Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:changelog [2021/05/21 10:02]
Lucas Rolff Update builds
+++ litespeed_wiki:changelog [2024/03/19 21:03]
Michael Alegre Added release log info for LSWS v6.2.1 builds [1,2].
@@ Line 1: / Line 1: @@
 ====== LiteSpeed Web Server Changelog ======
+**Note:** If a build is missing, you're always able to find it here as well: https://groups.google.com/g/litespeed-edge-users
+===== Version 6.2.1 =====
+=== Build 2 ===
+  [Bug Fix] Address compatibility issues with older versions of nodejs.
+  [Bug Fix] Apply server level log rotation setting to modsec audit log.
+  [Bug Fix] Address a few corner cases in HTTP/3 (lsquic).
+=== Build 1 ===
+  [Bug Fix] Addressed an HTTP/3 0-RTT packet validation issue.
+=== Build 0 ===
+  [New Feature] Add hCaptcha support for reCAPTCHA validation.
+  [Improvement] Add support for .mjs nodeJS application startup file.
+  [Bug Fix] Address a crash related to SecRemoteRules handling.
+  [Bug Fix] Address a rare corner case causing HTTP/3 responses to hang.
+===== Version 6.2 =====
+=== Build 7 ===
+  [Bug Fix] Address a crash related to SecRemoteRules handling.
+=== Build 6 ===
+  [Bug Fix] Address broken auto index script introduced in build 5.
+  [Bug Fix] Address a potential HTTP/3 CPU spinning issue.
+  [Bug Fix] Address a false positive in install script that reports a port is in use.
+=== Build 5 ===
+  [Bug Fix] Do not force override LSAPI_MAX_IDLE_CHILDREN if set explicitly.
+  [Bug Fix] Address PHP 8.2 warning in directory auto index script.
+  [Bug Fix] Address an issue in handling custom status code.
+  [Bug Fix] Increase rewrite engine PCRE match limit to avoid PCRE_ERROR_MATCHLIMIT.
+  [Tuning] Add dark mode for server generated error page and directory index page.
+=== Build 4 ===
+  [Bug Fix] Fix a rare corner case in HTTP/3.
+  [Bug Fix] Fix "RewriteOptions IngoreInherit"
+  [Bug Fix] enable suEXEC for PHP 8.3 by default.
+=== Build 3 ===
+  [Bug Fix] Fix no-abort for CGI script.
+  [Bug Fix] Fix Redirect 410 handling.
+  [Bug Fix] Fix python application with long vhost name.
+  [Bug Fix] Fix CPU spinning caused by HTTP/3 corner case.
+=== Build 2 ===
+  [Bug Fix] Fix HTTP/3 session resumption bug introduced in 6.2 Build 1.
+=== Build 1 ===
+  [Security] Disable HTTP/2 when detecting a rapid reset attack.
+  [Improvement] Override server level per client connection soft limit with vhost level limit.
+  [Tuning] Limit pipe logger buffer size to 1MB.
+  [Bug Fix] Fix RackRunner.rb bug introduced in 6.1.2 build 8.
+  [Bug Fix] Fix minor mod_security issues.
+=== Build 0 ===
+  [New Feature] Update HTTP/3 implementation to support QUICv2 protocol.
+  [New Feature] mod_security engine now has an option to use RE2 instead PCRE regex engine.
+  [New Feature] Add vhost level max request body length and max dynamic response length configurations.
+  [New Feature] Add vhost level dedicated PHP handler configuration option.
+  [New Feature] Add support for rewrite flags "BNP", "backrefnoplus", "BCTLS", and "BNE".
+  [Improvement] Improve reCAPTCHA custom error page handling to avoid expensive dynamic processing.
+  [Improvement] Add missing access log format following Apache spec.
+  [Improvement] Enhance Apache expression support with dynamic regular expression matching.
+  [Improvement] Apache expression support in RewriteCond.
+  [Improvement] Virtual host level reCAPTCHA trigger by concurrent connections.
+  [Security] More strict request header validation.
+  [Bug Fix] Fix a compatibility issue with Rack version >3.0 for Ruby applications.
+  [Bug Fix] Allow use of stdout/stderr as log file names.
+  [Bug Fix] Address large request header compatibility issue with PHP-FPM.
+  [Tuning] Add PHP 8.3 support.
+  [Tuning] Lift default virtual memory limit for external applications.
+  [Bug Fix] Minor bug fixes to cache engine, mod_security engine, and request handling.
+===== Version 6.1.2 =====
+=== Build 8 ===
+  [New Feature] Add support for rewrite flags "BNP", "backrefnoplus", "BCTLS", and "BNE".
+  [Bug Fix] Fix cp_switch_ws.sh switch back to Apache failure.
+  [Bug Fix] Fix a compatibility issue with Rack version >3.0 for Ruby applications.
+  [Bug Fix] Allow use of stdout/stderr as log file names.
+  [Bug Fix] Fix a mod_security engine Multi-thread race condition.
+=== Build 7 ===
+  [Bug Fix] Address a bug in expression parser introduced in build 5.
+=== Build 6 ===
+  [Bug Fix] Address a bug in RewriteCond expression parser.
+  [Bug Fix] Address a bug in SSI engine.
+=== Build 5 ===
+  [Improvement] Enhance Apache expression support with dynamic regular expression matching.
+  [Improvement] Apache expression support in RewriteCond.
+  [Improvement] Virtual host level reCAPTCHA trigger by concurrent connections.
+  [Bug Fix] Fix FreeBSD + ZFS crash due to unsupported posix_fallocate() syscall.
+  [Tuning] Add PHP 8.3 support.
+  [Tuning] Tweak graceful restart to avoid being killed by systemd during service restart.
+=== Build 4 ===
+  [Security] Properly handle multiple HOST headers.
+  [Tuning] Lift default virtual memory limit for external applications.
+  [Improvement] Add "wordpress_logged_in_*" session cookie detection.
+  [Bug Fix] Address two rare crashes relating to ESI handling.
+=== Build 3 ===
+  [Improvement] Improve reCAPTCHA custom error page handling to avoid expensive dynamic processing.
+  [Bug Fix] Address broken Plesk feature "deny access to the site".
+  [Bug Fix] Improve install script to now automatically install missing dependencies.
+=== Build 2 ===
+  [Security] Address request header smuggling over HTTP/2 and HTTP/3.
+  [Bug Fix] Address broken FastCGI POST for large request body, introduced in 6.1.2 build 1.
+=== Build 1 ===
+  [New Feature] Add vhost level max request body length and max dynamic response length configurations.
+  [New Feature] Add vhost level dedicated PHP handler configuration option.
+  [Improvement] Install necessary ruby-lsapi gem package for alt-ruby 3.1+.
+  [Bug Fix] Address large request header compatibility issue with PHP-FPM.
+  [Bug Fix] Address a false positive for per client soft limit blocking.
+=== Build 0 ===
+  [Improvement] Allow total header sizes > 64KB.
+  [Improvement] Add support for websocket upgrade using <LocationMatch> and ProxyPassMatch (used by Plesk).
+  [Improvement] Add support for Unix domain socket proxy target address (used by DirectAdmin).
+  [Bug Fix] Address a corner case in LSAPI 304 response handling.
+  [Bug Fix] Address unique ID duplication in mod_security audit log.
+  [Bug Fix] Address a corner case in mod_security request header matching.
+  [Bug Fix] Address a license key verification issue during server reboot.
+  [Bug Fix] Update ls-qpack to address a corner case.
+  [Bug Fix] Address a request header parser corner case for a look-alike header.
+  [Bug Fix] Address broken mailman support for Plesk
+  [Bug Fix] Address two corner cases in layer 4 proxy.
+  [Bug Fix] Address an issue with proxy forwarding to the Plesk admin panel.
+  [Tuning] Better handling of buggy HTTP/2 clients with poor flow control implementations.
+===== Version 6.1.1 =====
+=== Build 0 ===
+  [New Feature] Add SSL strict SNI mode option to fail SSL connections when there is no vhost level SSL certificate.
+  [New Feature] Add a vhost level AllowBlockedUrl option to allow blocked URL passthrough.
+  [Improvement] Add support for unix domain socket for redis dynamic vhost.
+  [Improvement] Update WebAdmin Console login to use BCRYPT password hash.
+  [Improvement] Add support for "Require local" configuration directive.
+  [Bug Fix] Avoid blocking on socket read for internal fetcher.
+  [Bug Fix] Address broken "RewriteOption inherit" corner case.
+  [Bug Fix] Address duplicate unique ID field in mod_security audit log.
+  [Bug Fix] Address a python application frequent restart issue.
+  [Bug Fix] Address a python application upload hang issue.
+  [Bug Fix] Fix SecRemoteRules certificate verification failure.
+  [Bug Fix] Fix broken sub-directory password protection configuration for Plesk WordPress toolkit.
+  [Bug Fix] Address an issue switching apache/lsws systemd unit file for Plesk.
+  [Bug Fix] Address an issue with Plesk watchdog monitoring httpd service.
+===== Version 6.1 =====
+=== Build 6 ===
+  [Bug Fix] Adjust unix domain socket address length for PHP suEXEC handler.
+=== Build 5 ===
+  [Bug Fix] Address a python application upload hanging issue.
