OpenLiteSpeed 1.4.20 Released! What HTTPoxy Vulnerability?

Discussion in 'OpenLiteSpeed News' started by lsfoo, Jul 25, 2016.

  1. lsfoo

    lsfoo Administrator

    Hi Everyone,

    Today's OpenLiteSpeed release is an important one. v1.4.20 will automatically block any HTTPOXY attacks without any configuration changes.

    In addition to this fix, the compiler (Mac OS excluded) was updated to statically link the latest openssl libraries from the source code. This means that the configuration step (./configure) may take a couple minutes to complete.

    The static linking fixes an incompatibility with OpenSSL versions prior to 1.0.2 caused by Chrome's deprecating NPN support. This caused HTTP/2 connections to downgrade to HTTP 1.1.

    With all the security fixes, we strongly recommend updating to this version.

    Download link here

    The packages should be available soon.

    Cheers,
    Kevin
     

Share This Page