LiteSpeed Web Server
Release Log

LiteSpeed Web Server is constantly updated with new features and bug fixes.

Release Date Type
LSWS 5.1.16 6-2-2017 Security & Bug Fixes
  • [SECURITY] Fixed a bug in the auto index script.
  • [INTEGRATION] Updated CloudLinux LVE limit for WebAdmin Console users to get around 503 errors caused by CloudLinux kernel changes.
  • [BUGFIX] Fixed mod_security @rbl and skipAfter breaking with certain chained rules.
  • [BUGFIX] Fixed a bug in chunk input stream used by POST requests.
LSWS 5.1.15 4-11-2017 Feature Enhancements & Bug Fixes
  • [SECURITY] Fixed an XSS attack vulnerability in the WebAdmin error log viewer.
  • [IMPROVEMENT] Improved mod_security engine with better support for file inspection at the response header phase.
  • [BUGFIX] Fixed a bug in HTTP/2 that caused random protocol errors.
  • [BUGFIX] Fixed a bug in the cache engine that caused the wrong cache root to be used in shared hosting environments.
  • [BUGFIX] Fixed a compatibility issue with cPanel v64 subdomain redirects.
  • [BUGFIX] Fixed a bug that caused missing "PATH" environment for PHP processes started via PHP suEXEC.
  • [BUGFIX] Fixed a bug in the cache engine where partial responses could be cached with a 206 status code.
LSWS 5.1.14 3-22-2017 Feature Enhancements & Bug Fixes
  • [New Feature] Added support for the 444 status code, which can be used to defend against DoS attacks by immediately closing the connection.
  • [Improvement] A 403 response is now used for directory auto indexing, when the server is denied access to a directory.
  • [Big Fix] Fixed a bug that caused service interruptions during graceful restarts.
LSWS 5.1.13 2-17-2017 Security Updates
  • [Security] Protected against focused DDos attacks detected on 02/17/17.
LSWS 5.2RC2 2-13-2017 Feature Enhancements
  • [New Feature] Added support for HTTP/2 Server Push.
LSWS 5.1.12 1-25-2017 Feature Enhancements, Security Updates, & Bug fixes
  • [Security] Removed DES-CBC3-SHA from default cipher suite to avoid failing current PCI scan.
  • [Improvement] Improved mod_security log messages to use variable values.
  • [Improvement] New WHM plugin icon set.
  • [Bug Fix] Fixed uneven load distribution problem with round-robin load balancing.
  • [Bug Fix] Worked around issues that broke Web Cache Manager WordPress scan for certain sites.
  • [Bug Fix] Fixed a bug that broke rewrite rule inheritance.
  • [Bug Fix] Fixed a problem with Plesk roundcube email access.
  • [Bug Fix] Improved server stability with minor bug fixes.
LSWS 5.2RC1 1-9-2017 Feature Enhancements
  • [New Feature] Added support for CloudLinux ruby/python selector.
LSWS 5.1.11 12-15-2016 Major Feature Enhancements, Bug Fixes
  • [Bugfix] Fixed an issue where cPanel killed LiteSpeed when applying configuration changes, such as adding an add-on domain or sub domain.
  • [Bugfix] Fixed an issue with DirectAdmin running suEXEC CGI under a directory.
  • [Bugfix] Fixed a bug that clears WordPress theme configuration when enabling/disabling the LSCache plugin via the Web Cache Manager.
  • [IMPROVEMENT] Improved the LSCache engine regarding cache vary and stale purge.
LSWS 5.1.10 11-7-2016 Major Feature Enhancements, Bug Fixes
  • [Major Improvement] Improved LiteMage first page load speed for new visitors by avoiding going through the backend.
  • [Improvement] Improved cache purging capability: private cache entries can now be purged with public tags and multiple cache purge response headers are accepted.
  • [Improvement] Improved PHP suEXEC setup when used with control panels, defaults to Process Group mode with fine-tuned process keepalive timeout, Auto Start in CGI deamon Async mode.
  • [Improvement] Improved WebCache Manager to scan WordPress installations faster and more accurately.
  • [Bugfix] Improved server stability with minor bug fixes.
LSWS 5.1.9 9-28-2016 Feature Enhancements, Bug Fixes
  • [SECURITY] Updated bundled OpenSSL to 1.0.2j to address CVE-2016-6304 and a few other minor vulnerabilities.
  • [IMPROVEMENT] WHM WordPress Cache Manager has been improved.
  • [BUGFIX] Fixed a bug that broke remote LSPHP external application configurations.
  • [BUGFIX] Fixed a SHM bug that caused the server to crash.
LSWS 5.1.8 9-14-2016 Feature Enhancements, Bug Fixes
  • [New Feature] Added a cache object tracker that can timely remove expired cache objects, keeping statistics accurate.
