1.4.32
November 21, 2012
Important changes
One important denial of service (in 1.4.31) fix: CVE-2012-5533.
Downloads
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.gz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.gz.asc
- SHA256:
0765e07dac432393dea3950639d5ba646ded95a9408ad002e54b3353ab6b9645
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.bz2
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.bz2.asc
- SHA256:
60691b2dcf3ad2472c06b23d75eb0c164bf48a08a630ed3f308f61319104701f
- https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.xz
- GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.tar.xz.asc
- SHA256:
1368f80069ce71f5928cad59c8e60c0b95876942ca9e02c53853e54ae24aedc1
- SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.32.sha256sum
External references
Changes from 1.4.31
- Code cleanup with clang/sparse (fixes #2437, thx kibi)
- Ignore EPIPE/ECONNRESET after SSL_shutdown
- Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx dererkazo)
- configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino)
- add PATCH method (fixes #2424)
- fix :port handling in $HTTP[“host”] checks (fixes #2135. thx liming)
- network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel)
- detect “x-gzip”/”x-bzip2” as separate encodings, more strict encoding matching (fixes #2443)
- tests: make sure mod_proxy doesn’t leave running processes (fixes #2435, thx kibi)
- mod_extforward: log address of untrusted proxy with debug.log-request-handling
- fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533)
- remove whitespace at end of header keys