Important changes

Many important changes - fixed a segfault (crash on first https request), disabled mmap due to possible crash if the file is truncated while reading and more.

If you still want to use mmap you can use ./configure --enable-mmap, but check #2391 before.

Downloads

Changes from 1.4.30

  • [ssl] fix segfault in counting renegotiations for openssl versions without TLSEXT/SNI (thx carpii for reporting)
  • Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373)
  • [mod_compress] fix handling if etags are disabled but cache-dir is set - may lead to double response
  • disable mmap by default (fixes #2391)
  • buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)
  • Fix handling of empty header list entries in http_request_split_value, fixing invalid read in valgrind (fixes #2413)
  • Fix access log escaping of “ and \\ (fixes #1551)
  • [mod_auth] Fix digest “md5-sess” implementation (Errata ID 1649, RFC 2617) (fixes #2410)
  • [auth] Add “AUTH_TYPE” environment (for * cgi), remove fastcgi specific workaround, add fastcgi test case (fixes #889)
  • [mod_*cgi,mod_accesslog] Fix splitting :port with ipv6 (fixes #2333, thx simoncpu)
  • Detect multiple -f options: show error message instead of assert (fixes #2416)
  • [mod_extforward] Support ipv6 addresses (fixes #1889)
  • [mod_redirect] Support url.redirect-code option (fixes #2247)
  • Fix --enable-mmap handling in configure.ac