  • [New Feature] Added Etag support for cached objects. 304 is returned if the object has not been updated.
  • [New Feature] Added support for HTTP/2 with front-end SSL off-loading proxy using HAProxy.
  • [IMPROVEMENT] WordPress Cache Manager for WHM has been improved.
  • [BUGFIX] Fixed issues with cPanel EA4 integration.
  • [BUGFIX] Fixed a bug where "no-cache" being set via a rewrite rule did not stop the page from being served from cache.
  • [BUGFIX] Fixed a bug in DirectAdmin integration where incorrect server variables were used for PHP suEXEC.
  • [BUGFIX] Fixed a crash during OCSP responder querying.
LSWS 5.1.7 7-18-2016 Feature Enhancements, Security Updates, & Bug fixes
  • [SECURITY] Automatically block HTTPOXY attacks with no configuration needed.
  • [New Feature] Added authentication realm protection for real-time status report's direct query interface.
  • [New Feature] Added CloudLinux mod_proctitle style output in real-time status report.
  • [IMPROVEMENT] Fixed SSL OCSP stapling for Apache vhosts using CA certificates configured by SSLCACertificateFile to verify the OCSP response.
  • [IMPROVEMENT] Updated the default configuration for cPanel installations to make them compatible with EA4 and CloudLinux PHP selector.
  • [IMPROVEMENT] Updated Plesk default configuration to use pre-built lsphp binaries.
  • [BUGFIX] Fixed a bug caused by MMAPed file being truncated that resulted in crashing.
  • [BUGFIX] Fixed a bug in serving compressed ESI objects from cache.
  • [BUGFIX] Fixed a bug in SSI engine that caused SSI scripts to hang.
  • [BUGFIX] Fixed a bug where cache would not follow cache-vary updates through rewrite rules.
  • [BUGFIX] Fixed a bug that caused crashing when serving requests from LiteMage Cache.
  • [BUGFIX] Fixed a bug in serving cached objects compressed with the DEFLATE method.
LSWS 5.0.19 7-18-2016 Feature Enhancements, Security Updates, & Bug fixes
  • [SECURITY] Automatically block HTTPOXY attacks with no configuration needed.
  • [New Feature] Added authentication realm protection for real-time status report's direct query interface.
  • [New Feature] Added CloudLinux mod_proctitle style output in real-time status report.
  • [IMPROVEMENT] Updated the default configuration for cPanel installations to make them compatible with EA4 and CloudLinux PHP selector.
  • [IMPROVEMENT] Updated Plesk default configuration to use pre-built lsphp binaries.
  • [BUGFIX] Fixed a bug in serving compressed ESI objects from cache.
  • [BUGFIX] Fixed a bug in SSI engine that caused SSI scripts to hang.
  • [BUGFIX] Fixed a bug where cache would not follow cache-vary updates through rewrite rules.
  • [BUGFIX] Fixed a bug that caused crashing when serving requests from LiteMage Cache.
  • [BUGFIX] Fixed a bug in serving cached objects compressed with the DEFLATE method.
LSWS 5.1.6 6-8-2016 Bug fixes
  • Fixed a bug in mod_security engine that returned "100 continue" code for rules including the "allow" action.
  • Fixed over-sensitive assertions that caused the server to abort.
  • Fixed a bug in OpenSSL 1.0.2h that caused server crashes.
  • Fixed a bug in Server Side Include engine that caused some SSI scripts to hang.
  • Fixed a bug in HTTP/2 that caused some virtual streams to hang under high traffic.
  • Fixed a bug in SPDY that caused trouble for safari 8.
LSWS 5.0.18 6-8-2016 Bug fixes
  • Fixed a bug in OpenSSL 1.0.2h that caused server crashes.
  • Fixed a bug in Server Side Include engine that caused some SSI scripts to hang.
  • Fixed a bug in HTTP/2 that caused some virtual streams to hang under high traffic.
  • Fixed a bug in SPDY that caused trouble for safari 8.
LSWS 5.1.5 5-21-2016 Feature enhancements and bug fixes
  • New feature: LiteMage cache data is now stored in a pre-compressed format to save disk space.
  • New feature: WordPress cache WHM integration for more easily enabling/disabling caching for WordPress installations at the server level.
  • Major improvement: Improved scalability of per-user cache storage in shared hosting environments.
  • Updated openssl to 1.0.2h.
  • Included other minor bug fixes from the 5.0.x branch.
LSWS 5.0.17 5-10-2016 Feature enhancements and bug fixes
  • Added support for serving pre-compressed LiteMage pages.