+  [Bug Fix] Fix SecRemoteRules certificate verification failure.
+  [Bug Fix] Fix broken sub-directory password protection configuration for Plesk WordPress toolkit.
+=== Build 4 ===
+  [Bug Fix] Address a crash when handling .htaccess updates.
+=== Build 3 ===
+  [Bug Fix] Address an issue switching apache/lsws systemd unit file for Plesk.
+  [Bug Fix] Address an issue with Plesk watchdog monitoring httpd service.
+=== Build 2 ===
+  [Improvement] ARM64 (aarch64) package is now available.
+  [Improvement] Update WebAdmin Console login to use BCRYPT password hash.
+  [Bug Fix] Update php3_mode and php4_mode for DirectAdmin panel in script cp_switch_lsws.sh.
+=== Build 1 ===
+  [Improvement] Add support for "Require local" configuration directive.
+  [Bug Fix] Avoid blocking on socket read for internal fetcher.
+  [Bug Fix] Address broken "RewriteOption inherit" corner case.
+  [Bug Fix] Update lsquic to v3.3.1 to address a corner case hang caused by flow control congestion.
+=== Build 0 ===
+  [New Feature] Add PROXY protocol support.
+  [New Feature] Add custom response status code support.
+  [New Feature] Apply OOMScoreAdjust for lsws service to avoid being OOM killed.
+  [New Feature] Trigger reCAPTCHA through mod_security engine via an environment variable.
+  [Improvement] Inherit .htaccess belonging to parent context.
+  [Improvement] Make SSI environment available to included CGIs/scripts.
+  [Improvement] Add conditional access logging using Expression.
+  [Improvement] Configurable reCAPTCHA timeout.
+  [Improvement] Add "DisableForwardedIpBan" Apache style configuration directive to avoid blocking IPs forwarded by front-end proxies.
+  [Improvement] Enhance 'disableCgiOverride' to cover options +ExecCGI and +Include.
+  [Improvement] Add Apache style configurations "LogKeepDays" and "LogCompressArchive".
+  [Improvement] Escape multiline STDERR messages.
+  [Improvement] Detect update failures in lsup.sh.
+  [Improvement] Improve WebAdmin Console realtime stats with a new JavaScript library.
+  [Bug Fix] Set "HOME" environment for CGI/External apps when possible.
+  [Bug Fix] Fix connection timeout false-positives for active HTTP3 connections.
+  [Bug Fix] Fix domain limited licensing for Plesk servers.
+  [Bug Fix] Update lsquic to v3.3.0 .
+  [Tuning] Disable TLSv1.1 by default.
+===== Version 6.1RC3 =====
+=== Build 0 ===
+  [New Feature] Add custom response status code support.
+  [New Feature] Apply OOMScoreAdjust for lsws service to avoid having the server killed when low on memory.
+  [Improvement] Escape multiline STDERR messages.
+  [Improvement] Add "DisableForwardedIpBan" Apache style configuration directive to avoid blocking IPs forwarded by front-end proxies.
+  [Bug Fix] Address a few corner cases in HTTP/3 implementation.
+  [Bug Fix] Address an HTTP/2 decoder bug.
+  [Bug Fix] Include all bug fixes applied to 6.0.12 stable releases.
+===== Version 6.1RC2 =====
+=== Build 0 ===
+  [New Feature] PROXY protocol support.
+  [Improvement] Make SSI environment available to included CGIs/scripts.
+  [Improvement] Enhance 'disableCgiOverride' to cover options +ExecCGI and +Include.
+  [Improvement] Better handling of content-type with charset.
+  [Improvement] Add "x-frame-options" header for reCAPTCHA page.
+  [Bug Fix] Inherit .htaccess belonging to parent context.
+  [Bug Fix] Address bad target URL with native proxy configuration for '/' context.
+  [Bug Fix] Avoid installing Ruby Rack 3.0 gem to avoid compatibility issues.
+  [Bug Fix] Avoid using IPv6 mapped IPv4 addresses for HTTP/3 connections.
+  [Bug Fix] Address memory leak in QUIC SHM.
+===== Version 6.1RC1 =====
+=== Build 1 ===
+  [New Feature] Add "LSPHP_ProcessGroup unmanaged" mode to support php-fpm like services for Apache vhost.
+  [Bug Fix] Address an HTTP/2 header value compliance corner case that caused broken curl HTTP/2 connections.
+  [Improvement] Add support for alt-python 3.10.
+  [Bug Fix] Address HTTP/3 corner cases with lsquic v3.1.4 update.
+=== Build 0 ===
+  [New Feature] Trigger reCAPTCHA through mod_security engine via an environment variable.
+  [Improvement] Add parent context .htaccess inheritance.
+  [Improvement] Add conditional access logging using Expression.
+  [Improvement] Configurable reCAPTCHA timeout.
+  [Improvement] Add "LogKeepDays", "LogCompressArchive" Apache style configurations.
+  [Tuning] Disable TLSv1.1 by default.
+  [Bug Fix] Set "HOME" environment for CGI/External apps when possible.
+  [Bug Fix] Update lsquic to the latest v3.1.2 release.
+  [Bug Fix] Include all bug fixes applied to 6.0.12 stable releases.
+===== Version 6.0.12 =====
+=== Build 13 ===
+  [Bug Fix] Detect and ignore truncated log file path for DirectAdmin.
+  [Bug Fix] Fix broken server switching script for cPanel + Ubuntu.
+  [Bug Fix] Do not count Plesk internal Virtual Hosts against license domain limit.
+  [Bug Fix] Fix broken connection timeout for HTTP/3 connections.
+=== Build 12 ===
+  [Bug Fix] Address default charset issue for static files. (Introduced in v6.0.12 build 4)
+  [Bug Fix] Address a mod_security corner case.
+=== Build 11 ===
+  [Improvement] Add support for PHP 8.2 handler auto-detection.
+  [Bug Fix] Address broken lowercase transformation for certain mod_security variables.
+=== Build 10 ===
+  [Bug Fix] Properly handle "%{local}p" access log format.
+  [Bug Fix] Handle white spaces when detecting existing header values.
+  [Bug Fix] Fix broken "Trusted" IP configuration in .htaccess.
+  [Improvement] Add "x-frame-options" header for reCAPTCHA page.
+  [Improvement] Make SSI environment available to included CGIs/scripts.
+  [Bug Fix] Address crash in parsing bad rewrite map data.
+  [Bug Fix] Address memory leak in QUIC SHM.
+=== Build 9 ===
+  [Bug Fix] Address a response header bug introduced in build 8 that causes errors serving from cached page.
+=== Build 8 ===
+  [Bug Fix] Address malformed HTTP/1.1 response header caused by header value modification operations introduced in build 7.
+  [Bug Fix] Address bad target URL with native proxy configuration for '/' context.
+  [Bug Fix] Avoid installing Ruby Rack 3.0 gem (compatibility issues).
+  [Bug Fix] Avoid using IPv6 mapped IPv4 addresses for HTTP/3 connections.
+=== Build 7 ===
+  [Bug Fix]  Address an HTTP/2 header value compliance corner case that caused broken curl HTTP/2 connections.
+=== Build 6 ===
+  [Improvement] Add support for alt-python 3.10 .
+  [Bug Fix] Address HTTP/3 corner cases with lsquic v3.1.4 update.
+  [Bug Fix] Limit the size of unix domain socket address for PHP suEXEC handler.
+  [Bug Fix] Address a minor display issue in WebAdmin.
+=== Build 5 ===
+  [Bug Fix] Address a regression in SHM operations that caused random crashes, introduced in build 4.
+=== Build 4 ===
+  [Bug Fix] Minor corner case fixes in HTTP/3 protocol implementation.
+  [Bug Fix] Address bug in "AddDefaultCharset" support for all "text/*" MIME types.
+  [Bug Fix] More strict header filtering for HPACK/QPACK encoding to avoid protocol violations.
+  [Tuning] Disable TLSv1.1 by default.
+=== Build 3 ===
+  [Bug Fix] Address a random crash bug.
+  [Bug Fix] Address an auto index permissions issue for Redis mass vhosting.
+  [Tuning] No longer enable SPDY protocol by default.
+  [Bug Fix] Apply a minor fix to HTTP/3 protocol.
+=== Build 2 ===
+  [New Feature] Adjust external app OOM score via LS_OOM_SCORE_ADJ environment configuration.
+  [Bug Fix] Address a random crash in mod_security engine.
+  [Bug Fix] Address an SSL error handling problem to avoid high CPU usage.
+=== Build 1 ===
+  [Bug Fix] Address a chunked encoding parser bug that could cause an infinite loop.
+  [Bug Fix] Address a bug when processing delayed request bodies that could cause random crashes.
+  [Bug Fix] Address a suEXEC bug with native vhost configurations.
+  [Bug Fix] Update mod_security JSON audit log to include required data for imunify360 log parser.
+  [Tuning] Update log messages for bot detection to avoid confusion.
+=== Build 0 ===
+  [Security] Address a few crashes and memory leaks in HTTP/3 implementation.
+  [Security] Add more strict virtual host name validation in WebAdmin to address a potential XSS vulnerability.
+  [Improvement] Add server level control to return 404 or 403 when directory auto-index is disabled.
