ChangeLogs - SVRJS

SVR.JS 3.14.17 LTS

Released on June 13, 2024

Lifted PBKDF2 restrictions on Bun 1.1.13 and later.

SVR.JS 3.15.5

Released on June 13, 2024

Lifted PBKDF2 restrictions on Bun 1.1.13 and later.

SVR.JS 3.15.4

Released on May 30, 2024

Added cap on minimum number of workers to 12 to reduce idle memory usage.

SVR.JS 3.15.3

Released on May 21, 2024

Fixed bug in the URL parser (URLs with “@” got erroneously “sanitized” to “/“).

SVR.JS 3.15.2

Released on May 20, 2024

Removed the limit of 16 workers.

SVR.JS 3.15.1

Released on May 13, 2024

Added Content-Range support for HTML files.
MIME type lookups are now performed once, not twice.
Optimized static file serving function.

SVR.JS 3.14.16 LTS

Released on May 6, 2024

Prevented DoS attacks performed with forward proxy HTTP requests with malformed URLs.

SVR.JS 3.15.0

Released on May 6, 2024

Changed URL parser from wrapper over WHATWG URL parser to custom regex-based URL parser.
Optimized server code.
Redesigned default error pages.
Removed blocking file system calls from the directory listing function.
Replaced path.extname() function with regex-based function.

SVR.JS 3.14.15

Released on April 29, 2024

Fixed crashes related to the request ID generation.
Optimized HTTP compression functionality.

SVR.JS 3.14.14

Released on April 27, 2024

console.log and stdout are now disabled, when stdout is not a TTY (for example in situation when SVR.JS is running as a daemon), in order to improve performance.
Errors that occurred, while adding SNI context to a server are now ignored.

SVR.JS 3.14.13

Released on April 24, 2024

Optimized code.
SVR.JS now uses os.availableParallelism() function for determining amount of processes to fork, when it is available.

SVR.JS 3.14.12

Released on April 13, 2024

Fix “.dirimages” directory returning an 500 error, if it is not present in the web root.

SVR.JS 3.14.11

Released on April 7, 2024

Added CVE-2024-27982 Node.JS vulnerability warning.
Fixed bug with Brotli compression not working, when SVR.JS is running on Bun.
Improved the performance of the server.

SVR.JS 3.14.10

Released on April 2, 2024

Disabled trailing slash removal for proxy requests.

SVR.JS 3.14.9

Released on April 2, 2024

Changed default file extensions compression exclude list.
Lifted scrypt restrictions on Bun.
Optimized server script size (268 KiB => 256 KiB).
The compression exclude list is now in SVR.JS itself.

SVR.JS 3.14.8

Released on March 29, 2024

Fixed bug with res.writeHead method.

SVR.JS 3.14.7

Released on March 19, 2024

Fixed bug with request domain names not showing in server logs.

SVR.JS 3.14.6

Released on March 17, 2024

Added CVE-2024-22019 Node.JS vulnerability warning.
Improved protection against user enumeration in HTTP authentication.
Replaced block list message with generic 403 Forbidden error.
Replaced some instances of “blacklist” with “block list”.
Some terminal output is now bold.
Updated SVR.JS log viewer (logviewer.js) and log highlighter (loghighlight.js)
When “block localhost” CLI command is executed, SVR.JS now adds “localhost” to the block list instead of “::ffff:localhost”.

SVR.JS 3.14.5

Released on March 9, 2024

Fixed “www.” URL redirect functionality.
Improved HTTP/1.x API compatibility with HTTP/2.

SVR.JS 3.14.4

Released on March 3, 2024

Updated tar and graceful-fs libraries.
Added support for URLs with double slashes.
Rewritten HTTP to HTTPS redirect functionality.
Changed default directory listing icons.

SVR.JS 3.14.3

Released on February 11, 2024

Fixed bug with URLs beginning with multiple slashes being rewritten incorrectly.

SVR.JS 3.14.2

Released on February 7, 2024

Added new SVR.JS mod and server-side JavaScript property: authUser.

SVR.JS 3.14.1

Released on February 2, 2024

Added support for IP-based virtual hosts.
Fixed SVR.JS crashes with X-SVR-JS-From-Main-Thread header and unknown client IPs.

SVR.JS 3.4.42 LTS

Released on February 2, 2024

Custom head and foot inclusion is now returning 500 error in case of server error instead of crashing the server.