  • Added Apache style configuration directive ‘HtaccessCacheTimeout’ to control how often .htaccess is checked for updates.
  • Updated openssl to 1.0.2h.
  • Fixed a bug causing file descriptor leaks when cache objects are updated.
  • Fixed a bug where configuration broke PHP configuration override in .htaccess.
  • Fixed a LiteMage private session bug that broke some test cases in Magento's performance test suite.
LSWS 5.0.16 4-20-2016 Feature enhancements and bug fixes
  • Added logging and importing of cache purge events to restore SHM-based cache manager.
  • Fixed a bug in HTTP/2 that caused inaccurate count of active streams.
  • Fixed a bug in mod_security engine where a "drop" action could block a trusted IP.
  • Improved OCSP stapling error handling to avoid repeat error messages.
  • Fixed a bug that caused memory corruption.
LSWS 5.0.15 3-24-2016 Feature enhancements and bug fixes
  • Fine-tuned the default cache policy to allow caching for requests with query string and cookie.
  • Set the “LSCACHE_VARY” environment variable for the backend when cache vary was set by rewrite rules. This is to work around cache vary problems when multiple web applications run under one domain.
  • Fixed a bug where server level cache policy was ignored when server level cache root was not set.
  • Fixed a bug that caused the auto-index script to run as the “webapps” user for DirectAdmin, which caused a failure to index the directory due to permission denied.
LSWS 5.1.4 3-1-2016 Feature enhancements and bug fixes
  • New feature: detect and block abusive server IPs through proxy/CDN, added vhost level configuration to adjust connection hard limits.
  • Improved HTTP/2 streams priority implementation to avoid head-of-line blocking.
  • Improved handling of regular cache-control response header to enable cache if response is public cacheable.
  • Improved vhost cache root configuration by allowing vhost level variables: $vh_name, $vh_domain and $vh_user.
  • Fixed bug that prevents Vhost cache root from being cleaned automatically.
LSWS 5.0.14 3-1-2016 Feature enhancements and bug fixes
  • New feature: detect and block abusive server IPs through proxy/CDN, added vhost level configuration to adjust connection hard limits.
  • Improved HTTP/2 streams priority implementation to avoid head-of-line blocking.
  • Improved handling of regular cache-control response header to enable cache if response is public cacheable.
  • Improved vhost cache root configuration by allowing vhost level variables: $vh_name, $vh_domain and $vh_user.
  • Fixed bug that prevents Vhost cache root from being cleaned automatically.
  • Fixed a bug in mod_security engine.
LSWS 5.1.3 2-11-2016 Feature enhancements and bug fixes
  • New Feature: Added support for the lsc-cookie response header which can be used to cache "Set-Cookie" headers.
  • New Feature: Added an Apache style "CacheLookup" directive which only turns on cache lookup.
  • Improved mod_security audit log format to make it compatible with cPanel "ModSecurity Tools".
  • Improved handling of "Range" requests. LSWS now sends back a 304 response if conditions are met.
  • Fixed an Apache compatibility problem where global level contexts were not properly applied to vhosts.
  • Re-added the "Connection: keep-alive" response header to satisfy online testing tools.
  • Fixed a bug in "Digest" authentication implementation.
  • Fixed reported server crashes.
LSWS 5.0.13 2-11-2016 Feature enhancements and bug fixes
  • New Feature: Added support for the lsc-cookie response header which can be used to cache "Set-Cookie" headers.
  • New Feature: Added an Apache style "CacheLookup" directive which only turns on cache lookup.
  • Improved mod_security audit log format to make it compatible with cPanel "ModSecurity Tools".
  • Improved handling of "Range" requests. LSWS now sends back a 304 response if conditions are met.
  • Fixed an Apache compatibility problem where global level contexts were not properly applied to vhosts.
  • Re-added the "Connection: keep-alive" response header to satisfy online testing tools.
  • Fixed a bug in "Digest" authentication implementation.
LSWS 5.1.2 1-28-2016 Feature enhancements and bug fixes
  • [Security] Updated bundled OpenSSL lib to 1.0.2f to address the concern of CVE-2016-0701, older version is not vulnerable as SSL_OP_SINGLE_DH_USE was turned on.
  • Improved compatibility with cPanel + centos 7 setup, preventing Apache from being started by cPanel.
LSWS 5.0.12 1-28-2016 Feature enhancements and bug fixes
  • [Security] Updated bundled OpenSSL lib to 1.0.2f to address the concern of CVE-2016-0701, older version is not vulnerable as SSL_OP_SINGLE_DH_USE was turned on.
  • Improved compatibility with cPanel + centos 7 setup, preventing Apache from being started by cPanel.
