Release-1 4 83 - Lighttpd - lighty labs

Search

Project

General

Profile

Sign in<br>Register

Home<br>Projects<br>Donate<br>Help

Search:

Lighttpd

All Projects

Lighttpd

Overview<br>Activity<br>Roadmap<br>Issues<br>News<br>Wiki<br>Forums<br>Repository<br>Blog<br>Developer Blog

Wiki

Start page

Index by title

Index by date

Actions<br>History

Releases »

Release Info&para;

Version: 1.4.83

Previous version: 1.4.82

Branch: 1.4

Status: stable

Release Purpose: bug fixes

Release manager: gstrauss

Released date: 2026-06-14

Important changes from 1.4.82&para;

security fixes; bug fixes; tighten resource management

Highlights&para;

add PQC hybrid KEM X25519MLKEM768 to default TLS groups

mod_sockproxy can now route connections based on TLS SNI

mod_proxy proxy.header enhanced config for url-path mapping of response headers

HTTP Incremental header support

portability/compatibility with library updates (lighttpd dependencies)

BEHAVIOR CHANGES&para;

add PQC hybrid KEM X25519MLKEM768 to default TLS groups<br>Reference: TLSRef guidelines<br>https://docs.tlsref.org/server-side-tls.html

HTTP/1.1 Upgrade: h2c has been deprecated;<br>set default to disabled in lighttpd,<br>but can still be enabled in config,<br>and http2 prior knowledge is still enabled

Downloads&para;

https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.83.tar.gz

GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.83.tar.gz.asc

SHA256: 54f9598f6c07df0e9607c74bf6d2f6a45b0f420bcb0590bc5a01c5a6e3355f1a

https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.83.tar.xz

GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.83.tar.xz.asc

SHA256: b3f878156480079f8a93903bd24d456074a0fbedb9b4d99fcd65df33b1f566f0

SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.83.sha256sum

SHA512 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.83.sha512sum

Changes from 1.4.82&para;

[systemd] add RestrictAddressFamilies AF_NETLINK

[TLS] skip cert_is_active warnings for unset clock

[multiple] rename plugin_data statics per module

[mod_mbedtls] mbedtls 4.x removes mbedtls/ecp.h

[mod_mbedtls] mbedtls 4.x removes ECDH ciph suites

[core] clarify warning message

[multiple] http_status.[ch]

[core] single internal define for fs monitoring

[core] X-Sendfile shared code

[core] check for OTHER response headers earlier

[core] support Incremental header

[mod_magnet] resp_body_finished w/ r.resp_body:set()

[core] minor code tighten

[core] remove request_st member async_callback (unused)

[tests] t/test_http_status.c stub

[core] http_status_set_fin() handler_module = NULL

[mod_magnet] http_response_reset() before HANDLER_COMEBACK

[core] http_response_prepare() smaller funcs

[core] add continuation framework for response prep

[h2] add comment about zero-length payloads in padded frames

[mod_magnet] revert recent HANDLER_COMEBACK change

[core] remove small bit of commented out code

[core] do not generate no-longer-used plugin funcs

[core] minor code tighten

[h2] fix HTTP/1.1 upgrade: h2c

[h2] combine h2c code into h2_upgrade_h2c()

[h2] disable HTTP/1.1 upgrade: h2c by default

[core] clear trailer whitelist at startup

[core] static_assert sanity check for 64-bit off_t

[core] security: missing return on non-default path

[mod_magnet] modify reqbody_length after file append

[mod_openssl] check openssl func for NULL if mem err

[mod_*_dbi] proceed if third reconnect retry succeeds

[mod_ajp13] skip empty string (len == 65535)

[mod_ajp13] error if backend include LF in headers

[mod_deflate] translate '/' in etag to '~' for fn

[mod_deflate] mod_deflate_finished() shared code

[mod_authn_gssapi] warn if principal not in config

[mod_authn_gssapi] mod_authn_gssapi_construct_sprinc()

[core] support Range for QUERY

[multiple] make most module config thread-safe

[ci] tune build on freebsd

[mod_mbedtls] EC certs require drbg init

[ci] Bump actions/checkout from 5 to 6 (#147)

[multiple] quiet minor coverity warnings

[mod_extforward] HAProxy PROXY protocol extensions

[multiple] make most plugin objects instance-safe

[multiple] C99 designated initializers

[mod_auth] HTTP/2 response w/ multiple auth methods (fixes #3296)

[ci] Bump actions/cache from 4 to 5

[doc] add comment to lighttpd.service

[core] add .rst .xsl .xslt to builtin mimetype.assign (fixes #3295)

[build] support lua 5.5

[core] attribute_packed

[mod_extforward] fix reading 'verify' from PROXY (fixes #3298)

[mod_extforward] adjust reading 'verify' from PROXY (#3298)

[core] fix Range requests with dynamic backends

[core] adjust safety factor for max-connections (fixes #3299)

[core] quiet coverity false positive

[mod_boringssl] add more const

[mod_openssl] add more const

[mod_openssl] update openssl version EOL message

[TLS] add PQC hybrid KEM to default TLS groups

spelling suggestions from codespell (fixes #3303)

[mod_maxminddb] sanity check snprintf of flt,...