LiteSpeed Web ADC Release Log https://www.litespeedtech.com/images/logos/litespeed/litespeed-logo.png 2024-04-03 20:40:07 LiteSpeed Web ADC is frequently updated with new features and bug fixes. This is a detailed list of changes, arranged by date and version number.

LiteSpeed Web ADC
Release Log

Join the "LiteSpeed Edge Users" Google Group for cutting-edge build notifications.

LiteSpeed Web ADC is constantly updated with new features and bug fixes.

Web ADC 3.2.2(04-03-2024) New Features, Improvement & Bugfix

  • NEW FEATURE Add Chunked encoding support for proxying request body to backend.
  • NEW FEATURE Add cache vary on request header value, automatically vary on header 'X-Http-Method-Override'.
  • IMPROVEMENT Apply server level log rotation setting to Modsec audit log.
  • BUGFIX Minor bug fixes in HTTP/3 implementation.

Web ADC 3.2.1(02-27-2024) New Feature & Bugfixes

  • NEW FEATURE Add hCaptcha support for reCAPTCHA validation.
  • BUGFIX Address a crash related to SecRemoteRules handling.
  • BUGFIX Address a rare corner case causing HTTP/3 responses to hang.

Web ADC 3.2(12-04-2023) New Features, Improvements, Security & Bugfixes

  • NEW FEATURE Update HTTP/3 implementation to support QUICv2 protocol.
  • NEW FEATURE mod_security engine now has an option to use RE2 instead PCRE regex engine.
  • NEW FEATURE HEAD request caching.
  • IMPROVEMENT Add missing access log format following Apache spec.
  • IMPROVEMENT Add virtual host level max connections limit per IP.
  • SECURITY More strict request header validation.
  • BUGFIX Minior bug fixes to cache engine, mod_security engine, and request handling.

WHM WebADC ZeroConf 0.7.8(07-12-2023) Bug Fix

  • BUGFIX Try to apply config changes to all ADCs even if one fails.

WHM WebADC ZeroConf 0.7.7(05-25-2023) REFACTOR

  • REFACTOR Fix PHP warnings.

WHM WebADC ZeroConf 0.7.6(04-24-2023) Bug Fix

  • BUGFIX Fix a few PHP errors.

LiteSpeed Ingress Controller 0.2.4(04-06-2023) Bugfixes

  • BUGFIX Fix a memory violation when data is taken from cache and the server is quite busy.
  • BUGFIX Fix a memory leak processing SSL data.
  • BUGFIX Fix a small bug in handling multiple headers with the same name.

WHM WebADC ZeroConf 0.7.5(03-14-2023) Bug Fix

  • BUGFIX Did not properly handle multiple IPs in VHost config.

LiteSpeed Ingress Controller 0.2.3(01-17-2023) New Features, Update & Bugfixes

  • NEW FEATURE HTTP/3 support. To enable it you must specify in helm `--set options service.ports.http3=443,service.targetPorts.http3=443,containerPorts.http3=443`.
  • NEW FEATURE Gateway support extended feature in HTTPRoute, `spec.route.method` which supports matching HTTP method (GET, POST, etc.).
  • UPDATE Updated all code to operate correctly in the 0.6.0 beta environment.
  • BUGFIX Gateway URLRewrite is properly applied.
  • BUGFIX Detect when small change between selections results in incorrect worker applied.

LiteSpeed Ingress Controller 0.2.2(12-15-2022) New Feature & Update

  • NEW FEATURE Added support for a number of Gateway HttpRoute Extended Features including:
    • Matches: `Path`, `Type`: `RegularExpression` where PCRE compatible regular expressions are supported.
    • Filters:
      • `RequestRedirect`: New features include `Scheme`, `Hostname`, `Path`, `Port` and `StatusCode`. `Path` can specify a `Type` of `ReplaceFullPath` (an absolute path) or `ReplacePrefixMatch` (a path which will add subdirectories), either of which can include PCRE regular expression replacement strings.
      • `URLRewrite`: `Hostname` and `Path`. `Hostname` can include a port and `Path` can specify a `Type` of `ReplaceFullPath` (an absolute path) or `ReplacePrefixMatch` (a path which will add subdirectories).
  • UPDATE You can no longer use the released set of Gateway CRDs to run Gateway until the beta is released. The Litespeed Ingress Controller uses the latest beta definitions and should be installed using the `./gateway-load.sh` in the samples package and unloaded with `./gateway-unload.sh`.

Web ADC 3.1.7(12-09-2022) New Features, Updates, Improvements & Bugfixes

  • NEW FEATURE Add reCAPTCHA trigger from mod_security via "verifycaptcha" environment variable.
  • NEW FEATURE Add reCAPTCHA verification timeout.
  • UPDATE Isolate ZeroConf cache roots per domain even if sharing the same directory.
  • UPDATE Increase BF limit to 10 after a successful reCAPTCHA solve to avoid cases where a low BF Limit could block access to the login page.
  • UPDATE Add type-specific cache tags for static content.
  • IMPROVEMENT Improve mod_security JSON audit log with more rule meta data.
  • IMPROVEMENT Reduce false positives for anti-ddos detection based on status code.
  • IMPROVEMENT Add "x-frame-options" header for recaptcha page.
  • BUGFIX Address HTTP/3 corner cases, memory leaks, and high CPU usage bugs.
  • BUGFIX Address a graceful restart bug in chroot environment.
  • BUGFIX Address broken bcrypt verification for HTTP authentication.
  • BUGFIX Address a corner case when handling chunk encoded data.
  • BUGFIX Address a corner case in async mod_security engine.
  • BUGFIX Address HTTP/2 hpack decoder corner cases.
  • BUGFIX Address ZeroConf not properly waiting for the whole request body which sometimes resulted in API failures.
  • BUGFIX Address an corner case where a request could be restarted while in the middle of processing.
  • BUGFIX Address a case where multiple ZeroConf load balancers with multiple backends could interfere with load balancer strategies.
  • BUGFIX Change SSL handshake timeout from request timeout value to 10 seconds to avoid hanging request issues.
  • BUGFIX Other fixes to improve overall server performance and stability.

