parameter configuration for SSL contexts.
Changed help from static text file to side tree indexed.
Added us1.php.net and us2.php.net to replace us.php.net for PHP downloads.

Bug fixes

Fixed missing parameter for LOG_ERR() causing vsnprintf() segfault.
Fixed bug in HTTPS throttling.
Fixed a bug in changing listener names in listener and virtual host settings.
Fixed a bug in changing name for templates.
Fixed a bug causing appendStrNoQuote() to crash accessLog::customLog().

V1.2.5

2013-9-11

Feature enhancements

Enabled adding an Alternate-Protocol header to the HTTP response header.
Updated the maximum number of connections to 1,000,000.
Response body size is now set to INT_MAX if Content-Length response header was not set.
Updated code to make sure reference counter is correct when serving mp4 files.
OpenLiteSpeed will no longer dumpHeader if the request line has not been parsed yet.

Bug fixes

Fixed a bug causing gzip to not work well.
Corrected directory owner when creating tmp/ocspcache
Fixed an HttpUtil::unescape bug which may cause the next function to crash.
Corrected code to avoid infinity loop when moov box ExtendedSize = 0.

V1.2.4

2013-8-22

Feature enhancements

Improved OCSP stapling.
Now makes sure safe TLS 1.2 cipher is used by default.
Added WebP MIME type.
Rearranged HttpContext flags.
Created script to enable autoindexing for a context even on vhosts where scripts are disabled.
Content-type header will not be sent when 304 is returned, even when set by backend.
Messages about processes being killed with SIGTERM will not be logged to simplify error logs.
Updated Build PHP to include PHP 5.4.18.

Bug fixes

Fixed a bug in SSI engine where used timestamp from last include file instead of current file.
Upgrading will now keep user’s current WebAdmin username and password.

V1.2.3

2013-7-25

Feature enhancements

Enabled TLSv1.2 cipher when OpenSSL 1.0.1 is used.

Bug fixes

Fixed bug causing appending index to URI not to work properly.
Fixed CPU Limits setting under Security tab to only apply to CGI processes.
Fixed Access Control setting’s handling of IPv4 subnets.

V1.2.2

2013-7-11 (Designated as stable release)

Feature enhancements

Separated server tuning configurations into different groups in the WebAdmin console.
Added HTTP header to “HTTPS is required” error page.

Bug fixes

Fixed bug causing blank pages in the WebAdmin console.
Fixed bug in the rewrite engine causing incorrect values for ${SCRIPT_NAME}.
Fixed bug in the response header precluding server signature edits.
Fixed bug in admin_php installation script.

V1.2.1

2013-7-8

Bug fixes

Fixed a bug in response header handling for http requests with gzip encoding enabled.

V1.2

2013-7-3

Major new features

Added WebSocket proxies.
Added OCSP stapling.

Feature enhancements

PHP build utility now includes 5.5.0.
Added PHP build utility option for XCache.

Bug fixes

Fixed proxy header x-forwarded-for bug.
Added configuration handling for “enableIpGeo”.
Did code optimization to loopbuf to avoid high cpu usage.
Bug fixes from v1.0.4.

V1.1

2013-6-14

Major new features

Support for SPDY/2 and SPDY/3.

V1.0.4

2013-6-25 (Legacy as of 2013-7-11)

Bug fixes

Fixed bug with gzip compression.
Fixed passing IPv6 listener bug.
Fixed OSX CMSG_SPACE compile error.

V1.0.3

2013-6-13

Feature enhancements

Updated OpenSSL location checking, OS type checking, and path checking scripts.
Added –enable-debug, –disable-rpath, and –with-libdir options to configure script.
Added autoindex scripts to installation destination directory.
Added -ldl to LDFLAGS when linking testing fails.
Updated WebAdmin console.

Bug fixes

Fixed secure listener bug.

V1.0.2

2013-6-4

Feature enhancements

Improved rewrite engine url handling.
Updated install.sh to use the old user:group if previous XML config file exists.
Updated install.sh to use “nogroup” for Ubuntu/Debian.
Added option to disable PHP STDERR logging.
Removed liblber dependancy.

Bug fixes

Fixed WebAdmin console template member vhost instantiate bug.
Fixed bug that was causing variables (such as $VH_HOME) in virtual host template member vhosts to not be parsed.
Fixed problem with send/recv fd on freebsd 64bit.

V1.0.1

2013-5-23

Feature enhancements

Added auto-start feature.
Changed admin-PHP installation to download a pre-built copy as opposed to building one.
Blank context location will now automatically build at the document root + URI.
Adjusted process name string to “openlitespeed”.

Bug fixes

Added docs/css and docs/img to dist/.
Fixed Ubuntu/Debian install bug.
Fixed custom vhost templates overwritten by reinstall bug.
Fixed build rewrite target URL containing query string bug.
Fixed context multiline extra header bug.
Fixed other minor bugs.

V1.0

2013-5-2

OpenLiteSpeed 1.0 published