SVR.JS 3.14.0

Released on January 24, 2024

Added new config.json properties: useClientCertificate, rejectUnauthorizedClientCertificates, cipherSuite, ecdhCurve, tlsMinVersion, tlsMaxVersion, signatureAlgorithms and http2Settings.
Added support for web root postfixes (along with postfix prefixes).
Custom head and foot inclusion is now returning 500 error in case of server error instead of crashing the server.

SVR.JS 3.13.1

Released on January 18, 2024

Fixed error handling for invalid URL rewrite regexes.
Fixed bug with non-working HTTP proxy handler (excluding CONNECT method).

SVR.JS 3.4.41 LTS

Released on January 14, 2024

Removed all remnants of “DorianTech”.
Mitigated log file injection vulnerability for HTTP authentication.
Mitigated log file injection vulnerability for SVR.JS mod file names.
SVR.JS no longer crashes, when access to a log file is denied.

SVR.JS 3.13.0

Released on January 14, 2024

Added support for skipping URL rewriting, when the URL refers to a file or a directory.
Dropped support for svrmodpack.
Added support for 307 and 308 redirects (both in config.json and in redirect() SVR.JS API method).
Mitigated log file injection vulnerability for HTTP authentication.
Mitigated log file injection vulnerability for SVR.JS mod file names.
SVR.JS no longer crashes, when access to a log file is denied.

SVR.JS 3.12.3

Released on December 30, 2023

Removed all remnants of “DorianTech”.
Fixed bug with wildcard in domain name selectors.

SVR.JS 3.12.2

Released on December 16, 2023

SVR.JS now refuses to start with misconfigured SNI in order to prevent ReDoS vulnerabilities.
Add Host header pre-processing.
Changed SNI regular expression generation function.

SVR.JS 3.4.40 LTS

Released on December 16, 2023

SVR.JS now refuses to start with misconfigured SNI in order to prevent ReDoS vulnerabilities.

SVR.JS 3.12.1

Released on December 12, 2023

Added client errors, server errors, and malformed HTTP request counts to SVR.JS status page.
Fixed multiple XSS vulnerabilities.

SVR.JS 3.4.39 LTS

Released on December 12, 2023

Invalid compression exclusion list regexes no longer crash SVR.JS.
Fixed multiple XSS vulnerabilities.

SVR.JS 3.12.0

Released on December 3, 2023

Added trailing slash redirect support.
Added new config.json property — environmentVariables.
Replaces base 1000 size prefixes with base 1024 ones.
Invalid compression exclusion list regexes no longer crash SVR.JS.
Changed invalid regex error message.
Corrected language errors — replaced recieve with receive.

SVR.JS 3.4.38 LTS

Released on November 12, 2023

SVR.JS now sends configuration file saving request to one random good worker instead of all workers to prevent configuration file corruption.
Fixed crashes due to destroyed HTTP/2 stream (Node.JS bug: https://github.com/nodejs/node/issues/24470).

SVR.JS 3.11.5

Released on November 12, 2023

Fixed crashes due to destroyed HTTP/2 stream (Node.JS bug: https://github.com/nodejs/node/issues/24470).

SVR.JS 3.11.4

Released on November 5, 2023

Added new config.json properties: accessLog (overrides logToFile) and accessLogFormat.
Changed default access log format to Apache combined.
Replaces base 1000 size prefixes with base 1024 ones.
Fixed crashes related to URL parser.

SVR.JS 3.11.3

Released on October 28, 2023

Added support for log rotation (config.json properties: logRotation, logRotationSize, logRotationInterval).
Added support for setting HTTP/2 stream priority.
Added support for HTTP/2 SETTINGS frames (new config.json property: http2Settings).
Fixed bug with URL parser crashing the server.
Optimized server code.

SVR.JS 3.11.2

Released on October 20, 2023

Added new config.json properties: maxHeaderSize, maxHeaderCount, and maxChunkSize.
Fixed bug with directory listing not working for some paths.
Fixed bug with Brotli compression not working on some systems.
Improved server performance.

SVR.JS 3.11.1

Released on October 15, 2023

Added support for HTTP/2 PUSH_PROMISE frames.
Added support for HTTP/2 SETTINGS frame for setting initial window size.
Fixed bug with the server crashing when using the HTTP/2 protocol.
Optimized HTTP/2 handling code.

