The published release of a lightweight HTTP server Lighttpd 1.4.76 is focused on high performance, security, compliance with standards, and flexibility of configuration. LightTPD is designed for highly loaded systems, prioritizing low CPU, memory, and resource usage. The project code is written in the language of “C” and distributed under the BSD license.
In this new version:
- Enhanced security against the “Continuation Flood” attack in HTTP/2 streams, including the addition of identification and response mechanisms to prevent denial of service.
- Implemented measures to prevent backdoor insertion in packages, by obtaining code from GIT using Git Archive with release tag verification.
- Default inclusion of the built-in file Mimetype.assign.
- Added support for Multipath TCP (mptcp) extension, though not activated by default.
- Improved support for GNU/HURD and NetBSD 10.
- Reduced the number of system calls when connecting to the backend.
- Planned future updates include setting TLSv1.3 as the minimum supported default version of the TLS protocol and limiting server.error-handler-404 processor to handle only error 404.
It is worth mentioning the release of the HTTP server Apache 2.4.59, which includes 21 changes and remediation of three vulnerabilities:
- CVE-2024-27316 – vulnerability leading
/Reports, release notes, official announcements.