All releases of lighttpd
Release Notes: This release fixes a DoS bug (CVE-2012-5533) and contains other small fixes.
Release Notes: Many important changes. This release fixes a segfault (a crash on the first HTTPS request), disables mmap due to a possible crash if the file is truncated while reading, and more.
Release Notes: This version fixes a signedness error in http_auth (CVE-2011-4362), disables client initiated renegotiations, supports mitigating BEAST attacks (both SSL), and fixes connection stalls.
Release Notes: This release fixes a name conflict with OpenSSL, some cgi* bugs, should improve SSL support, and adds the "solaris-eventports" fdevent handler.
Release Notes: 1.4.27 introduced some serious bugs in the fdevent system; one resulted in segfaults with FreeBSD. This should be fixed now.
Release Notes: This release fixes SSL (SNI handling and SSL_CTX_set_options) and mod_cgi and mod_proxy (response handling). There is a new fdevent handler "libev" ("linux-rtsig" was removed). IPv6 sockets are now bound to IPv6 only in almost all cases ("dual-stack" is disabled).
Release Notes: There have been some important bugfixes (request parser handling for split header data, an fd leak in mod_cgi, a segfault with broken configs in mod_rewrite/mod_redirect, HUP detection, and an OOM/DoS vulnerability).
Release Notes: Some important bugs were fixed. Some of them are new since 1.4.24, and some are older bugs. Only two small new features were added: traceback for lua errors and the SSL_CLIENT_* vars export for SSL client cert validation.
Release Notes: This release finally adds TLS SNI, and has many other small improvements. It fixes pipelining (which should fix problems with lighty as a Debian mirror) and some mod_fastcgi bugs (which should result in improved handling of overloaded and crashed backends).
Release Notes: spawn-fcgi is now going its own way as an independent project. WSGI applications in / should work now (use the fastcgi/scgi option "fix-root-scriptname"). There are many other fixes and improvements.
