1.4.35
March 12, 2014
Important changes
This release contains a lot of bug fixes, many detected by scan.coverity.com (and more to come). The main reason for the release is a fix for an SQL injection (and path traversal) bug triggered by specially crafted (and invalid) Host: headers.
Security fixes
Downloads
- lighttpd-1.4.35.tar.gz (GPG signature)
- SHA256:
62c23de053fd82e1bf64f204cb6c6e44ba3c16c01ff1e09da680d982802ef1cc
- SHA256:
- lighttpd-1.4.35.tar.bz2 (GPG signature)
- SHA256:
4a71c1f6d8af41ed894b507720c4c17184dc320590013881d5170ca7f15c5bf7
- SHA256:
- lighttpd-1.4.35.tar.xz (GPG signature)
- SHA256:
113e9b72ccbd1da5deb0774bf93cf0ca15dc82aad2da0f04e5ab27d37d3f30a3
- SHA256:
- SHA256 checksums