Lighttpd 1.4.36 发布了,该版本主要是 Bug 的修复,重要的改变包括:
•默认禁用 SSL 3.0
•对日志中的所有字符串进行转义
•修复了上传时无法创建临时文件导致的段错误
•改变内部缓冲、chunks 等方面的 API,可能导致第三方插件的兼容问题
与 1.4.35 版本比较,详细改进内容包括:
•use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
•fix bad shift in conditional netmask “…/0” handling
•add more mime types and a script to generate mime.conf (fixes #2579)
•add support for (Free)BSD extended attributes
•[build] use fortify flags with “extra-warnings”
•[mod_dirlisting,mod_redirect,mod_rewrite] abort config parsing if pcre-compile fails or isn’t available
•[ssl] disable SSL3.0 by default
•fixed typo in example config found by openSUSE user (boo# 907709)
•[network] fix compile break in calculation of sockaddr_un size if SUN_LEN is not defined (fixes #2609)
•[connections] fix bug in connection state handling
•print backtrace in assert logging with libunwind
•major refactoring of internal buffer/chunk handling
•[mod_auth] use crypt_r instead of crypt if available
•fix error message for T_CONFIG_ARRAY config values if an entry value is not a string
•fix segfaults in many plugins if they failed configuration
•escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp)
•fix hex escape in accesslog (fixes #2559)
•show extforward re-run warning only with debug.log-request-handling (fixes #2561)
•parse If-None-Match for ETag validation (fixes #2578)
•fix memory leak in mod_status when no counters are set (found by coverity)
•[mod_magnet] fix segfault when accessing not existing lighty.req_env[] entry (found by coverity)
•fix segfault when temp file for upload couldn’t be created (found by coverity)
•mime.conf: add some new mime types, remove .dat, .sha1, .md5, update .vcf
•[mod_proxy] add unix domain socket support (fixes #2653)
•[configfile] fix reading uninitialized variable (found by Willian B.)
下载地址:http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.36.tar.gz
来自:开源中国社区