Updated: lighttpd-1.4.76
Glenn Strauss
gs-cygwin.com@gluelogic.com
Sat Apr 13 01:55:24 GMT 2024
Version 1.4.76-1 of "lighttpd" has been uploaded.
lighttpd is a secure, fast, modular web server with low resource usage
lighttpd 1.4.76:
* detect VU#421644 HTTP/2 CONTINUATION Flood
* issue trace and send GO_AWAY
* (lighttpd not vulnerable to attack)
* avoid CVE-2024-3094 xz supply chain attack
* use 'git archive' to replace 'make dist' to create release tarballs
* remove excess complexity (m4 and autotools) from release process
* now more easily verifiable that sources come from signed git release tag
Note:
This cygwin lighttpd-1.4.76-1 release requires >= cygwin-3.5.0 to take
advantage of new support for posix_spawn_file_actions_addfchdir_np().
As this support is optional, please contact me if this is a hardship
for those unable to upgrade to cygwin-3.5.0 and I can create a package
of lighttpd without this feature, whose use merely provides a marginal
performance improvement for starting CGI programs.
Source: https://git.lighttpd.net/lighttpd/lighttpd1.4.git/
News: https://www.lighttpd.net/
License: BSD 3-clause
https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/COPYING
More information about the Cygwin-announce
mailing list