+  [Improvement] Better stale cache purge handling.
+  [Improvement] Add pagination for long auto indexed pages.
+  [Improvement] Support following ErrorDocument customizations in .htaccess for early stage internal errors.
+  [Tuning] Enable suEXEC for PHP 8.1 by default.
+  [Tuning] Do not enable cPanel HTTP server monitoring in update script.
+  [Tuning] Adjust internal shell scripts for better ubuntu compatibility.
+  [Bug Fix] Address broken alt-python application caused by the new way virtualenv was built.
+  [Bug Fix] Address broken vhost level mod_security configuration.
+  [Bug Fix] Address random crashes in mod_security engine.
+  [Bug Fix] Address a rare multi-threaded mod_security engine race condition.
+  [Bug Fix] Add more validation checks to avoid accidentally killing system process when stopping detached external application processes.
+  [Bug Fix] Improve auto index script to avoid calling function ini_set().
+  [Bug Fix] Address crashes in ESI/SSI engine.
+  [Bug Fix] Address POST cache issues.
+  [Bug Fix] Block request header "transfer-encoding: chunked" for HTTP/2 and HTTP/3.
+  [Bug Fix] Enforce HTTP authentication for OPTIONS requests.
+===== Version 6.0.11 =====
+=== Build 9 ===
+  [Security] Address a crash in HTTP/3 implementation.
+  [Improvement] Add server level control to return 404 or 403 when directory auto-index is disabled.
+  [Bug Fix] A few minor fixes to HTTP/3 implementation.
+  [Bug Fix] Address a bug in SSI engine that caused random crashes.
+  [Bug Fix] Address broken alt-python 2.7 applications.
+=== Build 8 ===
+  [Bug Fix] Address broken alt-python application caused by the new way virtualenv was built.
+  [Bug Fix] Address broken vhost level mod_security configuration.
+  [Bug Fix] Add more validation checks to avoid accidentally killing system process when stopping detached external application processes.
+  [Bug Fix] Improve auto index script to avoid calling function ini_set().
+  [Bug Fix] Address a rare multi-threaded mod_security engine race condition.
+  [Bug Fix] Address a crash in ESI/SSI engine.
+=== Build 7 ===
+  [Bug Fix] Address broken alt-python application.
+  [Bug Fix] Address POST cache issues.
+  [Bug Fix] Block request header "transfer-encoding: chunked" for HTTP/2 and HTTP/3.
+  [Bug Fix] Address an SSI engine crash.
+=== Build 6 ===
+  [Improvement] Better stale cache purge handling.
+  [Improvement] Add pagination for long auto indexed pages.
+  [Bug Fix] Address a random crash in mod_security engine.
+  [Tuning] Do not enable cPanel HTTP server monitoring in update script.
+  [Tuning] Adjust internal shell scripts for better ubuntu compatibility.
+=== Build 5 ===
+  [Bug Fix] Increase HTTP/3 max concurrent streams from 100 to 500 to work around a chrome bug.
+  [Bug Fix] Enforce HTTP authentication for OPTIONS requests.
+  [Bug Fix] Address a crash triggered by a debug log message.
+  [Misc] Update bundled lsws_whm_plugin_install.sh script and attempt to download the latest version of this script before use.
+=== Build 4 ===
+  [Security] Add more strict virtual host name validation in WebAdmin to address a potential XSS vulnerability.
+  [New Feature] Add CloudLinux alt-python3.9 support.
+  [Bug fix] Address a python application server configuration issue.
+  [Bug fix] Address a "sub request timeout" crash.
+=== Build 3 ===
+  [Bug Fix] Address a random crash when handling connection level timer events.
+  [Improvement] Support following ErrorDocument customizations in .htaccess for early stage internal errors.
+  [Tuning] Enable suEXEC for PHP 8.1 by default.
+=== Build 2 ===
+  [New Feature] Add "SecEngineHtaccessOverride on/off" directive to allow/disable turning on/off mod_security engine from .htaccess. Default to "on".
+  [New Feature] Add "ModSec19Compatible on/off" directive to support mod_security 1.9 style configurations. Default to "off".
+  [Bug Fix] Address a layer4 tunnel bug that was causing random crashes.
+  [Bug Fix] Address a random crash in handling connection level timer events.
+=== Build 1 ===
+  [Bug Fix] Address a vhost level mod_security engine control corner case.
+=== Build 0 ===
+  [New Feature] Add websocket proxy target support for rewrite rules.
+  [Improvement] Improve HTTP/2 upload throughput.
+  [Improvement] Improve HTTP/3 upload throughput.
+  [Bug Fix] Address HTTP/3 handshake failures.
+  [Bug Fix] Address an HTTP/1.1 request body chunk encoding corner case that caused unexpected 400 status for the next request made when over a keep-alive connection.
+  [Bug Fix] Throttle unnecessary lscache purges generated by LSCWP.
+  [Bug Fix] Improve cp_switch_ws.sh script compatibility with different shell interpreters.
+  [Bug Fix] Avoid caching incomplete/broken homepages for more than 1 minute.
+  [Bug Fix] Address broken vhost level private cache lookup configuration.
+===== Version 6.0.10 =====
+=== Build 2 ===
+  [Bug Fix] Address HTTP/3 handshake failures.
+  [Bug Fix] Improve HTTP/2 upload throughput.
+=== Build 1 ===
+  [Bug Fix] Address an HTTP/3 throughput regression introduced in v6.0.10.
+  [Bug Fix] Improve HTTP/2 upload throughput.
+  [Bug Fix] Throttle unnecessary lscache purges generated by LSCWP.
+  [Bug Fix] Improve cp_switch_ws.sh script compatibility with different shell interpreters.
+  [Bug Fix] Avoid caching incomplete/broken homepages for more than 1 minute.
+  [Bug Fix] Address broken vhost level private cache lookup configuration.
+=== Build 0 ===
+  [Improvement] Optimize SSL and HTTP/2 read speeds.
+  [Bug Fix] Address a few bandwidth throttling issues.
+  [Bug Fix] Address high CPU usage for server worker processes.
+  [Bug Fix] Address issues with ModSecurity logging and persistent variable handling.
+  [Bug Fix] Address a few minor HTTP/3 corner cases.
+  [Bug Fix] Convert chunked encoding request bodies for proxy backends.
+  [Bug Fix] Address a Server Side Includes corner case that could sometimes truncate large files.
+  [Bug Fix] Do not block client access if reCAPTCHA is not properly configured when using WP full protection.
+===== Version 6.0.9 =====
+=== Build 3 ===
+  [Bug Fix] Address a few minor HTTP/3 corner cases.
+  [Bug Fix] Avoid unnecessary error log warnings (introduced in v6.0.8).
+  [Bug Fix] Convert chunked encoding request bodies for proxy backends.
+  [Bug Fix] Address a Server Side Includes corner case that could sometimes truncate large files.
+  [Bug Fix] Do not block client access if reCAPTCHA is not properly configured when using WP full protection.
+=== Build 2 ===
+  [Bug Fix] Address "cannot find installed module for python application" regression (introduced in v6.0.9).
+=== Build 1 ===
+  [Bug Fix] Address mod_security request body scan getting randomly skipped (introduced in v6.0.8).
+=== Build 0 ===
+  [Bug Fix] Address cache engine corner case that randomly disabled cache or ignored purge requests.
+  [Bug Fix] Cache engine should no longer purge again when serving a cached page with purge headers.
+  [Bug Fix] Properly pass environment variables for python applications configured via CloudLinux python selector.
+  [Bug Fix] Update ea-ruby24 to ea-ruby27 for cPanel Ruby application manager.
+  [Bug Fix] Address POST requests randomly hanging.
+  [Bug Fix] "%{CONTENT_TYPE}" is now properly supported in Apache expressions.
+  [New Feature] Add support for 'LogRotationSize' Apache directive at the server level to control access log rotation.
+===== Version 6.0.8 =====
+=== Build 3 ===
+  [Bug Fix] Address SSI expression back reference crash.
+  [Bug Fix] Avoid long disk I/O blocking for cache storage cleaning up.
+  [Bug Fix] Tweak PHP handler mapping to only use alt-php handler when available.
+  [Bug Fix] Address target URL behavior change for conditional redirects.
+=== Build 2 ===
+  [Bug Fix] Address POST requests randomly hanging.
+  [Bug Fix] "%{CONTENT_TYPE}" is now properly supported in Apache expressions.
+  [New Feature] Add LogRotationSize Apache directive at the server level to control access log rotation.
+=== Build 1 ===
+  [Bug Fix]  Address a regression introduced in v6.0.8 that can cause random crashing.
+=== Build 0 ===
+  [Bug Fix] Address a mod_security corner case causing hanging worker processes.
+  [Bug Fix] Disable mod_security engine for requests rewritten to ReCAPTCHA.
+  [Bug Fix] Address an ESI encoding corruption bug that mainly affected Prestashop caching.
+  [Improvement] Internal redirects now carry over "Last-Modified" and "Content-type" response headers set by scripts.
+  [Improvement] Add "ProxyAddHeaders on|off" support to avoid sending "x-Forwarded-for" and "x-forwarded-host" proxy headers.
+  [Improvement] Add `CachePost on|off` support to allow POST cache configuration in Apache configuration files.
