lighttpd Changelog

New in version 1.4.35

November 13th, 2014
  • This release contains a lot of bug fixes, many detected by scan.coverity.com (and more to come). The main reason for the release is a fix for an SQL injection (and path traversal) bug triggered by specially crafted (and invalid) Host: headers.

New in version 1.4.34 (January 20th, 2014)

  • Important changes:
  • There have been some important security fixes pending (which you should already have gotton through your favorite distribution); I am sorry for the delayed release (we probably should communicate security bugs on our page and mailing lists too for those who are not following oss-security).
  • We updated the “standard” ssl cipher string recommendation to ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"; see below for the detailed reasons.
  • Regression warning:
  • The fix for lighttpd SA-2013-01 (CVE-2013-4508, “Using possibly vulnerable cipher suites with SNI”) includes a regression:
  • Each SSL_CTX also gets loaded with all values for ssl.ca-file from all blocks in the config.
  • This means that your ssl.ca-files must not contain cyclic chains and should use unique subject names.
  • See Debian Bug – #729555 for more details.
  • Security fixes:
  • lighttpd SA-2013-01 (CVE-2013-4508)
  • lighttpd SA-2013-02 (CVE-2013-4559)
  • lighttpd SA-2013-03 (CVE-2013-4560)
  • OpenSSL cipher string recommendation:
  • The cipher string recommendation is based on ssllabs’ SSL/TLS Deployment Best Practices 1.3 / 17 September 2013:
  • BEAST is considered mitigated on client side now and new weaknesses have been found in RC4, so it is strongly advised to disable RC4 ciphers (HIGH doesn’t include RC4)
  • It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP, so you might want to support 3DES for now – just remove the !3DES parts below; replace it with +3DES !MD5 at the end to prefer AES128 over 3DES and to disable the 3DES variant with MD5).
  • The examples below prefer ciphersuites with “Forward Secrecy” and ECDHE over DHE (alias EDH); remove +kEDH +kRSA if you don’t want that.
  • SRP and PSK are not supported anyway, excluding those (!kSRP !kPSK) just keeps the list smaller (easier to review)
  • As almost all keys these days are RSA limiting to aRSA+HIGH make the lists even smaller. Use HIGH instead of aRSA+HIGH for a more generic version.
  • Not included on purpose:
  • STRENGTH: the list from HIGH is already ordered, reordering is not required. STRENGTH also prefers 3DES over AES128.
  • !SSLv2, !EXPORT, !eNULL, !DES, !RC4, !LOW: HIGH shouldn’t include those ciphers, no need to remove them.
  • !MD5: HIGH might include a 3DES cipher with MD5 on old systems; !3DES should remove MD5 too.
  • !aNULL, !ADH: doesn’t matter on server side, and clients should always verify the server certificate, which fails when the server doesn’t have one.
  • You can check the cipher list with: openssl ciphers -v 'aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK' | column -t (use single quotes as your shell won’t like ! in double quotes).

New in version 1.4.33 (September 28th, 2013)

  • Time to get some fixes out; nothing special, just many small fixes – and some new features.

New in version 1.4.26 (February 8th, 2010)

  • There have been some important bug fixes (request parser handling for splitted header data, a fd leak in mod_cgi, a segfault with broken configs in mod_rewrite/mod_redirect, HUP detection and an OOM/DoS vulnerability).