LiteSpeed Ingress Controller 0.2.1(12-02-2022) Improvements & Bugfix

  • IMPROVEMENT Support detecting the load of the Gateway CRDs after the controller is loaded. However, Gateway CRDs should not be unloaded without unloading the controller.
  • IMPROVEMENT Additional changes for Kubernetes Gateway v1beta1.
  • BUGFIX Fixed a memory leak in normal operations.

LiteSpeed Ingress Controller 0.2.0(11-10-2022) New Feature & Bugfixes

  • NEW FEATURE Kubernetes Gateway API support. See https://gateway-api.sigs.k8s.io/ for a full description of the feature.
  • BUGFIX Adjusted helm to allow proper deletion of configmaps.
  • BUGFIX Support either controller name or ingress class name as the ingress class name in annotations which addresses cert-manager issue.
  • BUGFIX Fixed a bug in priority management.

LiteSpeed Ingress Controller 0.1.30(09-30-2022) Bugfix

  • BUGFIX Merged in latest load balancer fixes to address licensing and a memory leak in HTTP/3.

LiteSpeed Ingress Controller 0.1.29(09-16-2022) Improvements

  • IMPROVEMENT Helm install includes support for auto-scaling.
  • IMPROVEMENT Caching is enabled by default.

LiteSpeed Ingress Controller 0.1.28(08-26-2022) Bugfixes

  • BUGFIX Fixed a deadlock bug which resulted in a delay in the implementation and activation of Ingress configuration updates.
  • BUGFIX Do not require an IngressClass specification for the default IngressClass to operate correctly.

LiteSpeed Ingress Controller 0.1.27(08-23-2022) Bugfixes

  • BUGFIX Proper support for multiple backends with different contexts for the same domain.
  • BUGFIX Support PathType ImplementationSpecific identically to PathPrefix to allow cert-manager to work correctly for automatic certificate verification.

LiteSpeed Ingress Controller 0.1.26(06-21-2022) New Features & Bugfix

  • NEW FEATURE New `prometheus-remote` Prometheus arguments which can be used to have Prometheus push stats to Grafana Cloud.
  • NEW FEATURE Removed all references to v1beta1 to support Kubernetes v1.22 and above.
  • BUGFIX Fixed helm deployment.

LiteSpeed Ingress Controller 0.1.25(06-17-2022) New Features & Bugfixes

  • NEW FEATURE There is now a built-in Prometheus metrics exporter. Must be enabled by the Ingress Controller argument `enable-metrics` to be activated. Prometheus can be installed on the service pod as well using the argument `install-prometheus`.
  • NEW FEATURE Ingress Controller argument `--run-before-lb='commands'` can specify any number of commands that will be run before the load balancer starts.
  • NEW FEATURE New Ingress Controller argument `config-service-port` can be used to expose the config port without the use of helm configuration.
  • BUGFIX Licensing documented and functions correctly.
  • BUGFIX Correctly apply secrets even for secrets missing a name.
  • BUGFIX Correctly apply command line `lslb-config-map-prefix`

LiteSpeed Ingress Controller 0.1.24(05-24-2022) New Feature & Bugfixes

  • NEW FEATURE Added regular expressions to advanced deployments with the new annotation `litespeedtech.com/hostx.servicex.weight`
  • BUGFIX For an advanced deployment, if you specify the same host twice, it will correctly use the first one rather than generate an incorrect ZeroConf definition.
  • BUGFIX If you change the definition, the replaced definition will be not cached for new session use, though existing ones will still finish correctly.

LiteSpeed Ingress Controller 0.1.23(05-19-2022) New Feature & Bugfixes

  • NEW FEATURE Red/Blue and Canary deployments using annotations.
  • BUGFIX context_list is properly passed in ZeroConf between Go program and load balancer resulting in contexts now working correctly.
  • BUGFIX A missing exact context entry is now correctly added into contexts.
  • BUGFIX Use and document vhostPerDomain correctly.

Web ADC 3.1.6(05-11-2022) Security, Improvement & Bugfixes

  • SECURITY Address a crash and memory leak in HTTP/3 implementation. current PCI scan.
  • IMPROVEMENT Better cache storage cleanup up for purged pages.
  • BUGFIX Avoid sending multiple cookie headers in proxy requests to backend.
  • BUGFIX Block request header "transfer-encoding: chunked" for HTTP/2 and HTTP/3.
  • BUGFIX Better cache vary support for static content.
  • BUGFIX Address a few random crashes.

LiteSpeed Ingress Controller 0.1.22(05-06-2022) New Features & Bugfix

  • NEW FEATURE WebAdmin interface is now available including Real-Time Stats and template WebADC configuration. Template support provides availability to the Web Application Firewall.
  • NEW FEATURE Optional support for configuration port in helm definition (service.ports.config).
  • BUGFIX Reduce restarts within health checks.

LiteSpeed Ingress Controller 0.1.21(04-15-2022) New Feature & Bugfix

  • NEW FEATURE Support both Nginx and generic Rewrite annotations.
  • BUGFIX Correctly support multiple domains for a SSL certificate.

Web ADC 3.1.5(02-24-2022) New Features & Imporvements

  • NEW FEATURE Add "Failover" load balancing strategy.
  • IMPROVEMENT Add new configuration option to control cache vary for static content.
  • IMPROVEMENT Better stale cache purge handling.
  • IMPROVEMENT Auto whitelist QUIC.cloud and Jetpack IPs.
  • IMPROVEMENT Better backend ping control.
  • IMPROVEMENT Detect bot attacks by bad status code.

