Version 1.5.x

OpenLiteSpeed Release Log: Version 1.5.x



Server Core

  • [Major New Feature] Keep PHP workers running through server restarts with detached mode.



Server Core

  • [Security] Addressed recent HTTP/2 DoS advisories. Fixed CVE-2019-9512 “Ping Flood”, CVE-2019-9515 “Settings Flood”, CVE-2019-9516 “0-Length Headers Leak”, and CVE-2019-9518 “Empty Frames Flood” vulnerabilities. Completely blocks unaffected attacks: CVE-2019-9511 “Data Dribble”, CVE-2019-9513 “Resource Loop”, CVE-2019-9514 “Reset Flood”, and CVE-2019-9517 “Internal Data Buffering”.
  • [Bug Fix] Fixed a REMOTE_ADDR env bug for IPv6 that caused roundcube errors.

Web Admin

  • [Security] Updated jquery library from version 2.1.1 to 2.2.4, addressing a cross site scripting vulnerability present in the earlier version.



Server Core

  • [Improvement] Added support for HTTP response code 413: response is larger than defined max dynamic response length.
  • [Improvement] Updated script to make it compatible with FreeBSD.
  • [Bug Fix] Fixed a bug that was causing module modsecurity to fail to build on some operating systems.
  • [Bug Fix] Fixed lsrecaptcha build script getting called incorrectly in the script.
  • [Bug Fix] Fixed a bug that caused the server to returned a 404 response code, instead of a 403 response code, when a file had a permission issue.
  • [Bug Fix] Fixed “empty response” bug when serving responses larger than 2GB.
  • [Bug Fix] Fixed an autoLoadHtaccess bug in automatically created contexts where only the first level sub-directory of a Vhost would be loaded.
  • [Bug Fix] Fixed a crash bug when server info was set to display in the response header.
  • [Bug Fix] Fixed a bug when attempting to get new directory paths when automatically adding missing contexts.
  • [Bug Fix] Fixed a forcedType bug of causing extApps to always use server level settings regardless of VHost level settings.



Server Core

  • [Security] Perform actions as the autoupdate directory owner in related and server core code.
  • [New Feature] Added file to final installation directory.
  • [Update] Updated to improve modsecurity-ls module support and prevent failure to build on FreeBSD systems.
  • [Update] Updated to make sure that the current user and group are checked correctly.
  • [Bug Fix] Fixed a crash when detecting OS/platform.
  • [Bug Fix]Fixed a server core bug that was causing high load.

Web Admin

  • [Update] Removed unnecessary empty lines when saving the config file.
  • [Update] Added ReadOnly Mode, to avoid overwriting crucial config information, when an include file is detected in the config.
  • [Bug Fix] Fixed an issue where previous settings may have been wiped out when adding more Environment variables in External App.



Server Core

  • [New Feature] Added support fo multiple access logs (at most 4) for each Vhost.
  • [Improvement] Only check-in plain conf file with when the conf file is updated.
  • [Bug Fix] Fixed a bug where the “SERVER_ADDR” variable was not set.
  • [Bug Fix] Fixed “listening port occupied” bug when using the service restart command.
  • [Bug Fix] Fixed a VHost error log bug that where https content was only partially recorded.
  • [Bug Fix] Fixed cache module not working when using a reverse proxy.



  • [New] 1.5.1 includes updates from 1.4.43 to 1.4.47.
  • [Update] Added lsrecaptcha support.
  • [Update] Added support for CGroups, a Linux kernel feature that limits and isolates resource usage.
  • [Bug Fix] Fixed an issue in modgzip which may cause a server crash in some cases.
  • [Bug Fix] Fixed an issue where the HTTP_END hook point is not placed correctly, causing module data not to be released in some cases.
  • [Bug Fix] Fixed an issue in the cache module, where backend errors cause zero-length content to be saved and served.



V1.5.0 RC6


V1.5.0 RC5


V1.5.0 RC5


V1.5.0 RC4


V1.5.0 RC3

Server Core

  • [Bug Fix] Fixed a bug where using a NULL ntwkiolink Handler would cause a crash.
  • [Bug Fix] Fixed a logger bug where a NULL appender was sometimes used causing a crash.

V1.5.0 RC2

Server Core

  • [Bug Fix] Fixed a bug where cgi/php response body was being converted to lowercase.
  • [Bug Fix] Fixed an ip2location configuration bug.
  • [Bug Fix] Fixed a bug where cookies not reset on next use could cause a crash.
  • [Bug Fix] Fixed a bug where loading and using cache and pagespeed modules at the same time could cause an internal
    server error.
  • [Bug Fix] Fixed a cipher previously rejected by chrome.

Cache Module

  • [Bug Fix] Fixed a bug where comparing a string could cause a crash.

V1.5.0 RC1

Server Core

  • [New] Multi-Thread APIs.
  • [New] Module Developer Guide.
  • [Update] Added more Multi-Thread example modules.
  • [Bug Fix] All known bugs have been fixed.

ModLSPHP Module