LiteSpeed Technologies has announced the release of version 6.3.2 of LiteSpeed Web Server, featuring security improvements, new functionalities, and bug fixes.
Key Updates
- Security: lsquic has been updated to address a hash flood vulnerability, along with other security patches.
- HTTP/2 Enhancements: Improved implementation to block aggressive bots during attacks.
- Enhanced Support for LiteSpeed Containers and Redis: Better integration with control panels.
- New Environment Variable “noantiddos”: Allows selective disabling of anti-DDoS detection via rewrite rules or
setenvifconfiguration. - Access Log Format Support: Added support for
%{c}ato log client connection addresses. - ModSecurity: Allows the use of TX variables with the
@inspectFileoperator.
Fixes and Improvements
- Security and Protocol Fixes:
- Increased strictness in SSL client authentication verification.
- Resolved issues with
mod_securityresponse when body scan was enabled. - Fixed a failure to enable the PROXY protocol.
- Addressed outdated CloudFlare IP range whitelisting.
- Module and Configuration Fixes:
- Adjusted
mod_securityto fix an MT race condition in multiprocess execution. - Fixed NodeJS configuration to better match Apache’s behavior.
- Resolved issues with cPanel live site transfers when WP Toolkit is enabled.
- Fixed handling of file suffixes longer than 15 characters.
- Addressed issues with long Unix domain sockets for Ruby, Python, and Node applications.
- Adjusted
- Other Improvements:
- Adjusted PHP processor auto-tuning for Apache suEXEC PHP handlers.
- Fixed two
lsquicbusy loop corner cases. - Improved IPv6 ACL handling.
Availability and Update Process
LiteSpeed Web Server v6.3.2 is now available for download. Automatic updates may take some time to roll out, but users can update manually with the following command:
/usr/local/lsws/admin/misc/lsup.sh -f -v 6.3.2For more details, visit the official LiteSpeed Technologies release log.