WHM WebADC ZeroConf 0.7.4(01-18-2022) Refactor

  • REFACTOR Remove dependency on Scalar::Util::Numeric.

WHM WebADC ZeroConf 0.7.3(11-15-2021) Bugfix

  • BUGFIX Use Cpanel::Binaries::path if available.

Web ADC 3.1.3(11-12-2021) New Features, Imporvements & Bugfixes

  • NEW FEATURE Websocket passthrough to backend cluster.
  • NEW FEATURE Add websocket proxy target support for rewrite rules.
  • IMPROVEMENT Improve HTTP/2 upload throughput.
  • IMPROVEMENT Improve HTTP/3 upload throughput.
  • IMPROVEMENT Improve HTTP/3 DPLPMTUD support.
  • BUGFIX Address HTTP/3 handshake failures.
  • BUGFIX Address an HTTP/1.1 request body chunk encoding corner case.
  • BUGFIX Throttle unnecessary lscache purges generated by LSCWP.
  • BUGFIX Other minor bug fixes and improvements.

WHM WebADC ZeroConf 0.7.2(09-24-2021) New Feature and Update

  • NEW FEATURE Add ability to configure max conns for each backend.
  • UPDATE Add support for NAT mode.

Web ADC 3.1.2(09-21-2021) Imporvement & Bugfixes

  • IMPROVEMENT Make max_conn configurable at vhost level through ZeroConf API.
  • BUGFIX Address a few issues with asynchronous mod_security engine.
  • BUGFIX Improve load balancing algorithm to distribute load evenly among backends.
  • BUGFIX Properly handle POST requests without "Content-Length" header in HTTP/2 and HTTP/3 streams.
  • BUGFIX Address a few issues with handling for HTTP/3 backends.
  • BUGFIX Cache engine should no longer purge again when serving a cached page with purge headers.
  • BUGFIX Other minor bug fixes and improvements.

Web ADC 3.1.1(07-08-2021) Bugfixes

  • BUGFIX Address a chrome HTTP/3 connection timeout issue for long running scripts.
  • BUGFIX Address a random crash with asynchronous mod_security engine.
  • BUGFIX Resolve a problem with purging by URL.
  • BUGFIX Address a crash when handling decoded HTTP/2 headers.
  • BUGFIX Detect dead HTTP/2 connections during server cooldown.
  • BUGFIX Improve request/response header name validation to avoid HTTP/2 and HTTP/3 protocol violations.
  • BUGFIX Minor tweaks to HTTP/3 protocol.

Web ADC 3.1(06-07-2021) New Features

  • NEW FEATURE HTTP/3 v1 support with with DPLPMTUD, Adaptive congestion control, Delayed ACK, and zero-copy packetization.
  • NEW FEATURE Asynchronous mod_security engine.
  • NEW FEATURE Cache engine POST request caching capability.
  • NEW FEATURE Support for secure websocket backends (wss://).
  • NEW FEATURE ModSecurity JSON audit log.
  • NEW FEATURE ModSecurity scan response body support.
  • NEW FEATURE ModSecurity persistent collection SHM storage.
  • NEW FEATURE Server level header manipulation.

Web ADC 3.0.3(03-11-2021) Tuning and Bug Fixes

  • TUNING Add LB configurations and ping interval config for ZeroConf.
  • TUNING Increase cache object size limit from 10MB to 100MB.
  • TUNING Log reason for reCAPTCHA trigger.
  • BUGFIX Update lsquic to v2.29 with improved HTTP/3 performance and stability.
  • BUGFIX Purge By URL no longer interferes with Purge by Tag with a leading '/'.
  • BUGFIX Address random blank cached page caused by conditional fetching of stale cache from backend.
  • BUGFIX Address content corruption for ESI includes.
  • BUGFIX Use THROTTLE as the default mode for WordPress brute force protection.
  • BUGFIX Follow connection close response header for HTTP/1.1 proxy connections.

Web ADC 3.0.2(02-09-2021) Bug Fixes

  • BUGFIX Update lsquic to v2.27 with improved HTTP/3 performance and stability.
  • BUGFIX Improve WordPress brute force protection with reCAPTCHA.
  • BUGFIX Address hanging caused by HTTP/1.1 chunk encoding.
  • BUGFIX Correct truncated response body due to ESI + HTTP/2.
  • BUGFIX Improve ESI parser to handle improperly escaped ESI directives.
  • BUGFIX TLS session ticket timeout now defaults to 1 hour.
  • BUGFIX Access logging delay is avoided when AIO logging is enabled.
  • BUGFIX Mod_security @rx operator is able to scan multi-line input now.
  • BUGFIX $VH_DOMAIN in vhost template configuration is now supported.
  • BUGFIX ADDRESS A few minor memory leaks.

Web ADC 3.0.1(10-29-2020) New Features, Improvement and Bug Fixes

  • NEW FEATURE Enable ESI combine request for WordPress cache.
  • NEW FEATURE Add option to purge cache based on disk space.
  • NEW FEATURE Add support for using "X-Real-ip" header for client IP.
  • IMPROVEMENT Cache engine now forwards vary value to backend.
  • BUGFIX Address various slow memory leaks.
  • BUGFIX Address various issues in IETF QUIC (HTTP/3) implementation.
  • BUGFIX Address various issues in HTTP/2 implementation.
  • BUGFIX Address various issues in HTTP/2 and HTTP/3 client connections to backend.
  • BUGFIX Release unneeded resource for firewall controller process.

