OpenLiteSpeed 1.4.20 Released! What HTTPoxy Vulnerability?


Hi Everyone,

Today's OpenLiteSpeed release is an important one. v1.4.20 will automatically block any HTTPOXY attacks without any configuration changes.

In addition to this fix, the compiler (Mac OS excluded) was updated to statically link the latest openssl libraries from the source code. This means that the configuration step (./configure) may take a couple minutes to complete.

The static linking fixes an incompatibility with OpenSSL versions prior to 1.0.2 caused by Chrome's deprecating NPN support. This caused HTTP/2 connections to downgrade to HTTP 1.1.

With all the security fixes, we strongly recommend updating to this version.

Download link here

The packages should be available soon.