Since lighttpd 1.4.54
If desired, the behavior of URL processing can be changed in the settings using the options "header-strict", "host-strict", "host-normalize", "url-normalize", "url-normalize-unreserved", "url-normalize-required" ",
"url-ctrls-reject", "url-path-2f-decode", "url-path-dotseg-remove" and "url-query-20-plus" are now set to "enable".
Other changes include a complete redesign of the mod_webdav module, which made it possible to achieve full compatibility with the specifications, improve performance and reliability. One of the incompatibility-breaking changes in mod_webdav is the blocking of incomplete PUT requests. Added support for the SHA-256 algorithm for hashing authentication parameters (HTTP Auth Digest) in mod_auth.
Instead of mod_geoip, a new module mod_maxminddb has been proposed (mod_geoip is now deprecated).
Source: opennet.ru