🏳️Home - Lighttpd - fly light

Website faviconlighttpd.net

[](/)

*   Search[](/feed/atom.xml)

*    

*   Sections

*   [Home](/)

*   [benchmark](/benchmark/)

*   [releases](/releases/)

*   [story](/story/)

*   Pages

*   [thank-you](/thank-you/)

*   Sites

*   [blog](https://blog.lighttpd.net/)

*   [docs](https://redmine.lighttpd.net/projects/lighttpd/wiki)

*   [bugs](https://redmine.lighttpd.net/projects/lighttpd/issues)

*   [forum](https://redmine.lighttpd.net/projects/lighttpd/boards)

lighttpd (pronounced _/lighty/_) is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and much more) make lighttpd the perfect web server for all systems, small and large. lighttpd is released under the Open Source [revised BSD license](https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/COPYING).

[lighttpd wiki and documentation](https://redmine.lighttpd.net/projects/lighttpd/wiki)

--------------------------------------------------------------------------------------

News

====

[1.4.77](/2025/1/10/1.4.77/)

----------------------------

### January 10, 2025

Important changes

-----------------

*   stronger TLS defaults: MinProtocol TLSv1.3; experimental TLS ECH support

Behavior Changes

----------------

*   lighttpd TLS defaults: MinProtocol TLSv1.3 Other configurations are still supported, but are not the default. Previous default: MinProtocol TLSv1.2 Current default: MinProtocol TLSv1.3

*   lighttpd TLS defaults now limit TLSv1.3 Groups to the IANA “Recommended” set: “X25519:P-256:P-384:X448” (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8) Configure Groups/Curves using ssl.openssl.ssl-conf-cmd += (“Groups” => “…”)

*   server.error-handler-404 operates only on 404 (historical error: server.error-handler-404 operated on both 404 and 403) Since lighttpd 1.4.40 (released Jul 2016), server.error-handler is available to produce dynamic error pages for 4xx and 5xx responses. Since lighttpd 1.4.56 (released Nov 2020), magnet.attract-response-start-to is an additional, high performance mechanism to produce dynamic error pages. https://wiki.lighttpd.net/mod\_magnet

*   doc/config/lighttpd.conf has been renamed doc/config/lighttpd.annotated.conf and doc/config/lighttpd.conf is now a simpler header which includes lighttpd.annotated.conf. lighttpd package maintainers must review their packaging scripts and include both lighttpd.conf and lighttpd.annotated.conf (e.g. doc/config/_.conf) along with doc/config/conf.d/_.conf.

Downloads

---------

*   [lighttpd-1.4.77.tar.gz](https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.77.tar.gz) ([GPG signature](https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.77.tar.gz.asc))

    *   SHA256: `5321755fb15ca20084b7b12c26f8991278907fd5a2597b1bdc061a29f7c5ba5d`

*   [lighttpd-1.4.77.tar.xz](https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.77.tar.xz) ([GPG signature](https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.77.tar.xz.asc))

    *   SHA256: `acafabdbfa2267d8b6452d03d85fdd2a66525f3f05a36a79b6645c017f1562ce`

*   [SHA256 checksums](https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.77.sha256sum)

*   [SHA512 checksums](https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.77.sha512sum)

    Changes from 1.4.76

    -------------------

*   \[build\] packdist.sh tweaks of convenience commands

*   \[build\] remove ancient distribute.sh.in script

*   \[core\] add .torrent to mimetype.assign builtin defaults

*   Revert “\[core\] special value for Linux POLLRDHUP on SPARC” (fixes [#3251](https://redmine.lighttpd.net/issues/3251))

*   \[core\] special value for Linux POLLRDHUP on SPARC (fixes [#3251](https://redmine.lighttpd.net/issues/3251))

*   \[mod\_ssi\] rename ssi\_val\_tobool to ssi\_val\_to\_bool

*   \[multiple\] rename config\_plugin\_value\_tobool

*   \[core\] fix graceful shutdown timeout handling

*   \[core\] preprocessor option to force crypto lib

*   \[cmake\] fix some typos in pcre2 detection

*   \[tests\] disambiguate regex test value from string

*   \[tests\] fix deflate tests w/ Fedora zlib-ng-compat

*   \[core\] port for QNX7.1/8.0

*   \[doc\] remove ancient doc/scripts/spawn-php.sh

*   \[mod\_deflate\] limit zstd max window size to 8 MB

*   \[mod\_accesslog\] ignore format specifier w/o label

*   \[autotools\] add pkgconf test for libdbi

*   \[mod\_webdav\] use SQLITE\_PREPARE\_PERSISTENT

*   \[mod\_webdav\] call sqlite3\_initialize() at init

*   \[mod\_webdav\] disable double-quoted string literal

*   \[doc\] remove ancient doc/scripts/spawn-php.sh

*   \[core\] clarify error msg for plugin ver mismatch

*   \[mod\_dirlisting\] Add dark mode support

*   \[autotools\] Prefer libpcre.pc to pcre-config

*   \[core\] server.ip-transparent option on listen sock

*   \[core\] reject HTTP/1.x request-line URI trail sp

*   \[core\] remove http\_request\_parse\_proto\_loose()

