Announcing:
OpenLiteSpeed v1.5.5
In this release: Addressed HTTP/2 DoS advisories, bug fixes, and more!
RELEASE LOG:
Core
--------
[Security] Addressed recent HTTP/2 DoS advisories (https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md). Fixed CVE-2019-9512 "Ping Flood", CVE-2019-9515 "Settings Flood", CVE-2019-9516 "0-Length Headers Leak", and CVE-2019-9518 "Empty Frames Flood" vulnerabilities. Completely blocks unaffected attacks: CVE-2019-9511 "Data Dribble", CVE-2019-9513 "Resource Loop", CVE-2019-9514 "Reset Flood", and CVE-2019-9517 "Internal Data Buffering".
[Bug Fix] Fixed a REMOTE_ADDR env bug for IPv6 that caused roundcube errors.
WebAdmin
--------
[Security] Updated jquery library from version 2.1.1 to 2.2.4, addressing a cross site scripting vulnerability present in the earlier version.
https://openlitespeed.org/release-log/
Cheers!
Thursday, August 15, 2019