+  [Improvement] Avoid an unintended delay when processing the first request for a newly started PHP worker group.
+===== Version 6.0.7 =====
+=== Build 1 ===
+  [Bug Fix] Address an ESI encoding corruption bug that mainly affected Prestashop caching.
+=== Build 0 ===
+  [Bug Fix] Address additional random crashes in asynchronous mod_security engine.
+  [Bug Fix] Address an HTTP/3 sendfile corner case.
+  [Bug Fix] Address a problem with custom error page for OPTIONS request method.
+===== Version 6.0.6 =====
+=== Build 0 ===
+  [Bug Fix] Address a few random crashes in asynchronous mod_security engine.
+  [Bug Fix] Address random server hangs when AIO is in use
+  [Improvement] Cleanup SSL OCSP data cache folder.
+===== Version 6.0.5 =====
+=== Build 2 ===
+  [Bug Fix]  Address a random crash introduced in v6.0.5 build 1.
+=== Build 1 ===
+  [Bug Fix]  Address random server hangs when AIO is in use.
+=== Build 0 ===
+  [Bug Fix] Address a random crash with asynchronous mod_security engine.
+  [Bug Fix] Resolve a problem with sending truncated static files over HTTP/3 connections.
+  [Bug Fix] Resolve a problem with purging by URL.
+  [Bug Fix] Address a crash when handling decoded HTTP/2 headers.
+===== Version 6.0.4 =====
+=== Build 0 ===
+  [Bug Fix] Address a chrome HTTP/3 connection timeout issue for long running scripts.
+  [Bug Fix] Address a multi-thread race condition in mod_security engine.
+  [Bug Fix] Detect dead HTTP/2 connections during server cool-down.
+  [Bug Fix] Improve request/response header name validation to avoid HTTP/2 and HTTP/3 protocol violations.
+===== Version 6.0.3 =====
+=== Build 0 ===
+  [New Feature] Optionally enable UNIQUE_ID environment variable for Apache mod_unique_id compatibility.
+  [New Feature] Add server variable REDIRECT_REQUEST_METHOD for better Apache compatibility.
+  [Bug Fix] Address an infinite loop when processing conditional context expressions.
+  [Bug Fix] Address crashes in mod_security engine, SSL session cache, and response header processing.
+  [Bug Fix] Address LiteSpeed worker high CPU usage due to a malloc() spinlock dead lock.
+  [Bug Fix] Better follow PassengerAppLogFile configuration for Python/Ruby applications.
+  [Bug Fix] Follow server level compressible configuration for MIME types defined in .htaccess.
+  [Bug Fix] Improve chunk encoded request body handling for PHP scripts.
+  [Bug Fix] Minor tweaks to HTTP/3 protocol.
+===== Version 6.0.2 =====
+=== Build 2 ===
+  [Bug Fix] Address a crash in response header processing.
+  [Bug Fix] Better follow PassengerAppLogFile configuration for Python/Ruby applications.
+  [Bug Fix] Follow server level compressible configuration for MIME types defined in .htaccess.
+  [Bug Fix] Improve chunk encoded request body handling for PHP scripts.
+  [Bug Fix] Minor tweaks to HTTP/3 protocol.
+=== Build 1 ===
+  [Bug Fix] Address LiteSpeed worker high CPU usage due to a malloc() spinlock dead lock.
+=== Build 0 ===
+  [New Feature] Enable HTTP/3 v1 by default.
+  [Improvement] Allow header customization for reCAPTCHA pages.
+  [Bug Fix] Keep Firefox HTTP/3 connections alive for long running scripts.
+  [Bug Fix] Fix Ubuntu Plesk Grafana integration.
+  [Bug Fix] Conditional redirect configuration now works properly.
+===== Version 6.0.1 =====
+=== Build 0 ===
+  [New Feature] Add support for PassengerAppLogFile directive.
+  [New Feature] Add support for access log TTFB format "%^FB".
+  [Bug Fix] Python applications now have a higher priority than directory index.
+  [Bug Fix] Applied all bug fixes made through 6.0 build 12.
 ===== Version 6.0 =====
+=== Build 12 ===
+  [Bug Fix] Address 'HTTP2_PROTOCOL_ERROR' bug introduced in v6.0 build 11
 === Build 11 ===
   [Bug Fix] Properly apply whitelist for Quic.cloud and Cloudflare IPs when server level ACL is blank.
@@ Line 54: / Line 533: @@
 === Build 1 ===
   [Security] Fix a bug that allowed bypassing of built-in blocked URLs.
 === Build 0 ===
   [New Feature] HTTP/3 v1 support with with DPLPMTUD, Adaptive congestion control, Delayed ACK, and zero-copy packetization.
@@ Line 72: / Line 550: @@
   [Bug Fix] All applicable bug fixes from 5.4.X releases.
-=== RC3 ===
+===== Version 6.0RC3 =====
+=== Build 0 ===
   [New Feature] Support external application configuration using domain name for target address.
   [New Feature] HTTP/3 draft 32 support.
@@ Line 81: / Line 560: @@
   [Improvement] Fix various HTTP/3 congestion control corner cases to maximize throughput.
-=== RC2 ===
+===== Version 6.0RC2 =====
+=== Build 0 ===
   [New Feature] ModSecurity scan response body support.
   [New Feature] HTTP/3 draft 31 support.
@@ Line 88: / Line 568: @@
   [Major Improvement] Revamp of SSL Multi-Cert support.
-=== RC1 ===
+===== Version 6.0RC1 =====
+=== Build 0 ===
   [Major New Feature] Apache 2.4 conditional context <If> <Ifelse> <Else> support.
   [Major New Feature] Asynchronous mod_security engine.
@@ Line 97: / Line 578: @@
 ===== Version 5.4.12 =====
+=== Build 8 ===
+  [Bug Fix] Properly apply whitelist for Quic.cloud and Cloudflare IPs when server level ACL is blank.
+  [Bug Fix] Address vhost level rewrite rule false positives.
+  [Bug Fix] Correct a cPanel NodeJS application configuration problem.
+  [Bug Fix]  Fix Ubuntu Plesk Grafana integration.
 === Build 7 ===
   [Bug Fix] Address a native pipe logger configuration failure.
 === Build 6 ===
   [Bug Fix] Increase rewrite engine match limit to avoid unexpected mismatch.
 === Build 4 ===
   [Bug Fix] Address broken virtual host level reCAPTCHA sensitivity trigger.
 === Build 3 ===
   [Security] Fix a bug that allowed bypassing of built-in blocked URLs.
 === Build 2 ===
   [Bug Fix]  Correct problematic PCRE flag causing false positives in mod_security.
 === Build 1 ===
   [Bug Fix] Address external application command sanitizer blocking some PHP binary paths.
 === Build 0 ===
   [Security] Fix a bug that allowed bypassing of built-in blocked URLs.
   [Security] Block improperly configured user/group and commands for external apps.
@@ Line 134: / Line 612: @@
 ===== Version 5.4.11 =====
 === Build 9 ===
   [Security] Fix a bug that allowed bypassing of built-in blocked URLs.
   [Bug Fix] Address a random crash in Layer 4 forwarding to websocket backends.
@@ Line 143: / Line 620: @@
   [Bug Fix] Make "AddDefaultCharset" work for javscript and json response.
   [Tuning] Finetune vhost reCAPTCHA sensitivity.
 === Build 8 ===
   [Bug Fix] cPanel webmail proxy domain email attachment uploads no longer hang.
   [Bug Fix] Update wsgi-lsapi to v1.9 to address a unicode encoding problem for Django applications.
   [Bug Fix] Update bundled WHM plugin to v4.1.3.1.
   [Debug] Improve private PURGE debug log messages with private cookie values.
 === Build 7 ===
   [Security] Block improperly configured user/group and commands for external apps.
   [Bug Fix] Improve ESI parser to handle improperly escaped ESI directives.
   [Bug Fix] Fix NodeJS application helper script which may call undefined function.
   [Bug Fix] Avoid race condition when multiple workers try to start a detached external application.
 === Build 6 ===
   [Bug Fix] Properly support REQUEST_COOKIES collection in mod_security engine.
   [Bug Fix] Mod_security @rx operator now properly matches multi-line input.
@@ Line 165: / Line 636: @@
   [Bug Fix] Start Ruby applications through a login bash shell to apply the necessary shell environment variables.
   [Bug Fix] Update ruby-lsapi gem to 5.2 for alt-ruby and Plesk ruby installations.
 === Build 5 ===
   [Bug Fix] Use long delay for access logging when AIO logging is enabled.
   [Bug Fix] Only throttle POST requests to wp-login.php for WordPress brute force protection.
@@ Line 173: / Line 642: @@
   [Bug Fix] Corner case that caused chunked input streams to hang (introduced in 5.4.11 build 3.) has been fixed.
   [Improvement] Allow the unsetting of non-indexed requested headers via the "RequestHeader unset ..." directive.
 === Build 4 ===
   [Bug Fix] A timing issue with SSL ticket key rotation that causes brief SSL connection errors.
 === Build 3 ===
   [Bug Fix] Rewrite rule triggered reCAPTCHA causing rare server hang.
   [Bug Fix] Chunk decoding hanging issue for request body.