*   \[core\] strictly require CRLF on chunked header

*   \[core\] strictly require CRLF on all chunked header

*   \[multiple\] quiet coverity false positives

*   \[core\] http\_request\_check\_uri\_strict optimization

*   \[h2\] fix spurious connection resets with zero log\_monotonic\_secs

*   \[mod\_dirlisting\] fix ?json output; emit JSON list (fixes [#3256](https://redmine.lighttpd.net/issues/3256))

*   \[mod\_dirlisting\] minor optimization for ?json

*   \[mod\_auth\] fix Digest nonce validation w/ nonce\_secret

*   \[core\] omit pcre2 JIT error trace if JIT not avail

*   \[doc\] rename sample config lighttpd.annotated.conf

*   \[doc\] simplify doc/config/lighttpd.conf entry

*   \[doc\] use shorter [https://wiki.lighttpd.net/](https://wiki.lighttpd.net/) url

*   \[ci\] ci dependency maintenance

*   \[meson\] use pkg-config to find mbedtls 3.6

*   \[meson\] update FORCE\_\* vars to select crypto lib

*   \[core\] remove long-unused #ifdef USE\_ALARM

*   \[core\] avoid pedantic compiler warning (fixes [#3262](https://redmine.lighttpd.net/issues/3262))

*   \[mod\_auth\] HTTP Digest and HTTP/2 extended CONNECT

*   \[mod\_dirlisting\] sort by exact value of size (fixes [#3264](https://redmine.lighttpd.net/issues/3264))

*   \[mod\_dirlisting\] sort mtime using data-value ([#3264](https://redmine.lighttpd.net/issues/3264))

*   \[ci\] enable Solaris build (now less slow)

*   \[core\] remove mimetype.assign from tests/lighttpd.conf

*   \[ci\] adjust Solaris CI build

*   \[doc\] update create-mime.conf.pl compression types

*   \[doc\] update doc/config/conf.d/mime.conf

*   \[ci\] adjust Solaris CI build

*   \[core\] remove cast from ioctl() RNDGETENTCNT

*   \[core\] update ls-hpack

*   \[core\] light\_isprint(), light\_iscntrl()

*   \[core\] perf: tighter loops for str encode,escape

*   \[mod\_wstunnel\] Sec-WebSocket-Protocol: binary

*   \[core\] light\_iscntrl\_or\_utf8\_invalid\_byte()

*   \[core\] option: allow unescaped UTF-8 in errorlog (fixes [#3268](https://redmine.lighttpd.net/issues/3268))

*   \[systemd\] test config in ExecReload before signal

*   \[core\] config parsing: detect invalid keys

*   \[TLS\] allow list of Groups/Curves

*   \[mbedtls\] reset crt\_profile when reconfigured

*   \[mod\_mbedtls\] guard mbedtls use of RSA\_PSK

*   \[mod\_nss\] add ssl.openssl.ssl-conf-cmd Ciphersuite

*   \[mod\_wolfssl\] typo

*   \[mod\_nss\] ver check for experimental groups/curves

*   \[mod\_wolfssl\] missing return

*   \[tests\] do not test for exact compress zlib size

*   \[tests\] consolidate test value comparison logic

*   .github/workflows/dependabot.yml “github-actions”

*   \[ci\] dependabot.yml name

*   \[ci\] ci.yml pull\_request types

*   \[ci\] move file to .github/dependabot.yml

*   \[multiple\] avoid sending body to GW\_AUTHORIZER (fixes [#3272](https://redmine.lighttpd.net/issues/3272))

*   \[mod\_magnet\] use local sys-dirent.h (portability)

*   \[mod\_magnet\] add code header to mod\_magnet.c

*   \[TLS\] skip SSL\_CTX init if not in SOCKET condition

*   \[mod\_openssl\] ssl.ech-opts, load ECH keys

*   \[mod\_openssl\] ssl.non-ech-host opt to require ECH

*   \[mod\_openssl\] free mem from SSL\_ech\_get1\_status()

*   \[mod\_openssl\] ECH: use new OSSL\_ECHSTORE APIs

*   \[mod\_openssl\] ECH: refresh 4 year old patches

*   \[mod\_openssl\] ECH: kludge compat w/ OpenSSL ECH API

*   \[mod\_openssl\] omit OSSL\_ECH\_FOR\_RETRY for ECH-only

*   \[mod\_openssl\] ECH: OSSL\_ECH\_FOR\_RETRY for cur key

*   \[mod\_openssl\] ECH: boringssl support

*   \[TLS\] modify TLS defaults to MinProtocol TLSv1.3

*   \[TLS\] use TLSv1.3 groups X25519:P-256:P-384:X448

*   \[ci\] macos: mariadb-connector-c is keg-only

*   \[mod\_openssl\] skip \*.ech files beginning with ‘.’

*   \[mod\_openssl\] ECH: rename directives to ECH terms

*   \[core\] server.error-handler-404 handles only 404

*   \[mod\_magnet\] quiet coverity false positive

*   \[mod\_openssl\] ECH: use same (debug) CGI var names

*   \[mod\_openssl\] ECH: reload keys only if modified

*   \[mod\_openssl\] ECH: remove kludge compat w/ OpenSSL ECH API

*   \[core\] reset cond cache item URL if pathinfo

*   \[mod\_openssl\] use BUF\_PTR\_LEN when buffer not NULL

*   \[mod\_openssl\] ECH: code comments for ECH-only host

*   \[core\] import xxHash v0.8.3

*   \[autoconf\] update ax\_prog\_cc\_for\_build.m4

[Read more ...](/2025/1/10/1.4.77/)