Version 1.4.76-1 of "lighttpd" has been uploaded. lighttpd is a secure, fast, modular web server with low resource usage
lighttpd 1.4.76: * detect VU#421644 HTTP/2 CONTINUATION Flood * issue trace and send GO_AWAY * (lighttpd not vulnerable to attack) * avoid CVE-2024-3094 xz supply chain attack * use 'git archive' to replace 'make dist' to create release tarballs * remove excess complexity (m4 and autotools) from release process * now more easily verifiable that sources come from signed git release tag Note: This cygwin lighttpd-1.4.76-1 release requires >= cygwin-3.5.0 to take advantage of new support for posix_spawn_file_actions_addfchdir_np(). As this support is optional, please contact me if this is a hardship for those unable to upgrade to cygwin-3.5.0 and I can create a package of lighttpd without this feature, whose use merely provides a marginal performance improvement for starting CGI programs. Source: https://git.lighttpd.net/lighttpd/lighttpd1.4.git/ News: https://www.lighttpd.net/ License: BSD 3-clause https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/COPYING -- *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** The easiest way to unsubscribe is to visit <https://cygwin.com/mailman/options/cygwin-announce>, and click 'Unsubscribe'. If you need more information on unsubscribing, start reading here: <https://sourceware.org/lists.html#unsubscribe>.