@@ Line 186: / Line 651: @@
   [Tuning] Default timeout for SSL session ticket set to 1 hour.
   [Tuning] Default umask set to 022.
 === Build 2 ===
   [Bug Fix] Matched Apache ModSecurity behavior by logging hits with "pass" action to error log.
   [Bug Fix] Fixed NodeJS application directory index for static content.
   [Bug Fix] Improved lsquic busy loop detection to avoid false positives.
   [Bug Fix] Log and auto correct the issue where Python application switches the directory for serving static content.
 === Build 1 ===
   [Bug Fix] Handle stream RESET in a timely manner for HTTP/3 and QUIC connections.
   [Bug Fix] Automatically add local IPv4 and IPv6 addresses to trusted IP list.
 === Build 0 ===
   [New Feature] Support for Apache configuration directive 'AuthMerging'.
   [Improvement] Support for RewriteCond operators added by Apache 2.4 which includes '>=' , '<=', '-eq' , '-ge' , '-gt', '-le' , '-lt', '-ne', '-h', '-L', and '-x'.
@@ Line 215: / Line 674: @@
 ===== Version 5.4.10 =====
 === Build 4 ===
   [Bug Fix] Do not load .htaccess from parent directories beyond document root when AllowOverride is disabled for those parent directories in Apache configuration.
   [Bug Fix] Address a crash in ESI sub request.
   [Bug Fix] Avoid restoring older system file backups if a switch back to Apache has been performed.
   [Bug Fix] Avoid throttling or blocking local IP.
 === Build 1 ===
   [Bug Fix] Allow default PHP handler to follow explicit configurations for DirectAdmin.
 === Build 0 ===
   [New Feature] Add ForceSecureCookie configuration directive to enforce "secure" and "SameSite" cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory's .htaccess file.
   [New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
@@ Line 253: / Line 706: @@
 ===== Version 5.4.9 =====
 === Build 4 ===
   [Improvement] Improve PHP default handler for DirectAdmin.
   [Bug Fix] Avoid stapling expired OCSP responses.
   [Bug Fix] HTTP3/IETF QUIC: close immediately if crypto session can't be initialized.
   [Bug Fix] Address a rare/random crash.
 === Build 3 ===
   [New Feature] Allow LiteSpeed Cache for WordPress plugin to use ESI combine sub-requests to improve ESI performance.
   [New Feature] Update cPanel plugin to automatically apply new ECC certificates generated through the plugin.
   [Bug Fix] Normalize IPv6 address to properly reuse existing listener sockets.
   [Bug Fix] Close down HTTP3/QUIC streams reset by peer in timely manner.
 === Build 2 ===
   [New Feature] New ForceSecureCookie configuration directive to enforce "secure" and "SameSite" cookie attributes. This directive can be set in an Apache config file at the server or vhost level, or in the document root directory's .htaccess file.
   [Bug Fix] Apply header operations for pages generated by python/nodejs applications.
@@ Line 277: / Line 724: @@
   [Bug Fix] Avoid releasing cache objects too early.
   [Bug Fix] Address a rare crash in ESI parser.
 === Build 1 ===
   [Feature] Apply Expires header to a partial response for a range request.
   [Bugfix] Force apply ACL configuration changes when client access level is cached in SHM.
   [Bugfix] For directory auto index, avoid a blank file name when special characters are in the name.
 === Build 0 ===
   [New Feature] WHM plugin 4.1 with Let's Encrypt ECC certificate support. QUIC.cloud integration with SSL certificates synchronization.
   [New Feature] Automatic CloudFlare CDN IP detection.
@@ Line 292: / Line 735: @@
 ===== Version 5.4.8 =====
 === Build 5 ===
   [Bug fix] Properly pass CHUNK encoded request body to script handler to address random file upload failure.
   [Bug fix] Addressed graceful restart failure when the server has many IPs in use and is forced to create listeners for individual IP.
 === Build 4 ===
   [New Feature] Control whether to wait for the full request body or not before passing requests to the request handler with new environment variable "wait-req-full-body". (Waiting allows the request handler to see the full request body immediately)
   [Tuning] Increase reCAPTCHA verified status timeout from 1-hour to 1-day.
   [Tuning] Increase .htaccess processing time limit from 500ms to 2.5sec to allow for the processing of larger .htaccess files.
 === Build 3 ===
   [Bug Fix] LiteMage cache object count is now more accurate.
   [Bug Fix] Address a few compatibility issues with Plesk admin console proxy through regular HTTPS access.
@@ Line 311: / Line 748: @@
   [Improvement] Protect WebAdmin listener port from duplicate regular listener configuration.
   [Improvement] Add Plesk git integration support.
 === Build 2 ===
   [Bug Fix] Address 404 error for reCAPTCHA verification.
   [Bug Fix] 'SetEnv' directive is now properly applied inside <Files> or <FilesMatch> contexts.
 === Build 1 ===
   [Bug Fix] Correct DirectAdmin PHP handler detection when "DirectAdmin" panel is selected under "PHP" config tab.
   [Bug Fix] WebSocket ProxyPass configuration now works correctly inside the <Location> context.
   [Bug Fix] Match Apache's Redirect behavior by discarding original query string if target URL has query string set.
 === Build 0 ===
   [New Feature] Add the ability to load an extra ECC certificate for an Apache virtual host when multi-cert support is enabled.
   [New Feature] Apply header modification configurations in .htaccess to dynamic responses for CloudLinux Python/Ruby/NodeJS selector application.
@@ Line 344: / Line 775: @@
 ===== Version 5.4.7 =====
 === Build 9 ===
   [Bug Fix] Correct a SHM memory allocation issue.
   [Bug Fix] Address a URL handling regression introduced in build 7 that affected NextCloud WebDAV clients.
 === Build 8 ===
   [New Feature] Use Client IP in Header can now be set to use the last IP listed in the X-Forwarded-For header for servers behind AWS ELB.
   [Bug Fix] Address cp_switch_ws.sh issues when switching back to Apache.
@@ Line 357: / Line 784: @@
   [Bug Fix] Correct a crash bug in cache engine.
   [Tuning] Separate IPv4 and IPv6 virtual hosts now share cached pages for the same domain.
 === Build 7 ===
   [New Feature] For CloudLinux Python/Ruby/NodeJS selector application, applies header modification configuration in .htaccess to dynamic response.
   [Bug Fix] A mod_security engine bug that causes random crash.
   [Bug Fix] A bug in access log format validation.
 === Build 6 ===
   [Bug Fix] Fixed Plesk log rotation issue when LSWS override Apache rc script with symbolic link.
   [Bug Fix] Fixed a crash when NodeJS default was not properly set in httpd_config.xml.
 === Build 5 ===
   [Security] Blocks overriding LD_PRELOAD environment variable from .htaccess.
   [Bug Fix] Fixed a corner case that causes hanging HTTP/2 response when bandwidth throttling is enabled.
   [Bug Fix] Properly apply UMASK configuration for external application.
 === Build 4 ===
   [New Feature] Added the ability to load extra ECC certificate for Apache virtual host when multi-cert support is enabled.
   [Improvement] New Ruby 2.0+ compatible RackRunner script for ruby-lsapi 5.0.
@@ Line 382: / Line 801: @@
   [Bug Fix] Minor bug fixes in cache engine.
   [Bug Fix] Minor bug fix in mod_security engine.
 === Build 3 ===
   [Bug Fix] Fixed an HTTP/2 protocol bug encountered when a PHP page failed without sending back a response header.
   [Bug Fix] Fixed an internal memory management bug that caused random crashing.
 === Build 2 ===
   [Bug Fix] Fixed an AJPv13 protocol bug that caused requests containing a request body to hang.
   [Tuning] Improved reCAPATCHA verification to make it compatible with WordPress password protected pages.
 === Build 0 ===
   [Security] Fixed a symbolic link attack in directory auto index script. Thank you KnownHost for the bug report. (CloudLinux user is not affected.)
   [New Feature] Added strict suEXEC and ownership checking on scripts.
@@ Line 410: / Line 823: @@
 ===== Version 5.4.6 =====
 === Build 5 ===
   [Bug Fix] Fixed a bug that reCAPTCHA was shown for the first access of an allowed robot.
   [Bug Fix] Added "Cache-Control: no-cache" for reCAPTCHA verify page to disallow CDN/proxy cache.
 === Build 4 ===
   [Bug Fix] Minimize interference with mandatory rewrite processing when bypassing favicon URL rewrite.
   [Tuning] Avoid triggering 503 errors when cPanel backend services (cpcontacts, webdisk, ...) are unavailable.
 === Build 3 ===
   [Bug Fix] Use request header value for RBL lookups.
   [Bug Fix] Fixed a configuration parser crash.
@@ Line 427: / Line 835: @@
   [Tuning] Automatically update /proc/sys/net/core/somaxconn to 1024, when server performs a fresh startup.
   [Tuning] Avoid adjusting external application process priority based on server's priority.
 === Build 2 ===
   [New Feature] Added strict suEXEC and ownership checks for scripts.
   [New Feature] Added ability to configure static/dynamic request per second limit for Apache vhost.
@@ Line 436: / Line 842: @@
   [Bug Fix] Fixed an HTTP/3 timestamp/ACK ping-pong bug.