Web ADC 3.0(06-30-2020) New Features, Tuning, Improvement and Bug Fixes

  • NEW FEATURE Support for HTTP/3 drafts 27,28, and 29.
  • NEW FEATURE POST request caching support.
  • NEW FEATURE End to end HTTP/1, HTTP/2 and HTTP/3 load balancing.
  • NEW FEATURE New configuration options 'bindIpv6Only', 'reverseDnsLookup', 'verifyGoogleBot', 'forceSecureCookie', 'purgeNoHitTimeout', and 'sslDefaultCiphers'.
  • TUNING Complete rewrite of HTTP/2 engine with more efficient header handling when routing requests using HTTP/2 and HTTP/3.
  • IMPROVEMENT reCAPTCHA handling now avoids hijacking backend server initiated verification.
  • BUGFIX Address bugs in various modules (mod_secuirty, SHM, cache, ESI, and ZeroConf).

Web ADC 3.0 RC3(06-22-2020) New Features and Bug Fixes

  • NEW FEATURE HTTP/3 draft 29 support.
  • NEW FEATURE POST request caching support.
  • NEW FEATURE "Use Client IP in Header" setting can now be set to use the last IP listed in the X-Forwarded-For header. (for servers behind AWS ELB)
  • BUGFIX Correct a SHM memory allocation issue.
  • BUGFIX Invisible reCAPTCHA now works properly with IE 11 browser.

Web ADC 3.0 RC2(06-09-2020) New Feature, Improvements, and Bug Fixes

  • NEW FEATURE Add support for HTTP/3 draft 28.
  • IMPROVEMENT Enhance HTTP/2 performance.
  • IMPROVEMENT Enhance cache engine purge by URL implementation.
  • BUGFIX Squash some minor proxy header handling bugs.
  • BUGFIX Prevent output corruption by ESI engine.
  • BUGFIX No longer force cache revalidation when caching a static entry.

Web ADC 3.0 RC1(05-22-2020) Major New Features, Major Improvements, and Bug Fixes

  • MAJOR NEW FEATURE Added support for HTTP/2 proxy backend.
  • NEW FEATURE Added new configuration options 'bindIpv6Only', 'reverseDnsLookup', 'verifyGoogleBot', 'forceSecureCookie', 'purgeNoHitTimeout', and 'sslDefaultCiphers'.
  • MAJOR IMPROVEMENT Refactored and optimized to HTTP/2 and HTTP/3 engines.
  • IMPROVEMENT Improved automatic cache storage cleanup.
  • BUGFIX Fixed repeated refreshing in cache stale refresh logic.
  • BUGFIX Fixed a cache response by MIME type bug.
  • BUGFIX Fixed various minor bugs in mod_security engine.
  • BUGFIX Fixed minor bugs in HTTP/3 engine.

WHM Web ADC ZeroConf 0.7(05-20-2020) New Feature and Update

  • NEW FEATURE Add Cluster IPs for server-wide and per-domain cluster configurations.
  • UPDATE Add hooks for SSL installation and cPanel addon/sub/parked domains.

Web ADC 2.7(03-30-2020) New Features and Update

  • NEW FEATURE Made mod_security engine fully asynchronous.
  • NEW FEATURE Added support for transparent proxies.
  • UPDATE Updated HTTP/3 support to h3-27.

Web ADC 2.6.1(03-25-2020) New Features, Securities,Tuning, Bugfixes

  • NEW FEATURE Support QUIC/HTTP3 versions up to Q050, h3-25, h3-27
  • NEW FEATURE set X_SPDY environment for IETF QUIC connection.
  • NEW FEATURE allow using cluster name in PROXY target URL. It has a higher priority than proxy worker.
  • NEW FEATURE allow rewrite rule to update Proxy-Host without using PROXY action.
  • SECURITY Improve access security for Web Admin. current PCI scan.
  • SECURITY Disable TLS 1.1 for the default setting. current PCI scan.
  • TUNING Set RBL DNS cache to 60 seconds.
  • BUGFIX Fix a bug where Quic Client connections did not work with multiple backends.
  • BUGFIX Fix bugs that could cause the Mod Security engine to hang.
  • BUGFIX Fix bugs in the ModSecurity configuration parser.
  • BUGFIX Tune various Mod Security variables to be more accurate.
  • BUGFIX Fix bugs in query string decoding.
  • BUGFIX Fix memory leak in Replication logic.
  • BUGFIX Fix a bug that caused Font files to not be cached.
  • BUGFIX Fix a bug in the ESI handler that caused the ESI requests to hang.

WHM Web ADC ZeroConf 0.6(01-07-2020) Bugfix

  • BUGFIX Switch to use Cpanel::Binaries::get_binary_location.

Web ADC 2.6(10-24-2019) New Feature, Improvement

  • NEW FEATURE Updated HTTP/3 with draft 23 support.
  • NEW FEATURE Added BBR congestion control for HTTP/3, QUIC.
  • NEW FEATURE Added HTTP/3 and QUIC proxy client for HTTPS proxy backends.
  • IMPROVEMENT HTTP/2 performance improvements.
  • IMPROVEMENT Asynchronous mod_security offloading with multi-threading.

WHM Web ADC ZeroConf 0.5(08-21-2019) New Feature & Bugfix

  • NEW FEATURE Add logic to check for VHost Templates within configurations.
  • BUGFIX Early builds of cPanel 82 has the URL::Encode module missing. Change to use the Encode core module instead.

Web ADC 2.5.1(08-15-2019) Security, New Feature, Improvement & BugFix

  • SECURITY Addressed recent HTTP/2 DoS advisories. Fixed CVE-2019-9516 "0-Length Headers Leak" vulnerability. Completely blocks unaffected attacks: CVE-2019-9511 "Data Dribble", CVE-2019-9512 "Ping Flood", CVE-2019-9513 "Resource Loop", CVE-2019-9514 "Reset Flood", CVE-2019-9515 "Settings Flood", CVE-2019-9517 "Internal Data Buffering", and CVE-2019-9518 "Empty Frames Flood".
  • NEW FEATURE Updated HTTP/3 support to Internet Draft 22.
  • IMPROVEMENT reCAPTCHA engine has been improved to reduce false positives.
  • BUGFIX Fixed a regression that affected the handling of HEAD requests.