LSWS 5.1.1 1-18-2016 Feature enhancements and bug fixes
  • [Security] Fixed a bug reported by Netsparker that allowed request header injection when mod_userdir was enabled.
  • Cleaned up HTTP/2 NPN/ALPN strings which now only use the "h2" signature.
  • Fixed all reported bugs that cause crashes.
LSWS 5.0.11 1-18-2016 Feature enhancements and bug fixes
  • [Security] Fixed a bug reported by Netsparker that allowed request header injection when mod_userdir was enabled.
  • Improved handling of REFRESH cached page requests from LiteMage crawler.
  • Improved handling of requests from googlebot crawling LiteMage cached pages to reduce server load.
  • Cleaned up HTTP/2 NPN/ALPN strings which now only use the "h2" signature.
  • Fixed a systemd issue affecting server deployment and hosting control panels on centos7.
LSWS 5.1 1-13-2016 Feature enhancements and bug fixes
  • Updated mod_security engine with support for @rbl and @inspectfile operators.
  • Improved mod_security engine performance.
  • Added SSL OCSP Stapling support through Apache httpd.conf.
  • Added shared SSL Session Cache and SSL Ticket synchronization.
  • Added multi-certificate support for using RSA, DSA, and ECC certificates simultaneously for the same domain.
  • Fixed systemd issue affecting server deployment and hosting control panels on centos7.
LSWS 5.1RC3 1-5-2016 Feature enhancements and bug fixes
  • Improved mod_security engine performance.
  • Improved server stability.
  • Included all applicable enhancements and bug fixes from 5.0.x release branch.
LSWS 5.0.10 12-24-2015 Feature enhancements and bug fixes
  • Added support for the LSCache plugin for WordPress.
  • Added support for the 308 status code.
  • Fixed a bug that returned status code 200 for PHP-based custom error pages.
  • Fixed a bug that caused incorrect ownership of the access log file of an Apache vhost when "Just In Time Config" was enabled.
  • Fixed a bug that caused a "net::ERR_INCOMPLETE_CHUNKED_ENCODING" error in Chrome.
LSWS 5.0.9 12-1-2015 Feature enhancements and bug fixes
  • Added new cache policy configurations for LSCache to enable cache lookup while Public/Private Cache is disabled.
  • Improved mod_security engine to avoid blocking the server process.
  • Fixed a bug introduced in 5.0.8 that broke Apache SSL vhost SNI.
LSWS 5.0.8 11-12-2015 Feature enhancements and bug fixes
  • Improved Apache configuration parser with faster parsing speed and lowered memory usage.
  • Added CHACHA SSL cipher support.
  • Fixed vhost level chroot feature.
  • Fixed missing Etag header in 304 response.
  • Minor bug fixes in mod_security engine.
LSWS 5.1RC2 11-10-2015 Feature enhancements and bug fixes
  • Added SSL OCSP Stapling support through Apache httpd.conf.
  • Added shared SSL Session Cache and SSL Ticket synchronization.
  • Added Multi-Certificate support for using RSA, DSA, and ECC certificates simultaneously for the same domain.
  • Bug fixes and improvements to mod_security engine.
LSWS 5.1RC1 10-13-2015 Major feature enhancements
  • Completely reworked request processing flow to allow pausing/resuming at different stages.
  • Updated mod_security engine with support for @rbl and @inspectfile operators.
LSWS 5.0.7 10-6-2015 Feature improvements and bug fixes
  • Improved LSCache to allow adding cache-vary values with a rewrite rule.
  • Improved ESI subrequest implementation.
  • Added SIGBUS handler for SIGBUS being triggered during the saving of a response body to cache (running out of disk space).
  • Fixed bug in Litemage ESI implementation that prevented cache-vary on cookie from working properly.
  • Fixed bug in mod_security engine that broke the @contains operator.
LSWS 5.0.6 9-23-2015 Feature improvements and bug fixes
  • HTTP/2 implementation improved to be more strictly compliant with RFC 7540.
  • "DisablePhpOverride", an Apache configuration directive, added to turn off PHP configuration override in .htaccess.
  • Max size of page cache objects increased to 10MB.
  • Minor bug fixes.
LSWS 5.0.5 8-17-2015 Feature improvements and bug fixes
  • Enhancement: Reduced usage of file backed MMAP I/O for buffering large request and response bodies.
  • Enhancement: Added support for alternative ESI syntax as a work around for issues in LiteMage.
  • Fixed a bug that introduced unnecessary disk I/O synchronization when saving large response bodies to page cache.
  • Fixed a bug causing performance issues during a graceful restart.
  • Fixed two bugs in the Server Side Includes engine, one causing missing included content, and the other causing failure to execute CGI.
  • Other minor bug fixes.
