please update cygwin lighttpd pkg to version 1.4.55
Tue Mar 24 13:09:04 GMT 2020

On Tue, Mar 24, 2020 at 11:51:40AM +0100, Marco Atzeri via Cygwin wrote:
> Am 24.03.2020 um 06:50 schrieb
> > Please update cygwin lighttpd pkg to version 1.4.55
> > 
> > lighttpd 1.4.55 was released 31 Jan 2020 (upstream).
> > 
> > Thank you.  Glenn
> > --
> In this moment the package is without a maintainer.
> Any specific reason why you need absolutely the last version ?

There are numerous bugs in lighttpd 1.4.54 (and fixed in lighttpd
1.4.55) which prevent usage of lighttpd if using one of the modules
with bugs, e.g. mod_webdav and mod_deflate.

bug: mod_deflate fix error choosing encoding parser (1.4.54 regression)
bug: mod_webdav startup crash in config conditional (1.4.54 regression)
bug: mod_webdav fix file upload limit
bug: mod_accesslog fails to parse multiple cookies
bug: preserve %2b and %2B in query string normalization

There are numerous security enhancements (hardenings) in lighttpd 1.4.55

security: HTTP Basic/Digest Auth security (attack mitigations)
security: HTTP request header parsing restrictions (attack mitigations)

Cheers, Glenn

More information about the Cygwin mailing list