Web ADC 2.5(07-30-2019) New Features, & Improvements

  • MAJOR NEW FEATURE Added support for experimental HTTP/3 draft 20.
  • NEW FEATURE HTTPS handshake offloading improves HTTPS handshake speed and avoids clogging the server's main event loop.
  • NEW FEATURE SO_REUSEPORT support improves multi-worker scalability for high traffic deployments.
  • NEW FEATURE HTTPS certificate compression reduces the size of HTTPS handshake exchange data.
  • NEW FEATURE Added support for Q046 in QUIC engine.
  • NEW FEATURE Added smart anti-DDoS protection for attacks targeting QUIC UDP port.
  • IMPROVEMENT More reliable HA replication.
  • IMPROVEMENT Bug fixes and enhancement to ZeroConf API.

WHM Web ADC ZeroConf(01-07-2019) New Features

  • NEW FEATURE Introduce Force Update SSL - forces Web ADC to update to new SSL certificates.

Web ADC 2.4(01-03-2019) New Features, Major Improvements, & Bug Fixes

  • NEW FEATURE QUIC 044 support.
  • NEW FEATURE QUIC proxy backend support for backend communication through QUIC.
  • NEW FEATURE New load balancing strategy: LB_ST_FASTER_RESP.
  • NEW FEATURE Recaptcha verification for DDoS attack mitigation.
  • NEW FEATURE Intelligent Botnet detection and blocking through firewall.
  • MAJOR IMPROVEMENT HTTP/2 performance has been improved with a better header compression/decompression work flow.
  • BUGFIX All bug fixes from ADC v2.3 incremental builds included.

Web ADC 2.3(08-09-2018)Feature Enhancements & Bug Fixes

  • MAJOR NEW FEATURE Added dynamic BROTLI compression.
  • IMPROVEMENT Improved QUIC engine with Google QUIC v43 support, improved performance.
  • IMPROVEMENT Improved HA/Replication support.
  • IMPROVEMENT Improved ZeroConf support.
  • IMPROVEMENT Improved cache engine with automatically static assets caching and updating.
  • IMPROVEMENT Added MaxmindDB support.
  • IMPROVEMENT Improved HTTP/2 performance.
  • IMPROVEMENT Added TLSv1.3 draft 28 support.

Web ADC 2.2(05-09-2018)Feature Enhancements & Bug Fixes

  • NEW FEATURE Easy cluster management with ZeroConfig API and cPanel integration.
  • IMPROVEMENT QUIC engine has been improved with better performance and scalability.
  • IMPROVEMENT PageSpeed support has been improved.
  • IMPROVEMENT mod_security engine has been improved with better performance and compatibility.
  • BUGFIX Fixed a bug that sometimes caused IPv6 listeners to be unable to restart.

Web ADC 2.1.3(03-02-2018)Improvements & Bug Fixes

  • IMPROVEMENT Improved QUIC engine performance and download speeds.
  • BUGFIX Fixed a bug that caused a file descriptor leak in the cache engine.
  • BUGFIX Fixed an SHM corruption bug.
  • BUGFIX Fixed a bug that caused a file descriptor leak when SecRemoteRule was used.
  • BUGFIX Fixed a bug that sometimes caused IPv6 listeners to be unable to restart.

Web ADC 2.1.2(12-21-2017)Feature enhancements

  • NEW FEATURE Improved cache engine with capability to selectively drop certain query string value pairs.
  • NEW FEATURE Built-in WordPress brute force protection.
  • NEW FEATURE Added capability to modify response headers through context level configuration.
  • IMPROVEMENT Improved QUIC engine performance.

Web ADC 2.1(7-11-2017)Major Feature enhancements

  • MAJOR NEW FEATURE Added QUIC support, compatible with Q035, Q037.
  • NEW FEATURE Switched from OpenSSL to BoringSSL with TLSv1.3 support.
  • NEW FEATURE Added TCP_FASTOPN support.
  • NEW FEATURE The ZeroConfig API supports direct, automated thirdparty management of Web ADC configuration.
  • NEW FEATURE Added support for IP2Location to convert IP to geographic location.
  • NEW FEATURE Added support for SecRemoteRules and improved performance of mod_security engine.

Web ADC 2.1RC1(6-13-2017)Major Feature enhancements

  • MAJOR NEW FEATURE Added QUIC support, compatible with Q035, Q037.
  • NEW FEATURE Switched from OpenSSL to BoringSSL with TLSv13 support.
  • NEW FEATURE Added TCP_FASTOPN support.

Web ADC 2.0.2(2-1-2017) Major Feature enhancements, Security updates, Bug Fixes

  • SECURITY Removed DES-CBC3-SHA from default cipher suite to avoid failing current PCI scan.
  • SECURITY Upgrade bundled OpenSSL library to 1.0.2k.
  • IMPROVEMENT Improved mod_security log messages to use variable values.
  • BUGFIX Fixed a bug in SHM hash table that caused data corruption and infinite looping.
  • BUGFIX Fixed a bug in cache object replication that caused long delays for graceful restart.
  • BUGFIX Minor bug fixes in HTTP/2, the ESI cache engine, and the mod_security engine.

Web ADC 2.0.1(11-10-2016)Major Feature enhancements, Bug Fixes

  • MAJOR IMPROVEMENT Improved LiteMage first page load speed for new visitors by avoiding going through the backend.
  • IMPROVEMENT Improved cache purging capability: private cache entries can now be purged with public tags and multiple cache purge response headers are accepted.
  • BUGFIX Improved server stability with minor bug fixes.

Web ADC 2.0(06-22-2016)Feature enhancements

  • Added PageSpeed support
  • Added Magento LiteMage support
  • Improved cache engine
  • Improved server stability
  • Upgraded bundled OpenSSL to 1.0.2h

Web ADC 2.0RC3(01-29-2016)Feature enhancements

  • Improved WebAdmin real-time statistics.
  • Improved HA replication.
  • Improved stateful session tracking.
  • Improved server stability.
  • Upgraded bundled OpenSSL to 1.0.2f.