LSWS 5.0.4 8-5-2015 Feature improvements and bug fixes
  • Added Cache Purge-by-URL through a special response header.
  • Improved mod_security engine to have clear separation of rules belonging to different processing phases. Added support for "GEO:XXXX" collection.
  • Improved Page Cache engine to correctly process and cache ESI injected AJAX responses. (used by LiteMage)
  • Fixed bug in Server Side Includes engine that did not set original "QUERY_STRING" environment for the "exec cgi" directive.
  • Fixed Max dynamic response body size limit, was previously ignored causing a server crash when running out of memory.
  • Changed initial max size limit of .htaccess from 10MB to 2MB to avoid blockage when processing large .htaccess files.
LSWS 5.0.3 7-22-2015 Feature improvements and bug fixes
  • Improved Client IP address updating for CloudFlare proxied requests. Now using "CF-Connecting-IP" header instead of "X-Forwarded-For".
  • Improved LiteMage Cache with automatic cache root directory clean up.
  • Fixed a regression in rewrite engine that broke some existing rewrite rules when upgrading from LSWS 4.2.x.
  • Fixed bug in processing Apache httpd configuration that prevented context defined at server level from being effective for virtual hosts.
  • Fixed bug in HTTP Range request processing.
  • Added a SIGBUS signal handler to catch and fail affected requests gracefully.
LSWS 5.0.2 7-9-2015 Feature improvements and bug fixes
  • Updated OpenSSL to 1.0.2d to address (CVE-2015-1793).
  • Improved HTTP/2 implemenation.
  • Improved mod_security engine to work better with OWASP core rule set.
  • Improved compatibility with Plesk 12 control panel.
  • Fixed a bug in Rewrite engine that may trigger 503 errors by cPanel autoconfig/autodiscover feature.
LSWS 4.2.24 7-9-2015 Feature improvements and bug fixes
  • Updated OpenSSL to 1.0.1p to address (CVE-2015-1793).
  • Improved mod_security engine to work better with OWASP core rule set.
  • Improved compatibility with Plesk 12 control panel.
  • Fixed a bug in Rewrite engine that may trigger 503 errors by cPanel autoconfig/autodiscover feature.
LSWS 5.0.1 6-26-2015 Feature improvements and bug fixes
  • Added PHP7 support for PHP suEXEC.
  • Updated OpenSSL to 1.0.2c.
  • Fixed various HTTP/2 and SPDY related bugs.
  • Fixed various broken internal features: internal redirect, CloudLinux LVE, cache handler, etc.
  • Fixed a few LiteMage related issues.
LSWS 5.0 4-17-2015 Major feature enhancements
  • HTTP/2 support.
  • SPDY/2, 3, and 3.1 support.
  • ESI and LiteMage Cache support.
  • Virtual host-level bandwidth throttling with mod_bw compatibility.
  • WebSocket proxy functionality.
  • CPU Affinity setting.
  • Extra build numbers added onto version numbers and supported through lsup command.
LSWS 4.2.23 4-17-2015 Feature improvements and bug fixes
  • New Feature: Added support for Apache directive Allow/Deny env=[!]env-variable.
  • Improvement: mod_security audit logging can log request body now.
  • Bug Fix: Changes in SSL renegotiation protection broke HTTPS proxy backend.
  • Bug Fix: Autoindex script used wrong encoding for "&" character in directory name.
LSWS 4.2.22 3-17-2015 Feature improvements and bug fixes
  • Improvement: Added option to select default DH Key size to avoid SSL handshake error with older Java clients.
  • Improvement: Apache configuration compatibility with SuexecUserGroup and SSLInsecureRenegotiation directives.
  • Improvement: Avoid parsing bad shtml files that can cause server memory problem.
  • Bug Fix: <DirectoryMatch...> causes PHP suEXEC malfunction.
  • Bug Fix: Slow memory leak in mod_security engine.
  • Bug Fix: Crash caused by long variable value in mod_security engine.
  • Other minor improvements and bug fixes.
LSWS 5.0 RC3 3-11-2015 HTTP/2 support, feature improvements, and bug fixes
  • Added HTTP/2 draft 14-17 implementation.
  • ESI engine and LSCache improved to better support partial page caching.
  • Fixed a bug in bandwidth throttling.
  • All improvements and bugs fixed in 4.2.15-4.2.21 releases.
LSWS 4.2.21 1-15-2015 Feature improvement and bug fixes
  • Improved DirectAdmin compatibility — added ability to change user ID inside context of Apache configuration.
  • Fixed bugs in Server Side Include engine.
  • Fixed a bug causing Apache Header directive to not work properly when used inside a directive.
  • Fixed a bug in HTTP authentication using Apache htpasswd generated password hash.
  • Fixed a bug in handling MIME-type strings with upper-case letters.
