LSWS 4.2.12 Released — Addresses New OpenSSL Vulnerability

Status
Not open for further replies.

Michael

Well-Known Member
Staff member
#1
Howdy all,

We released LSWS 4.2.12 yesterday. It includes a lot of little bug fixes and functionality upgrade for specific use cases. The most important addition for most, though, is that we've updated the version of OpenSSL LSWS statically links to to address the latest OpenSSL vulnerability. (I hope this doesn't become a monthly occurrence...)

More information about the OpenSSL bug can be found in our latest blog post.

Here are the other changes from the release log:
  • Improved LSCache module: Cache storage directory can be set at vhost level.
  • Improved compatibility with Apache configuration when Include directive is used inside a <Files...> or <Location...> context.
  • Improved static file handling in NFS to avoid trouble caused by silly rename.
  • Improved HTTPS proxy with client SNI support.
  • Fixed a bug causing a slow memory leak.
  • Fixed a bug in the ModSecurity engine ipMatchFromFile directive. Comments in IP list configuration file are ignored now.
  • Fixed a bug in tracking children processes in FreeBSD when "start through CGI daemon" is used.
  • Fixed a bug in HTTPS proxy which failed to properly handle HTTP/1.0 style connection close to end a response.
  • Other minor bug fixes based isolated bug reports.
As always, the release will only be available through direct download and lsup for a few days while we address any initial bugs. It will then be moved to autoupdate (available through the WebAdmin console and control panels) after that initial period.

Cheers,

Michael
 
Status
Not open for further replies.
Top