   [Bug Fix] Fixed a bug causing extra delay when response has content length = 0.
 === Build 1 ===
   [Bug fix] Fixed a bug causing delayed .htaccess loading.
   [Bug fix] Fixed an HTTP/2 bug that sometimes delayed server response.
@@ Line 444: / Line 848: @@
   [Bug fix] Shared lib for lscmctl is now updated on server install/update.
   [Tuning] Prevent ports 443 and 80 for use as a WebAdmin listener.
 === Build 0 ===
   [New Feature] Updated HTTP/3 support to include h3-27.
   [Bug Fix] Fixed a bug that caused ProxyPass ws:// target to stop working for certain configuration combination.
@@ Line 460: / Line 862: @@
 ===== Version 5.4.5 =====
 === Build 3 ===
   [Bug Fix] Fixed a false positive that triggered ACL denied for Plesk.
   [Bug Fix] Fixed a regression that broke /tmp/lshttpd/swap auto cleanup.
@@ Line 468: / Line 868: @@
   [Bug Fix] Fixed a crash in ModSecurity using libinjection.
   [Tuning] No longer add ECDHE-RSA-AES128-SHA cipher automatically.
 === Build 2 ===
   [Bug Fix] Minor ModSecurity compatibility fixes.
   [Bug Fix] Prevent WebAdmin Console 503 error on centos8 by installing libnsl package automatically.
@@ Line 479: / Line 877: @@
   [Tuning] Downgraded some modsec log messages from "error" to "warning".
   [Bug Fix] Fixed a rewrite engine compatibility regression introduced in v5.4.4.
 === Build 1 ===
   [Bug Fix] mod_security @validateUrlEncoding operator has been turned off to avoid unnecessary false positives.
   [Bug Fix] Fixed a cache engine bug that broke the "Respect Cacheable" feature.
@@ Line 487: / Line 883: @@
   [Tuning] Made HTML pages generated by the auto index script responsive.
   [Tuning] Hid confusing required/restricted permission mask configurations in WebAdmin Console.
 === Build 0 ===
   [New Feature] Added support for IETF HTTP/3 draft 25 (h3-25).
   [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database.
@@ Line 509: / Line 903: @@
 ===== Version 5.4.4 =====
 === Build 8 ===
   [Bug Fix] In cPanel environment, disable rewrite bypass for Let's Encrypt verification requests if dedicate rewrite rule for 'acme-challenge' detected.
 === Build 7 ===
   [Bug Fix] Fixed a random crash that occurred during SSL handshakes.
   [Bug Fix] Fixed a bug that rarely cased CPU usage to climb to 99% when shutting down SSL connections.
 === Build 6 ===
   [Bug Fix] Fixed a NodeJS wrapper script bug that failed to handle startup files with absolute paths.
   [Bug Fix] Fixed a random reCAPTCHA verification failure with status code 500.
   [Bug Fix] External application process startup time is now reliably detected.
   [Bug Fix] Fixed a minor regression with AHO string search.
 === Build 5 ===
   [New Feature] Automatically patch Set-Cookie with 'secure' flag when served over HTTPS.
   [Bug Fix] Fixed a regression in Python/Ruby/NodeJS application 'tmp/restart.txt' marker file handling.
   [Bug Fix] Fixed a WebAdmin Console socket address validation bug.
   [Bug Fix] Fixed a corner case to load trusted IP configured in document root .htaccess before reCAPTCHA verification.
 === Build 4 ===
   [New Feature] Skip rewrite processing for Let's Encrypt verification requests.
   [Bug Fix] Fixed websockets hanging on upgrade.
@@ Line 540: / Line 924: @@
   [Bug Fix] Fixed .htaccess configuration changes failing to apply for Python/Ruby/NodeJS applications.
   [Bug Fix] Environment variable names are no longer converted to uppercase for Apache SetEnv directive.
 === Build 3 ===
   [New Feature] Added full Captcha protection for WordPress login page.
   [Bug Fix] Fixed a connection hang regression introduced in v5.4.4 build 2.
 === Build 2 ===
   [New Feature] Populate GEOIP_COUNTRY_CODE environment variable using IP2Location database.
   [Bug Fix] Minor bug fixes to ModSecurity engine.
 === Build 1 ===
   [Improvement] Fine tuned HTTP/3 and QUIC engine performance.
   [Improvement] Added 'cssDecode' and 'utf8toUnicode' transformations to ModSecurity engine.
@@ Line 560: / Line 938: @@
   [Update] Updated WHM plugin to v3.3.6.
   [Bug Fix] Minor bug fixes in ModSecurity engine.
 === Build 0 ===
   [New Feature] Added support for Google QUIC Q050.
   [Security] Improved WebAdmin Console security by strictly checking request URLs.
@@ Line 573: / Line 949: @@
 ===== Version 5.4.3 =====
 === Build 5 ===
   [Bug Fix] Fixed a regression for mod_security request parser introduced in 5.4.3 build 4.
   [Bug Fix] Fixed a crash due to memory mapped file being truncated.
 === Build 4 ===
   [Security] Improved WebAdmin console security by strictly checking request URL.
   [Bug Fix] Fixed a regression for FastCGI protocol support, introduced in 5.4.3 build 0.
   [Bug Fix] There are minor bug fixes for mod_security engine.
 === Build 3 ===
   [Bug Fix] Fixed a mutex dead-lock regression introduced in build 2 for AIO logging.
 === Build 2 ===
   [Bug Fix] Fixed a bug in AIO logging that caused access log stop working.
   [Bug Fix] Fixed a bug caused 100% CPU usage for FreeBSD.
   [Bug Fix] Removed an unnecessary CloudLinux CageFS mount point for "/tmp/lshttpd".
 === Build 1 ===
   [Bug Fix] Fixed a bug that caused HTTPS connections to stall when bandwidth throttling was enabled.
   [Bug Fix] Fixed an ESI/Litemage output corruption bug.
   [Tuning] Fine tuned keepalive timeout for detached PHP processes to reduce the number of idle PHP processes.
 === Build 0 ===
   [New Feature] Websocket backend support via the "ProxyPass" directive.
   [Enhancement] Improved WordPress brute force protection when facing large botnet attacks.
@@ Line 619: / Line 983: @@
 ===== Version 5.4.2 =====
 === Build 7 ===
   [Bug Fix] Fixed an HTTP/3 QUIC engine bug introduced in build 6 that could cause action connections to close at random.
   [Tuning] Updated HTTP/3 QUIC engine default congestion control method to CUBIC for better performance in good network conditions.
   [Tuning] Lowered WordpressProtect minimum limit from 5 to 2 to better pairing with reCAPTCHA verification.
 === Build 6 ===
   [Bug Fix] Fixed a few minor HTTP/3 and QUIC engine bugs.
   [Bug Fix] Fixed an HTTPS bug that caused a busy loop in FreeBSD.
@@ Line 633: / Line 993: @@
   [Bug Fix] Properly parse IPv6 mapped IPv4 addresses in request header.
   [Bug Fix] Fixed missing "REMOTE_USER" request environment variable when HTTP authentication is used.
 === Build 5 ===
   [Bug Fix] Fixed a bug that caused excessive buffering for HTTP/2 connection.
   [Bug Fix] Fixed a bug in QUIC, HTTP/3 engine that caused large file downloads to stall.
   [Bug Fix] Fixed a bug that caused random 404 error.
 === Build 4 ===
   [Bug Fix] Improved HTTP/3 draft 24 inter-operability with other HTTP/3 clients.
@@ Line 645: / Line 1003: @@
   [Bug Fix] Fixed a problem with utf-8 characters in request URLs for Python applications.
   [Bug Fix] Fixed a rare HTTP/2 connection stalling problem.
 === Build 3 ===
   [Bug Fix] Fixed a bug in mod_security engine @validateUrlEncoding operator resulting in false positives.
   [Bug Fix] Fixed a compatibility issue with Plesk's autodiscover feature.
   [Bug Fix] Fixed a random 404 error for NodeJS applications.
 === Build 2 ===
   [Enhancement] Improved Wordpress brute force protection when facing large botnet attacks.
@@ Line 657: / Line 1013: @@
   [Bugfix] Fixed a DirectAdmin userdir bug.
   [Bugfix] Fixed a Python application compatibility bug.
 === Build 1 ===
   [Bug Fix] Fixed a bug introduced in v5.4.2 build 0 where some mod_security rules could cause false positives.
   [Bug Fix] Fixed a bug that caused 503 errors when the configuration of python/node/ruby selector applications where updated.
   [Bug Fix] Minor bug fixes in QUIC and HTTP/3 engine.
 === Build 0 ===
   [New Feature] Updated QUIC implementation to support IETF HTTP/3 draft 23.
@@ Line 695: / Line 1049: @@
 ===== Version 5.4.1 =====
 === Build 8 ===
   [Improvement] Improved python application configuration to allow swapping applications on the same URL.
@@ Line 701: / Line 1054: @@
   [Bug Fix] Fixed a mod_security configuration bug that reordered some rules under certain conditions.
   [Bug Fix] Fixed a systemd warning under Plesk 18.0.
 === Build 7 ===
   [Improvement] Automatically disable HTTP/2, SPDY, and QUIC for CSF messenger vhost on port 8887.