Web ADC 2.0RC2(11-19-2015)Feature enhancements and minor Bug Fixes

  • Improvements to session data replication.
  • Improvements to mod_security engine.
  • Minor bug fixes.

Web ADC 2.0RC1(10-14-2015)Major Feature enhancements

  • Added HTTP/2 support.
  • Added High Availablity support through integration with Keepalived/CARP and session data replication.
  • Added Page Cache support.
  • Updated ModSecurity engine to support @rbl and @inspectfile operators.
  • Added Multi-worker processes support with shared internal states to take advantage of multi-CPU/core SMP servers.
  • Added shared SSL session cache and SSL ticket synchronization.
  • Added Multi-Certificate support to use RSA, DSA, and ECC certificates for the same domain.
  • Added SSL SNI mass hosting configuration.

Web ADC 1.8(10-16-2014)Security patch and Feature enhancements

  • Upgraded OpenSSL to 1.0.1j to address vulnerabilities in 1.0.1i.
  • SSLv3 turned off by default for HTTPS virtual hosts.
  • Added support for TLSv1.1 and TLSv1.2.
  • Ended Solaris, FreeBSD 4/5, and Mac OSX support.

Web ADC 1.7(1-8-2010)Feature enhancements and minor Bug Fixes

  • Fixed a bug in WebAdmin console that cannot save certain configuration.
  • Show blocked IP in WebAdmin console.
  • Linked against OpenSSL to 0.9.8l.
  • Added TCP_CORK to minimize packet segmentations.

Web ADC 1.6(1-28-2009)Minor Bug Fixes

  • Fixed a bug that causes HEAD request take long time to finish.
  • Pass through 'deflate' response body.

Web ADC 1.5(12-10-2008)Minor Bug Fixes

  • Fixed a bug that causes server process to crash when one of the backend node failed to respond to ping request.
  • Blank response header from backend server will be ignored.

Web ADC 1.4(10-1-2008)Feature enhancements and minor Bug Fixes

  • IP to geo location feature has been updated to match new changes in Apache mod_geoip.
  • Special care has been added to handle 1xx response from proxied back-end web servers.
  • Fixed a bug that cause Web ADC not to reload license key after the key being updated.

Web ADC 1.3(6-30-2008)Minor Bug Fixes

  • A bug that affects updating monthly lease license key has been fixed.
  • A bug in request filter has been fixed.

Web ADC 1.2(5-19-2008)Feature enhancements and minor Bug Fixes

  • Automated license management has been added.
  • Minor bug fixes in the HTTP engine core.

Web ADC 1.1(12-17-2007)Feature enhancements and minor Bug Fixes

  • Various bug has been fixed in the core HTTP engine.
  • network throughput has been fine tuned.
  • Many new features from the web server branch has been added.

Web ADC 1.0(6-4-2007)Initial Public Release

Privacy Policy

Privacy Policy

LiteSpeed Technologies, Inc. (aka “LiteSpeed”) is committed to protecting your privacy. This policy ("Privacy Policy" or "Policy") explains our practices for our site, www.litespeedtech.com ("Site"). You can visit most pages of the Site without giving us any information about yourself, but sometimes we do need information to provide services that you request. By using this Site or any products or services provided through the Site, you expressly consent to the use and disclosure of information as described in this Privacy Policy.

LiteSpeed reserves the right to revise, modify, add, or remove provisions to this Privacy Policy at any time. If we make changes to this Privacy Policy, we will update the Effective Date to note the date of such changes. LiteSpeed encourages you to review this Privacy Policy periodically for any changes. IF YOU DO NOT AGREE WITH ANY OF THE TERMS BELOW, YOU SHOULD NOT USE THIS SITE OR THE PRODUCTS OR SERVICES OFFERED BY LITESPEED TECHNOLOGIES AT THIS SITE.

Collection of Information

Personal Information.

LiteSpeed will ask you for certain “Personal Information” when you complete registration or product information request forms on the Site, including but not limited to your name, address, telephone number, email address, and credit card information. You can always choose not to provide us with the requested information, however, you may not be able to complete the transaction or use our products or services if you do not provide the information requested.

Non-Personal Information.

LiteSpeed may collect non-personally identifiable information from you such as the type of browser you use, your operating system, the screen resolution of your browser, your ISP, your IP address, which pages you view on the Site and the time and duration of your visits to the Site (collectively, “Non-Personal Information”). LiteSpeed may associate Non-Personal Information with Personal Information if you register with the Site.

User Communications.

If you communicate with us, we may collect information relating to that communication whether it takes the form of email, fax, letter, forum posting, blog comments, testimonials or any other form of communication between you and LiteSpeed or Submitted by you to the Site (collectively, “User Communications”).

Server Information.

If you use one of our software products such as LiteSpeed Web Server or LiteSpeed Web ADC, we may collect certain information concerning such software and concerning the server upon which the software operates. This information includes: (a) the licensed or unlicensed status of the software; (b) the source from which the license for the software was obtained (i.e., LiteSpeed or a LiteSpeed affiliate); or (c) information about the server upon which the software is installed including (i) the public IP address, (ii) the operating system and (iii) the use of any virtualization technologies on such server ((a) through (c) collectively, “Server Information”). Additionally, “Server Information” may also include information collected from you by LiteSpeed in the event that you request technical support services including without limitation, IP addresses, usernames, and passwords necessary to login to SSH, the root directory of the server upon which you installed the LiteSpeed software and any affected accounts including email accounts, control panel accounts, MySQL accounts, CMS accounts and other accounts.