  • Fixed a bug in AIO logging causing an infinity loop.
  • Fixed a bug in Aho-Corasick string search implementation.
LSWS 4.2.20 12-19-2014 Feature improvement and bug fixes
  • New feature: Automatically redirect to HTTPS if a HTTPS port is accessed as HTTP.
  • Fixed a bug in Apache configuration parsing that disables mod_security engine.
  • Fixed Apache httpd wrapper script bug that causes problem with cPanel 11.46 mod_security Tools.
  • Fixed a bug that creates swap directory with wrong permission mask.
  • Fixed a bug that causes trouble for serving cached gzipped content to Facebook Crawler.
LSWS 4.2.19 11-12-2014 Improvements for high I/O wait and bug fixes
  • New features to improve server performance when I/O wait is high: asynchronous logging mode and start external process in asynchronous mode through CGI daemon.
  • Improved mod_security engine to allow using variables in depricatevar and expirevar actions.
  • Fixed a bug in HTTPS proxy that causes 503 errors.
  • Fixed a bug that causes GZIP compression not to be used for certain dynamic pages.
  • Fixed a bug in parsing CacheEnable/CacheDisable directives.
LSWS 4.2.18 10-15-2014 Security update and minor improvements and bug fixes
  • Upgraded OpenSSL to 1.0.1j to address vulnerabilities in 1.0.1i.
  • SSLv3 turned off by default for HTTPS virtual hosts.
  • Improved bandwidth logging by combining write() system calls.
  • Improved autoindexing script.
  • Fixed systemd unit description script.
  • Fixed minor bug in mod_security engine.
LSWS 4.2.17 10-3-2014 Bug fixes
  • Added more CGI environment variables for SSL Client authentication.
  • Fixed a bug that breaks "Require user user1 user2" Apache directive.
  • Fixed a bug causing 403 error for Server Side Include pages.
  • Fixed a bug causing issues when one user misses a </limit> tag in one .htaccess file.
  • Fixed a bug causing Smart Keep-Alive feature to not work for js files with MIME type application/javascript.
  • Fixed a bug in MP4 random seek.
  • Removed an OpenSSL patch which broke SSL handshake with some clients.
LSWS 4.2.16 9-25-2014 Security patch
  • Addresses Shellshock Bash vulnerability (CVE-2014-6271 and CVE-2014-7169).
LSWS 5.0 RC2 9-23-2014 Virtual host-level bandwidth throttling, improved stability, and bug fixes
  • Added virtual host-level bandwidth throttling.
  • Improved stability of ESI and SPDY implementation
  • Fixed a bug that turns off gzip compression for FireFox when SPDY is in use.
  • All bugs fixed in 4.2.8-4.2.15 releases.
LSWS 4.2.15 9-23-2014 Improved efficiency and bug fixes
  • Improved Apache configuration parsing speed and memory efficiency.
  • Default SSL cipher list has been tuned to score an "A" on online SSL tests.
  • Added suffix 'php6' to available PHP suEXEC suffixes.
  • Fixed a bug in OCSP stapling result verification.
  • Fixed a bug in HTTP range request handling.
  • Minor bug fixes and fine tunings.
LSWS 4.2.14 8-6-2014 Bug fix
  • Improvement: Added support for Apache mod_env and mod_setenvif.
  • Bug fix: Fixed bug causing cPanel account suspension to erroneously apply to accounts partially matching suspended account name.
LSWS 4.2.13 7-28-2014 Feature enhancements and bug fix
  • Improvement: Rewrite engine can add a local proxy target automatically if called for in rewrite rules. Node.js hosting on a local server no longer requires manual set up.
  • Improvement: LiteSpeed-specific LSPHP_MaxWaitQ directive added. Specifies PHP external application wait queue limit. Exceeding this limit triggers a 508 "Resource Limit Has Been Reached" error.
  • Improvement: IndexIgnore directive for directory autoindexing is now supported.
  • Improvement: "SetEnv PHPRC=<path_to_php_runtime_config>" can be used to customize php.ini path in Apache vhost configuration files.
  • Improvement: Fixed issues with mod_userdir caused by cPanel 11.44.
  • Bug Fix: Fixed mod_security bug that caused server crash.
LSWS 4.2.12 6-9-2014 Security update with feature enhancements and bug fixes
  • Security: Updated statically linked OpenSSL library to 1.0.1h to address newly discovered vulnerability in OpenSSL 1.0.1g.
  • Improved LSCache module: Cache storage directory can be set at vhost level.
  • Improved compatibility with Apache configuration when Include directive is used inside a <Files...> or <Location...> context.
  • Improved static file handling in NFS to avoid trouble caused by silly rename.