@@ Line 707: / Line 1059: @@
   [Improvement] Added `lsws/logs/critical_alert` log file for writing common licensing problems that could cause LSWS to stop working.
   [Bug Fix] Fixed a compatibility issue with CloudLinux python selector.
 === Build 6 ===
   [Bug Fix] Fixed a bug introduced in build 5 that caused the server to crash when "require env xxxx" was used.
@@ Line 714: / Line 1065: @@
   [Improvement] Use 'pkill' instead of 'killall' in various scripts to minimize dependencies on installed system packages.
   [Improvement] Update "Alt-Svc" string for gQUIC advertising.
 === Build 5 ===
   [FEATURE] Enable SSL SHM session cache for Apache HTTPS vhost when server level SSH session cache is enabled.
@@ Line 721: / Line 1071: @@
   [BUGFIX] Make statistics more accurate for requests processed .
   [BUGFIX] Fixed a minor regression in 5.4 that performs redirect before rewrite when URL without a trailing slash pointing to a directory.
 === Build 4 ===
   [Improvement] Automatically restart running PHP processes after detecting PHP binary updates.
@@ Line 730: / Line 1079: @@
   [Bug Fix] Make per Apache vhost PHP 7.4 handler run in suEXEC mode.
   [Bug Fix] Fixed a bug reading CGI 'umask' configuration as an octal number.
 === Build 3 ===
   [Bug Fix] Fixed a .htaccess cache bug that caused the server's default PHP handler to be used instead of per-vhost suEXEC handlers.
@@ Line 738: / Line 1086: @@
   [Tuning] Reduced Brotli compression memory usage.
   [Tuning] Allow mapping www.TLD.com and TLD.com to different native virtual hosts.
 === Build 2 ===
   [New Feature] Added an option to allow generation of full real time status report, including idle virtual host and external app stats.
   [Bug Fix] Fixed an RBL compatibility issue with modsecurity rules from Imunify360.
@@ Line 747: / Line 1093: @@
   [Bug Fix] Fixed all LSPHP processes not being stopped when switching from LSWS to Apache.
   [Bug Fix] Fixed a QuicEngine bug that sometimes caused a server crash.
 === Build 1 ===
   [Improvement] Avoid reCAPTCHA verification on AJAX requests to minimize false positives.
   [Improvement] Make built-in error and reCAPTCHA verification pages responsive.
@@ Line 756: / Line 1100: @@
   [Bug Fix] Fixed a bug that caused broken non-keepalive HTTPS responses.
   [Bug Fix] Fixed a bug that caused WordPress brute force protection false positive.
 === Build 0 ===
   [Security] Addressed recent HTTP/2 DoS advisories (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md). Fixed CVE-2019-9516 ""0-Length Headers Leak"" vulnerability. Completely blocks unaffected attacks:  CVE-2019-9511 ""Data Dribble"", CVE-2019-9512 ""Ping Flood"", CVE-2019-9513 ""Resource Loop"", CVE-2019-9514 ""Reset Flood"", CVE-2019-9515 ""Settings Flood"", CVE-2019-9517 ""Internal Data Buffering"", and CVE-2019-9518 ""Empty Frames Flood"".
   [New Feature] Updated HTTP/3 support to Internet Draft 22.
@@ Line 770: / Line 1112: @@
 ===== Version 5.4 =====
 === Build 3 ===
   [Bug Fix] Fixed a bug that could cause truncated response bodies to be transferred over non-keepalive HTTPS connections. This usually affects front-end CDN services.
 === Build 2 ===
   [New Feature] Updated HTTP/3 support to Internet Draft 22 .
   [New Feature] Smart server PUSH uses cookies to track pushed assets, avoiding pushing the same asset repeatedly.
@@ Line 782: / Line 1120: @@
   [Improvement] Tuned reCAPTCHA verification to avoid requesting verification on image/css/js files.
   [Bug Fix] Minor bug fixes for 404 logging and some rare crashes.
 === Build 1 ===
   [Update] Updated cPanel/WHM plugins to v1.2.3.3 and v3.3.3.5 respectively.
   [Bug fix] Fixed a chunk encoding bug that could cause data corruption.
@@ Line 790: / Line 1126: @@
   [Bug fix] Fixed a QUIC engine bug that affected graceful restarts.
   [Bug fix] Fixed a BAN request method parsing bug.
 === Build 0 ===
   [Major Improvement] Massive HTTP/2 HTTPS performance boost (up to 5x faster than LSWS v5.3.x).
   [Major New Feature] Experimental HTTP/3 draft 20 support.
@@ Line 804: / Line 1138: @@
   [Improvement] Improved HTTP/2 stream prioritization for a better user browsing experience.
-=== RC4 ===
+===== Version 5.4RC4 =====
+=== Build 0 ===
   [New Feature] Support for SO_REUSEPORT for multi-worker license.
   [New Feature] HTTPS/QUIC handshake offloading.
@@ Line 813: / Line 1147: @@
   [New Feature] Experimental IETF QUIC draft-20.
-=== RC3 ===
+===== Version 5.4RC3 =====
+=== Build 0 ===
   [Major New Feature] Dynamic Virtual Host configuration through REDIS backend.
   [Major Improvement] Greatly improved HTTP/2 performance -- up to 7x faster than previous implementations.
@@ Line 820: / Line 1154: @@
   [Bug fix] All bug fixes and enhancements on 5.3.x branch included.
-=== RC2 ===
+===== Version 5.4RC2 =====
+=== Build 0 ===
   [Major New Feature] Dynamic virtual hosting through rewrite rules.
   [Improvement] Improved HTTP/2 performance.
@@ Line 828: / Line 1162: @@
   [Bug fix] Fixed a few server crash bugs.
-=== RC1 ===
+===== Version 5.4RC1 =====
+=== Build 0 ===
   [New Feature] Recaptcha verification for DDoS attack mitigation.
   [New Feature] Support for Ruby/Python/Nodejs applications in native configuration.
@@ Line 838: / Line 1172: @@
 ===== Version 5.3.8 =====
 === Build 6 ===
   [Update] Updated cPanel/WHM plugins v1.2.3.2 and v3.3.3.4 respectively.
   [Bug fix] Temporarily stop PHP processes with SIGKILL as a workaround for problems caused by clean shutdown logic added to PHP LiteSpeed SAPI v7.4.3.
   [Bug fix] Added websocket proxy support for cPanel and webmail subdomains in addition to WHM subdomains.
   [Bug fix] Fixed a QUIC engine bug and made QUIC more DoS attack resistant.
 === Build 5 ===
   [Bug Fix] Updated WHM plugin to v3.3.3.2 to fix a bug introduced in the previous version that caused most plugin actions to result in a PHP fatal error.
   [Bug Fix] To avoid server crash, PCLMUL will be disabled in the zlib library if the server CPU does not support PCLMUL instructions.
 === Build 4 ===
   [New feature] Web Cache Manager CLI support for DirectAdmin.
   [Bug fix] Fixed websocket proxy from https to ws:// backend; made WHM terminal work properly through proxy.
@@ Line 859: / Line 1187: @@
   [Bug fix] Updated WebAdmin code to avoid some E_STRICT warnings.
   [Bug fix] Fixed server PUSH parsing problem when 'Link' header contains multiple URLs.
 === Build 3 ===
   [Bug fix] Fixed an ACL bug occurring when environment variables are used in Allow/Deny configurations.
   [Bug fix] Fixed a request parser bug which caused the server to crash when a partition holding a temp file is out of space.
   [Bug fix] Fixed a cache engine bug that caused requests to certain URLs to hang.
 === Build 2 ===
   [Bug fix] Fixed a regression in PHP daemon mode that causes 503 errors.
 === Build 1 ===
   [Bug fix] Fixed an IP2Location configuration bug that could cause the server to crash during startup.
   [Bug fix] Fixed a bug with nested ESI subrequests that caused random crashes.
 === Build 0 ===
   [Security] Added built-in filter to block attempts at hacking LiteMage with crafted ESI requests.
   [New Feature] lscmctl script can now be used to install/uninstall the LiteSpeed Web Cache Manager user-end plugin for cPanel.
@@ Line 906: / Line 1226: @@
 ===== Version 5.3.7 =====
 === Build 8 ===
   [Bug Fix] Fixed a cache + ESI bug that could cause random crashes.
   [Bug Fix] Fixed a rewrite engine bug.
   [Bug Fix] Fixed a memory leak in the GeoIP module.
   [Bug Fix] Fixed a Plesk compatibility issue.
 === Build 7 ===
   [Improvement] Better WordPress brute force detection IP logging.
   [Improvement] Allow request header sizes greater than 32K.
@@ Line 923: / Line 1238: @@
   [Bug fix] Fixed an SSL OCSP stapling bug.
   [Bug Fix] Fixed broken server restart when port offset had been set.
 === Build 6 ===
   [New Feature] Added the ability to install/uninstall the LiteSpeed Web Cache Manager user-end plugin for cPanel using the lscmctl script.
   [Improvement] Fixed PHP handler compatibility issues with Plesk's updated configuration template.
@@ Line 932: / Line 1245: @@
   [Improvement] Cache engine now updates X-LiteSpeed-Cache-Control max-age value based on actual expire time when a front-end lscache proxy exists.
