An fito da sabar http lighttpd 1.4.64 mai sauƙi. Sabuwar sigar tana gabatar da canje-canje na 95, gami da canje-canjen da aka tsara a baya zuwa ƙimar tsoho da kuma tsabtace ayyukan da suka gabata:
- Matsakaicin lokacin ƙayyadaddun ƙayyadaddun ƙayyadaddun ayyukan sake kunnawa/kashewa an rage shi daga mara iyaka zuwa daƙiƙa 8. Za a iya saita lokacin ƙarewa ta amfani da zaɓin "server.graceful-shutdown-timeout".
- Canjin zuwa amfani da taro tare da ɗakin karatu na PCRE2 (-with-pcre2) an yi; don komawa tsohuwar sigar PCRE, zaku iya amfani da zaɓin "-with-pcre".
- Modules da aka soke a baya an cire su:
- mod_geoip (kana buƙatar amfani da mod_maxminddb),
- mod_authn_mysql (kuna buƙatar amfani da mod_authn_dbi),
- mod_mysql_vhost (kuna buƙatar amfani da mod_vhostdb_dbi),
- mod_cml (kana buƙatar amfani da mod_magnet),
- mod_flv_streaming (rasa ma'anar bayan ƙarewar Adobe Flash),
- mod_trigger_b4_dl (kuna buƙatar amfani da madadin Lua).
Lighttpd 1.4.64 kuma yana gyara rauni (CVE-2022-22707) a cikin mod_extforward module wanda ke haifar da zubar da buffer 4-byte lokacin sarrafa bayanai a cikin taken HTTP da aka Gabatar. A cewar masu haɓakawa, matsalar tana iyakance ga ƙin sabis kuma tana ba ku damar fara ƙarshen ƙarshen tsarin baya daga nesa. Yin amfani yana yiwuwa ne kawai lokacin da aka kunna mai sarrafa kai da aka tura kuma baya bayyana a cikin tsayayyen tsari.
source: budenet.ru