pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
lighttpd 1.4.65 released
Dear package maintainers:
lighttpd 1.4.65 has been released!
Please package and publish lighttpd 1.4.65.
Please review the below behavior changes scheduled next year in 2023.
Please let me know if you have any questions or issues. Thank you!
Cheers, Glenn
https://redmine.lighttpd.net/projects/lighttpd/wiki/Release-1_4_65
HIGHLIGHTS
* WebSockets over HTTP/2
RFC 8441 Bootstrapping WebSockets with HTTP/2
* HTTP/2 PRIORITY_UPDATE
RFC 9218 Extensible Prioritization Scheme for HTTP
* prefix/suffix conditions in lighttpd.conf
* mod_webdav safe partial-PUT
webdav.opts += ("partial-put-copy-modify" => "enable")
* mod_accesslog option: accesslog.escaping = "json"
* mod_deflate libdeflate build option
* speed up request body uploads via HTTP/2
BEHAVIOR CHANGES:
* change default server.max-keep-alive-requests = 1000 to adjust
to increasing HTTP/2 usage and to web2/web3 application usage
(prior default was 100)
* mod_status HTML now includes HTTP/2 control stream id 0 in the output
which contains aggregate counts for the HTTP/2 connection
(These lines can be identified with URL '*', part of "PRI *" preface)
alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status
* MIME type application/javascript is translated to text/javascript (RFC 9239)
FUTURE SCHEDULED BEHAVIOR CHANGES (estimated Jan 2023):
* TLS modules will default to using stronger, modern ciphers and
will default to allow client preference in selecting ciphers.
Allowing client preference in selecting ciphers is safe to do along
with restrictions to use modern ciphers supporting PFS, and is
better for mobile users without AES hardware acceleration.
Legacy ciphers can still be configured in lighttpd.conf using
`ssl.openssl.ssl-conf-cmd`, as long as the ciphers are supported by
the underlying TLS libraries. https://wiki.lighttpd.net/Docs_SSL
new defaults:
"CipherString" => "EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384",
"Options" => "-ServerPreference"
old defaults:
"CipherString" => "HIGH",
"Options" => "ServerPreference"
* Deprecated TLS options will be removed.
- ssl.honor-cipher-order
- ssl.dh-file
- ssl.ec-curve
- ssl.disable-client-renegotiation
- ssl.use-sslv2
- ssl.use-sslv3
See https://wiki.lighttpd.net/Docs_SSL for replacements with
`ssl.openssl.ssl-conf-cmd`, but prefer lighttpd defaults instead.
* Continue gradual deprecation of "mini-application" lighttpd modules
for which mod_magnet lua implementations are better and more flexible.
Please post on lighttpd forums to share feedback if you use these modules.
Forums: https://redmine.lighttpd.net/projects/lighttpd/boards
* Deprecated: mod_evasive will be removed.
mod_evasive can be replaced by mod_magnet and a few lines of lua:
Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_evasive
https://wiki.lighttpd.net/AbsoLUAtion#Fight-DDoS
https://wiki.lighttpd.net/AbsoLUAtion#Mod_Security
* Deprecated: mod_secdownload will be removed.
mod_secdownload can be replaced by mod_magnet and a few lines of lua:
Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_secdownload
mod_secdownload historically uses insecure MD5 though SHA1, SHA256 available
* Deprecated: mod_uploadprogress will be removed.
mod_uploadprogress can be replaced by mod_magnet and a few lines of lua:
Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_uploadprogress
* Deprecated: mod_usertrack will be removed.
mod_usertrack can be replaced by mod_magnet and a few lines of lua:
Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_usertrack
mod_usertrack historically uses insecure MD5.
DOWNLOADS:
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.65.tar.gz
GPG signature:
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.65.tar.gz.asc
SHA256: 396bdbe28e77cf68ffbc914e0280e4f3c6b42574277ccb7f776d572fdddea6d0
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.65.tar.xz
GPG signature:
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.65.tar.xz.asc
SHA256: bf0fa68a629fbc404023a912b377e70049331d6797bcbb4b3e8df4c3b42328be
SHA256 checksums:
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.65.sha256sum
SHA512 checksums:
https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.65.sha512sum
Home |
Main Index |
Thread Index |
Old Index