   [Improvement] Natively configured detached PHP process groups are now gracefully restarted.
 === Build 5 ===
   [New Feature] Recommend a plugin or broadcast a message to all discovered WordPress installations with the dash notify feature available in the lscmctl script and WHM plugin.
   [Improvement] Ignore <if> <else> <elseif> configuration contexts.
@@ Line 942: / Line 1253: @@
   [Bug Fix] Fixed freeBSD 100% cpu usage for kqueue event loops.
   [Bug Fix] Fixed a detached mode process manager bug that accidentally killed other lshttpd worker processes.
 === Build 4 ===
   [Improvement] Improved lsup.sh with stable tier.
   [Improvement] Improved NodeJS application compatibility and mod_passenger configuration handling.
@@ Line 950: / Line 1259: @@
   [Bug Fix] Added User-Agent and Referer headers to server pushed requests to avoid failing possible checks in a user's custom configuration.
   [Bug Fix] Implemented mod_security REQUEST_BODY as a dedicate variable.
 === Build 3 ===
   [Improvement] Improved rc-inst.sh to install systemd unit file for Plesk + Debain/Ubuntu.
   [Bug fix] Fixed an ESI engine memory management bug that caused random server crashes.
   [Bug fix] Fixed rewrite engine infinite loop when rewrite map file is stored in an NFS mount.
 === Build 2 ===
   [Bug Fix] Fixed a detached mode process manager bug introduced in build 1.
 === Build 1 ===
   [Security] Added built-in filter to block attempts to hack LitemMage with crafted ESI request.
   [Bug Fix] Fixed a detached mode process manager bug made killing other unrelated processes possible.
   [Bug Fix] Fixed an Apache SSL vhost SNI configuration bug.
   [Bug Fix] Fixed a QuicEngine bug that could cause broken responses.
 === Build 0 ===
   [Security] Fixed a XSS vulnerability in directory auto index script.
   [Improvement] Improved QUIC transport protocol performance and reliability.
@@ Line 995: / Line 1296: @@
 ===== Version 5.3.6 =====
 === Build 6 ===
   [Security] .rtreport no longer world readable.
   [Improvement] Improved QUIC transport protocol performance and reliability.
@@ Line 1003: / Line 1302: @@
   [Improvement] Made .rtreport symbolic links root owned to avoid LFD file warnings.
   [Bug Fix] Fixed inaccurate real-time statistics.
 === Build 5 ===
   [Update] Updated bundled WHM plugin to v3.2.0.3 and user-end cPanel plugin to v1.1.1.2.
   [Improvement] Improved lsup.sh script to check build number against latest build.
   [Bug Fix] Fixed systemd unit file lshttpd.service, by requiring network-online.target.
   [Bug Fix] Allow xx.xx.xx.xx/32 as valid IP in ACL configuration.
 === Build 4 ===
   [Update] Updated bundled WHM plugin to v3.2.0.2 and user-end cPanel plugin to v1.1.1.1 to address an integration issue with the recent LSCWP v2.9.3.
   [Bug Fix] Fixed a mod_security engine bug that was mistakenly skipping some rules for POST requests.
   [Bug Fix] Fixed an ESI engine bug that broke detection for looping includes, causing the server to run out of memory.
   [Bug Fix] Increased logging for detach mode process manager. A forced lock release will now occur if a dead lock is detected when starting detach mode processes.
 === Build 3 ===
   [Improvement] Improved ESI support for JSON responses.
   [Bug fix] Fixed rewrite engine bug where target URLs containing "../" could cause problems.
   [Bug fix] Fixed an external loop redirect detection bug.
   [Bug Fix] Fixed a mod_security bug stopping response headers from being logged to the audit_log.
 === Build 2 ===
   [Bug Fix] Fixed a regression that broke the "SetHandler" directive.
   [Bug Fix] OCSP cache directory now properly adjusted in chroot environments.
 === Build 1 ===
   [Improvement] Improved default configuration for servers with heavy disk I/O wait.
   [Bug Fix] Fixed a rewrite engine compatibility issue.
   [Bug Fix] Fixed a regression in "Redirect" directive handling.
   [Bug Fix] Fixed a QUIC engine bug when handling extra long response headers.
 === Build 0 ===
   [New Feature] lscmctl script can now be used to set custom server and virtual host cache roots with the 'setcacheroot' command.
   [Improvement] Added "ProxyPass"/"ProxyPassMatch" support for AJP backend.
@@ Line 1056: / Line 1343: @@
 ===== Version 5.3.5 =====
 === Build 9 ===
   [Bug Fix] Fixed a bug causing detached PHP processes to be stopped during graceful restarts.
 === Build 8 ===
   [Bug Fix] Fixed an OCSP response verification bug (introduced in the previous build) that caused crashing.
   [Bugfix] Fixed a bug in processing GeoIP2 mmdb database.
   [Bugfix] Fixed a bug introduced in 5.3.5 build 5 that breaks cPanel/WHM redirect to closest matched domain feature.
 === Build 7 ===
   [Enhancement] Added extra validation on OCSP response to avoid outdated response for newly renewed certificate.
   [Integration] Made LSWS compatible with Apache configuration generated by cPanel v78.
   [Bug Fix] Fixed AddHandler directive behavior to be the same as AddType.
 === Build 6 ===
   [New Feature] Added "ProxyPass"/"ProxyPassMatch" support for AJP backend.
   [New Feature] Added support for "IP:port" in "X-Forwarded-For" header.
@@ Line 1080: / Line 1359: @@
   [Bug Fix] Applied a SecRemoteRules fix to avoid rule file corruption.
   [Bug Fix] Fixed a bug that could cause a blank response body for pre-compressed content.
 === Build 5 ===
   [Update] Updated default welcome page content.
   [Bug Fix] Fixed a SecRemoteRule handling bug.
@@ Line 1088: / Line 1365: @@
   [Bug Fix] Fixed an awstats integration bug that broke dynamic page generation mode.
   [Bug Fix] Fixed an infinite loop bug that occurred with badly configured contexts.
 === Build 4 ===
   [Improvement] Reliably switch back to Apache when there is a LiteSpeed licensing problem.
   [Improvement] Added back support for SecFilterEngine and SecFilterScanPOST directives for backward compatibility.
   [Bug Fix] Stopped PHP error logging into error log when stderr.log is disabled.
 === Build 3 ===
   [Bug Fix] Fixed a bug that causes excessive requests to OSCP responder.
   [Bug Fix] Fixed a bug that failed to handle some types of Node.js selector configurations.
   [Bug Fix] Fixed a bug that failed cPanel two factor authentication.
   [Bug Fix] Fixed a bug in LiteMage combined subrequest handling.
 === Build 0 ===
   [Improvement] Improvements to HTTP/2, QUIC, and rewrite engine.
   [Bug Fix] HTTP/2, QUIC, and rewrite engine bug fixes.
@@ Line 1110: / Line 1381: @@
 ===== Version 5.3.4 =====
 === Build 8 ===
   [Bug Fix] Fixed a rewrite engine bug introduced in 5.3.4 build 7, which could cause ERR_SPDY_PROTOCOL_ERROR and redirect problems.
 === Build 7 ===
   [Improvement] Improved mod_rewrite compatibility.
   [Improvement] Improved QUIC engine by dynamically adjust batch size of outgoing packets.
 === Build 5 ===
   [Improvement] Improved PHP process abort feature to occur in a more timely manner.
   [Bug Fix] Fixed an HTTP/2 engine bug that caused connections to reset under certain situations.
 === Build 4 ===
   [Improvement] Improved mod_security engine with UNIQUE_ID support.
   [Update] Disabled 503 auto fix by default.
@@ Line 1133: / Line 1396: @@
   [Bug Fix] Fixed incompatible behavior with Python selector support.
   [Bug Fix] Fixed a license information display bug in WebAdmin Console.
 === Build 2 ===
   [Improvement] Improved compatibility for WebCache manager.
   [Bug Fix] This build include a fix for gQUIC v044 support
 === Build 1 ===
   [Improvement] Improved NODEJS support.
   [Improvement] Detect curl + HTTP/2 combination and disable HTTP/2 for future access.
   [Update] Updated WHM plugin to v3.1.3.2 to address a compatibility issue with newer versions of the LSCWP plugin.
   [Update] Updated cPanel user-end plugin to v1.0.2.1 to address a compatibility issue with newer versions of the LSCWP plugin.
 === Build 0 ===
   [MAJOR NEW FEATURE] Added support for Google QUIC v44.
   [NEW FEATURE] Improved Ruby/Python selector support and apply engine version changes on the fly.
@@ Line 1162: / Line 1419: @@
 ===== Version 5.3.3 =====
 === Build 3 ===
   [Bug Fix]  Fixed a mod_security engine bug that caused incorrect behavior with the comodo ruleset.
 === Build 2 ===
   [Bug Fix] Made adjustments to PHP handler configuration to fix broken PHP selector.
   [Bug Fix] Fixed a memory leak in HTTP/2.
   [Bug Fix] Fixed a crash when parsing Apache configuration.
 === Build 0 ===
   [Bug Fix] Emergency release to ignore faulty rewrite rule introduced by cPanel