Use and Storage of Collected Information

LiteSpeed may use Personal Information to create and authenticate your account, to respond to your requests, to provide you with customer and technical support, or to provide you with information regarding our products, services, partners, and company. You may update your Personal Information with us at any time, but we may maintain records of any Personal Information you disclose to us indefinitely, unless otherwise requested as outlined below.

We may use User Communications in the same ways we use Personal Information. If you communicate with us for a particular purpose, we may use your User Communications for that purpose. For example, if you contact us for technical support, we may use your communications to provide technical support to you. We may maintain records of User Communications you transmit to us indefinitely, unless otherwise requested as outlined below.

LiteSpeed may use Non-Personal Information to maintain, evaluate, improve and provide our Site, the Services and any other LiteSpeed products and services. We may retain Non-Personal Information indefinitely.

We may use Server Information to provide you with technical support services and to maintain, evaluate, improve and provide LiteSpeed products and services. We may also use such information to investigate unlicensed (and therefore unauthorized) uses of our software. LiteSpeed may maintain Server Information indefinitely, with the exception of usernames, passwords, and other login information given in connection with support service requests. Such login information will be purged when the ticket is closed.

Disclosure of Collected Information

LiteSpeed will only disclose Personal Information to third parties if acting under a good faith belief that such action is necessary, including but not limited to: (a) to resolve disputes, investigate problems, or comply with laws or regulations; (b) to enforce our Terms of Service; (c) to protect and defend the rights, property, or safety of our company or our users; or (d) in the event of a merger, acquisition or sale of all or substantially all LiteSpeed assets. Other than this limited activity, we do not share, sell, or rent any personal information to third parties.

You will receive notice in the form of modifications to this Policy when information about you might go to third parties other than as described in this Policy, and you always have the opportunity to contact us as set forth below if you do not wish your information to go to third parties.

LiteSpeed cannot be responsible for protecting your information if you share such information in publicly available sections of the Site such as the user forums, blog comments, or testimonials section. You should use your own judgment in disclosing this information on the Site.

Use of Cookies

“Cookies” are small pieces of information that your browser stores on your computer on behalf of a website that you have visited. Cookies may be used in order to complete transactions on our site. You can always choose not to accept cookies with the settings of your web browser, however, you may not be able to complete these transactions if you do not accept cookies.

Security of Personal Information

We use reasonable security methods to protect your personal information from unauthorized access, use or disclosure. No data transmission over the Internet or any wireless network can be guaranteed to be perfectly secure. While we try to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

LiteSpeed uses industry-standard SSL-encryption to protect sensitive data.

In the event that LiteSpeed becomes aware of a security breach, unauthorized disclosure or inadvertent disclosure concerning your information, you agree that LiteSpeed may notify you of such an event using the Personal Information previously provided.

You are responsible for maintaining your account’s security.

GDPR Notice and your Rights as Data Subject

For the purposes of the General Data Protection Regulation (the “GDPR”), in the European Union, LiteSpeed Technologies Inc. is a “data controller” of the Personal Information you provide to us for the primary purposes of providing you or your customers with our services.

For our customers and users in the European Union, by clicking the "I Accept" button or otherwise accepting the terms and conditions of our services through a clickable action or similar action, you hereby acknowledge, agree and unequivocally consent to the collection, processing, management, treatment, transfer and authorization of your Personal Information by LiteSpeed Technologies and/or its affiliates, clients, sub-processors and/or authorized third parties.

If you are a resident of Switzerland, the contact details for the data protection authorities are available here:
https://www.edoeb.admin.ch/edoeb/en/home.html.

For European Union (EU) customers, please be reminded that the EU has not found the United States and some other countries to have an adequate level of protection of Personal Information under Article 45 of the GDPR.

The sections here below cover certain situations that you, as data subject, and we as a data controller, are most likely to encounter; but you should also carefully review the full list of data subject rights here: https://www.gdpr-info.eu/chapter-3/.

  • Right to be Forgotten: You can request us to be “forgotten”; that is, to have your entire Personal Information removed from our service. If we are asked to do this, in accordance with Article 17 GDPR we will remove any Personal Information that we have collected from you as requester. We will also need to contact any third parties that process your Personal Information on our behalf, such as our cloud service providers using the adequate mechanisms. To ensure that any personal data in LiteSpeed Technologies’ possession can be removed in a timely manner, you can relay any request to be “forgotten” to us by submitting a request.
  • Right to Data Portability: In accordance with Article 20 GDPR our users located in the EU may request LiteSpeed Technologies to send them any Personal Information in our possession. In this case, we will provide you with any Personal Information that you have in a commonly used, machine-readable format.
  • Right to Data Access: As a data subject, in accordance with Article 15 GDPR you can ask LiteSpeed Technologies to confirm how and where your Personal Information is being stored and processed. You also have the right to know how such data is shared with third parties by us.
  • Right to Data Rectification: As a data subject, in accordance with Article 16 GDPR you have the right to obtain from LiteSpeed Technologies, without undue delay, the rectification of inaccurate Personal Information concerning you.
  • Right to be Informed: You have the right to be informed about the Personal Information we collect from you, and how we process it.
  • Right to Withdraw Consent: In accordance with Article 7(3) GDPR, you have the right to withdraw your consent given to us at any time.
  • Right to Object: In accordance with Article 18 GDPR you have the right to object to us processing your Personal Information for the following reasons:
    • Processing was not based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
    • Direct marketing (including profiling);
    • Processing for purposes of scientific/historical research and statistics; and
    • Rights in relation to automated decision-making and profiling.
  • Automated Individual Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
  • Right to Complain: You have the right to file a complaint with supervisory authorities if your information has not been processed in compliance with the GDPR. Furthermore, in accordance with Article 77 GDPR, if the supervisory authorities fail to address your complaint properly, you may have the right to a judicial remedy.