  • Improved HTTPS proxy with client SNI support.
  • Fixed a bug causing a slow memory leak.
  • Fixed a bug in the mod_security engine ipMatchFromFile directive. Comments in IP list configuration file are ignored now.
  • Fixed a bug in tracking children processes in FreeBSD when "start through CGI daemon" is used.
  • Fixed a bug in HTTPS proxy which failed to properly handle HTTP/1.0 style connection close to end a response.
  • Other minor bug fixes based on isolated bug reports.
LSWS 4.2.11 5-13-2014 Bug fixes
  • Fixed a bug with HTTP proxying introduced in 4.2.10 while adding support for HTTPS targets.
  • Fixed a bug with Apache AddType directive introduced in 4.2.10.
  • Fixed a bug with processing of Apache <IfDefine ...> tag.
  • Workaround added for FreeBSD security feature that prevented LSWS server process from checking status of PHP processes when sysctrl security.bsd.see_other_uids was turned off.
LSWS 4.2.10 5-5-2014 Feature enhancements and bug fixes
  • New feature: Added support for HTTPS proxy backend. (cPanel proxy subdomains over HTTPS work.)
  • New feature: Added logic to tolerate missing "-" at the beginning or ending of an SSL certificate and key file.
  • New feature: Added logic to escape special characters in access log following Apache's method.
  • New feature: Added support for <IfDefined> context in Apache httpd.conf.
  • Improved detection of HTTPS request to an HTTP port. Reduces blocking due to "Bad Request".
  • Fixed bug: Running LiteSpeed process could not apply new expiration date for an updated license key.
  • Fixed bug: Apache and LiteSpeed have different values for SERVER_PORT behind an HTTP proxy.
  • Fixed bug: Block Bad Request setting could not be turned off from WebAdmin console.
LSWS 4.2.9 4-8-2014 Critical security patch
  • Security patch to fix OpenSSL Heartbleed bug.
LSWS 4.2.8 3-28-2014 Feature enhancements and minor bug fixes
  • Added IP-based licensing.
  • Added ability to purchase LiteSpeed Cache as an add-on. (Coming soon!)
  • Enhanced "external application no abort" feature to allow uninterrupted PHP script execution during server restarts.
  • Updated default error template.
  • Fixed minor bugs in rewrite engine.
  • Fixed bug: Expires headers could not be added to dynamic response.
LSWS 5.0 RC1 2-18-2014 Major feature enhancements
  • Added SPDY/2, 3, and 3.1 support.
  • Added ESI support.
  • Added WebSocket proxy functionality.
  • Added CPU Affinity setting.
LSWS 4.2.7 1-24-2014 Feature enhancements
  • Allow root owned file in PHP suEXEC mode.
  • Improved mod_security compatibility.
  • Enabled custom php.ini via PP_CUSTOM_PHP_INI environment variable (used in Plesk PHP-FPM Apache configuration).
  • Added support for VH_USER variable in external application environment variable configuration.
  • Apache binary wrapper will remove itself if LSWS is uninstalled.
  • Improved SSI engine.
  • Minor Apache .htaccess compatibility fixes.
LSWS 4.2.6 11-22-2013 Feature enhancement and minor bug fixes
  • Improved handling of resource limits to avoid generating 508 error pages when possible. After resource limits have been reached, requests will instead be re-queued until resources become available.
  • Fixed bug: Failure to detect all IPv6 addresses.
  • Fixed bug: Multiple <Files ...> <FilesMatch ...> directives in different .htaccess files along a path were processed in the wrong order.
  • Fixed bug: Server crash when an .htaccess file has been updated while it is still referenced by a long running request.
  • Fixed bug: suEXEC ProcessGroup mode set at the virtual host level fails to override server level suEXEC Daemon mode.
LSWS 4.2.5 10-30-2013 Major feature enhancements and minor bug fixes
  • Added just in time Apache vhost configuration to improve server startup speed.
  • Major improvements and bug fixes and in mod_security engine: added more transform functions, better variable collection handling, added IP match operators, added MATCHED_VARS support.
  • Added new PHP suEXEC ProcessGroup mode to create per-account process groups using the LiteSpeed-specific Apache-style directives "LSPHP_ProcessGroup" and "LSPHP_Workers". It is PHP selector-compatible and opcode caching friendly.
  • Improved CloundLinux compatibility — return 508 error page when resource limit has been reached.
  • Rack/Rails: added per-application environment configurations for Rack/Rails context to better support RVM gemset setup.
  • Bundled OpenSSL library has been upgraded to 1.0.1e with support for TLSv1.1 & TLSv1.2 ciphers.
  • Automatically detect and skip very large .htaccess file that can stall server processes.
