please update cygwin lighttpd pkg to version 1.4.55
gs-cygwin.com@gluelogic.com
gs-cygwin.com@gluelogic.com
Tue Mar 24 13:09:04 GMT 2020
On Tue, Mar 24, 2020 at 11:51:40AM +0100, Marco Atzeri via Cygwin wrote:
> Am 24.03.2020 um 06:50 schrieb gs-cygwin.com@gluelogic.com:
> > Please update cygwin lighttpd pkg to version 1.4.55
> >
> > lighttpd 1.4.55 was released 31 Jan 2020 (upstream).
> >
> > Thank you. Glenn
> > --
>
> In this moment the package is without a maintainer.
> Any specific reason why you need absolutely the last version ?
There are numerous bugs in lighttpd 1.4.54 (and fixed in lighttpd
1.4.55) which prevent usage of lighttpd if using one of the modules
with bugs, e.g. mod_webdav and mod_deflate.
bug: mod_deflate fix error choosing encoding parser (1.4.54 regression)
bug: mod_webdav startup crash in config conditional (1.4.54 regression)
bug: mod_webdav fix file upload limit
bug: mod_accesslog fails to parse multiple cookies
bug: preserve %2b and %2B in query string normalization
There are numerous security enhancements (hardenings) in lighttpd 1.4.55
security: HTTP Basic/Digest Auth security (attack mitigations)
security: HTTP request header parsing restrictions (attack mitigations)
Cheers, Glenn
More information about the Cygwin
mailing list