Privacy Requests

Lastly, you retain the right to access, amend, correct or delete your Personal Information where it is inaccurate at any time. To do so, please contact us as indicated in the Contact Us section. We reserve the right to charge a reasonable fee, as permitted by applicable laws and regulations, in order to comply with complex requests or repetitive requests from individual users.

Your privacy request must include, at the least, the following information: (i) your complete name, address and/or e-mail address in order for us to notify you of the response to your request; (ii) attached documents establishing your identity; and (iii) a clear and concise description of the Personal Information with regard to which you seek to enforce any of your privacy rights. If you request rectification, please indicate amendments to be made and attach documentation to back up your request.

Upon receipt of your privacy request, and after due review, we may then edit, deactivate and/or delete your Personal Information from our services for the maximum term allowed by the GDPR for each applicable case. In case of secure databases under our control where deletion is impossible, we will make such information permanently inaccessible.

Notice to California Residents

Pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”), LiteSpeed Technologies and/or its affiliates, clients, sub-processors and/or authorized third parties hereto provide the following Privacy Policy notice regarding the categories of Personal Information that we may collect and/or disclose within the preceding twelve (12) months regarding California residents who are not employees, independent contractors, owners, directors, officers, or job applicants of LiteSpeed Technologies, or emergency contacts or benefits beneficiaries of the foregoing.

Thenceforth, the CCPA provides Californians with the following rights:

  • Requests for Information: you (or your authorized agent) can request a copy of your Personal Information, including how we have collected, used, and shared your Personal Information over the past 12 months (if any), including the categories of Personal Information we collected and our purposes for doing so; the categories of sources for that information; the categories of third parties with whom we shared it for a business purpose and our purposes for doing so.
  • Your Right to Notification: under the CCPA, we cannot collect new categories of Personal Information or use them for materially different purposes without first notifying you.
  • Nondiscrimination for exercising your CCPA Rights: the CCPA prohibits us from discriminating against you for exercising your rights under the law. Such discrimination may include denying services, charging different prices or rates for services, providing a different level or quality of services, or suggesting that you will receive a different level or quality of goods or services as a result of exercising your rights.
  • Your Right to Delete Personal Information: you can request that we delete your Personal Information by contacting us. You also can request that we delete specific information, and we will honor such requests, unless a due exception applies, such as when the information is necessary to complete a transaction, verify a fraud, review a chargeback or contract for which it was collected or when it is being used to detect, prevent, or investigate security incidents, comply with laws, identify and repair bugs or ensure another consumer’s ability to exercise their free speech rights or other rights provided by law.
    • Please take into consideration that we may deny your deletion request if retaining the Personal Information is necessary for us, our affiliates or our service providers in order to:

      • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
      • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
      • Debug our products to identify and repair errors that impair existing intended functionality;
      • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
      • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
      • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
      • Comply with a legal obligation that has substantive grounds;
      • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Overall, we have, may or will collect the following categories of Personal Information from our users, customers and individuals, as necessary to fulfill our legal obligations and operational business purposes:

  • Personal information (as defined in the California Customer Records Law), such as contact information;
  • Identifiers, such as online identifier, IP address and name;
  • Internet or network activity information, such as browsing history and interactions with our and other websites and systems;
  • Geo-localization data, such as device location and IP location;
  • Audio, electronic, visual and similar information, such as video recordings and multimedia content created in connection with our business activities; and
  • Inferences drawn from any of the Personal Information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.

International Data Transfer Notice

LiteSpeed Technologies values your users’ privacy. Although our software does not directly collect any personally identifiable information from visitors to your site, LiteSpeed may still be considered a data processor in certain jurisdictions, as user information may be temporarily cached and/or logged, as outlined in this document.

We have our headquarters in the State of Pennsylvania, United States of America (USA). Henceforth, your Personal Information may be accessed by us or our affiliates, agents, partners and third-party service providers in the USA and our locations which may or may not be located in your country of residence, and you hereby consent to such access and transfer by simple disclosure.

Servers

LiteSpeed Web Server, OpenLiteSpeed, LiteSpeed Web ADC, and related software may record IP addresses as a part of normal logging. An access log and an error log may record visitor IP addresses and URL visited. The logs are stored locally on the system where LiteSpeed server software is installed and are not transferred to or accessed by LiteSpeed employees in any way, except as necessary in providing routine technical support if you request it. This logging may be turned off through configuration. It is up to individual server administrators to come up with their own schedule for removing such logs from the file system.

Cache Solutions

Our cache plugins potentially store a duplicate copy of every web page on display on your site. The pages are stored locally on the system where LiteSpeed server software is installed and are not transferred to or accessed by LiteSpeed employees in any way, except as necessary in providing routine technical support if you request it. All cache files are temporary, and may easily be purged before their natural expiration, if necessary, via a Purge All command. It is up to individual site administrators to come up with their own cache expiration rules.

LSCache for WordPress

In addition to caching, our WordPress plugin has an Image Optimization feature. When optimization is requested, images are transmitted to a remote LiteSpeed server, processed, and then transmitted back for use on your site. LiteSpeed keeps copies of optimized images for 7 days (in case of network stability issues) and then permanently deletes them.

Similarly, the WordPress plugin has a Reporting feature whereby a site owner can transmit an environment report to our server so that we may better provide technical support.

Neither of these features collects any visitor data. Only server and site data is involved.

Support Services

Sometimes, when you request technical support, LiteSpeed may ask for login credentials to various areas of your site. You may refuse to share such credentials, however refusal may impact LiteSpeed’s ability to provide the requested support services.

Upon completion of a support ticket, LiteSpeed immediately deletes all login credentials you may have shared.

Any user data encountered by LiteSpeed is kept strictly confidential. We never provide your support ticket information to any third party without your explicit consent.

Contact Us

If you would like to update information that you have voluntarily provided to us, stop receiving information from us, or exercise any of the rights granted to you under Privacy Laws, including the EU’s General Data Protection Regulation, please e-mail info@litespeedtech.com.