  • Enabled skipping "File Not Found" logging in error log via rewrite environment variable "dontlog".
  • Added support for "Charset" in Content-Type header for autoindex pages.
  • Fixed bug in handling symbolic race condition when "Strict File Ownership" (equivalent to CloudLinux SecureLink) is enabled. (Special thanks to Rack911.)
  • Fixed bug allowing create/overwrite arbitrary file as root user via crafted symbolic link. (Special thanks to Rack911.)
  • Fixed bug in handling IPv6 address used in Apache httpd.conf.
  • Fixed bug in SSI engine causing LAST_MODIFIED variable to use wrong timestamp.
  • Fixed bug in rewrite engine with URL encoding.
LSWS 4.2.4 8-6-2013 Major feature enhancements and minor bug fixes
  • Added Python WSGI support (Apache mod_wsgi equivalent).
  • LSWS will now switch back to Apache automatically when license expires.
  • Added OCSP stapling support for SSL.
  • Added a feature that moves realtime status reports to the RAM disk to avoid blocking lshttpd process in high I/O wait situations.
  • Automatically restart PHP suEXEC daemon if killed or crashed to avoid 503 errors.
  • OpenSSL AESNI hardware acceleration enabled for x86_64-Linux platform.
  • LSAPI STDERR logging is now disabled when STDERR logging is disabled in configuration.
  • Improved Redirect directive processing to make "Redirect 301/..." work in sub-directory .htaccess files.
  • Fixed a bug causing authentication failure when password is blank.
  • Fixed a bug in IPv4 Access Control configuration causing the smaller subnet to overshadow the larger subnet when two subnets overlapped.
  • Fixed a bug in STDERR logging, which may cause interlocking between lscgid and lshttpd worker processes.
  • Fixed a bug causing MIME types such as "text/css; charset=..." to not be gzipped when GZIP is enabled for "text/*".
  • Fixed a bug in SecRuleRemoveById directive.
  • Fixed a bug in mod_security engine when handling collections directives.
  • Fixed a bug in graceful restarting with over 1000 listeners.
  • Fixed a bug causing log rotation not to be disabled when rotating limit is set to 0.
LSWS 4.2.3 5-22-2013 Feature enhancements and minor bug fixes
  • Added setting to hide the LiteSpeed signature in the default error pages.
  • Added ability to use sendfile() to send back dynamic responses.
  • Updated in-GUI settings explanations.
  • Added option (External Application Abort) to stop the server from aborting external application processes even when the client connection has been broken.
  • Added PHP suEXEC daemon ability to kill runaway child processes.
  • Reserved connections for the WebAdmin console to ensure accessibility regardless of the current number of connections.
  • Added CGI daemon ability to log processes killed by signals to stderr.
  • Fixed FileETag directive and rewrite rule incompatibility.
  • Fixed FreeBSD realtime stats error.
  • Updated PHP build utility to support up to PHP 5.3.25 and 5.4.15.
  • Discontinued support for Solaris SPARC.
LSWS 4.2.2 1-30-2013 Feature enhancements and minor bug fixes
  • Added HTTP "PATCH" method support.
  • FileEtag directives have been fully supported.
  • Added "Cache-Control:no-cache, no-store, must-revalidate" response header to 302 response.
  • Improved Ruby Rack/Rails support along with new ruby-lsapi 4.1. "RewindableInput" interface has been natively implemented to maximize Rack performance.
  • LiteSpeed Cache improvement: added max-stale age support, stale cache copy can be served while updating the cache; added "REFRESH" method to serve existing cached copy while updating the cache.
  • Improved mod_security compatibility with gotroot ruleset.
  • Fixed CageFS mount point issue with litespeed.
  • Fixed rewrite variable "%{TIME}" parsing error.
  • Updated PHP build utility to include PHP 5.4.11 and 5.3.21.
LSWS 4.2.1 11-21-2012 Feature enhancements and minor bug fixes
  • PHP suEXEC daemon mode will be auto disabled when different php.ini required via PHPRC or PHPIniDir due to internal limitation of PHP engine.
  • Improved error handling in case of LSWS swap directory out of space.
  • Fixed a bug in SSI encoding.
  • Updated PHP build utility to include PHP 5.4.8 and 5.3.18.
LSWS 4.2 9-10-2012 Major feature enhancements
  • Added support for PHP suEXEC daemon mode to improve performance and memory efficiency (LSAPI 6.0 required).
  • Improved compatibility of Apache mod_security by adding support for variable collections.
  • Improved symbolic link security for shared hosting by introducing LiteSpeed specific directives "DisableSymlinkOverride" and "VhostRestrained".
  • Updated PHP build utility to include PHP 5.4.6 and 5.3.16.

Click here for older releases