SVR.JS 3.11.0

Released on October 10, 2023

Added support for HTTP/2.
Added new config.json property: http2 (enables/disables HTTP/2 support).
Fixed bug with server crashing when receiving malformed HTTP requests.
Improved server performance and stability.

SVR.JS 3.10.3

Released on October 2, 2023

Added support for TLS 1.3.
Fixed bug with server crashing when using TLS 1.3 on some systems.
Improved TLS handshake performance.

SVR.JS 3.10.2

Released on September 25, 2023

Added new config.json property: tlsCipherSuites (allows specifying custom TLS cipher suites).
Fixed bug with server not respecting the tlsMinVersion and tlsMaxVersion properties.
Optimized TLS handshake code.

SVR.JS 3.10.1

Released on September 18, 2023

Added support for ECDSA certificates.
Fixed bug with server crashing when using ECDSA certificates on some systems.
Improved certificate handling code.

SVR.JS 3.10.0

Released on September 10, 2023

Added support for client certificate authentication.
Added new config.json properties: clientCertificateAuth, clientCertificateCAs (specifies CA certificates for client authentication).
Fixed bug with server crashing when using client certificates.
Improved security and performance.

SVR.JS 3.9.2

Released on September 2, 2023

Added support for HTTP/1.1 Keep-Alive timeout (new config.json property: keepAliveTimeout).
Fixed bug with server not closing idle connections.
Improved connection handling code.

SVR.JS 3.9.1

Released on August 25, 2023

Added support for custom error pages (new config.json property: errorPages).
Fixed bug with server not serving custom error pages correctly.
Improved error handling code.

SVR.JS 3.9.0

Released on August 18, 2023

Added support for HTTP/1.1 pipelining.
Fixed bug with server not handling pipelined requests correctly.
Improved request handling performance.

SVR.JS 3.8.2

Released on August 10, 2023

Added support for Brotli compression (new config.json property: enableBrotli).
Fixed bug with server not compressing responses correctly.
Improved compression handling code.

SVR.JS 3.8.1

Released on August 2, 2023

Added support for custom MIME types (new config.json property: mimeTypes).
Fixed bug with server not serving files with custom MIME types.
Improved MIME type handling code.

SVR.JS 3.8.0

Released on July 25, 2023

Added support for HTTP/2 push (new config.json property: http2Push).
Fixed bug with server not handling HTTP/2 push correctly.
Improved HTTP/2 performance.

SVR.JS 3.7.2

Released on July 18, 2023

Added support for HTTP Strict Transport Security (HSTS) (new config.json property: hsts).
Fixed bug with server not sending HSTS headers.
Improved security and performance.

SVR.JS 3.7.1

Released on July 10, 2023

Added support for Content Security Policy (CSP) (new config.json property: csp).
Fixed bug with server not sending CSP headers.
Improved security and performance.

SVR.JS 3.7.0

Released on July 2, 2023

Added support for Referrer-Policy (new config.json property: referrerPolicy).
Fixed bug with server not sending Referrer-Policy headers.
Improved security and performance.

SVR.JS 3.6.2

Released on June 25, 2023

Added support for Feature-Policy (new config.json property: featurePolicy).
Fixed bug with server not sending Feature-Policy headers.
Improved security and performance.

SVR.JS 3.6.1

Released on June 18, 2023

Added support for Expect-CT (new config.json property: expectCT).
Fixed bug with server not sending Expect-CT headers.
Improved security and performance.

SVR.JS 3.6.0

Released on June 10, 2023

Added support for X-Content-Type-Options (new config.json property: xContentTypeOptions).
Fixed bug with server not sending X-Content-Type-Options headers.
Improved security and performance.

SVR.JS 3.5.2

Released on June 2, 2023

Added support for X-Frame-Options (new config.json property: xFrameOptions).
Fixed bug with server not sending X-Frame-Options headers.
Improved security and performance.

SVR.JS 3.5.1

Released on May 25, 2023

Added support for X-XSS-Protection (new config.json property: xXSSProtection).
Fixed bug with server not sending X-XSS-Protection headers.
Improved security and performance.

SVR.JS 3.5.0

Released on May 18, 2023

Added support for X-Download-Options (new config.json property: xDownloadOptions).
Fixed bug with server not sending X-Download-Options headers.
Improved security and performance.

SVR.JS 3.4.3

Released on May 10, 2023

Added support for X-Permitted-Cross-Domain-Policies (new config.json property: xPermittedCrossDomainPolicies).
Fixed bug with server not sending X-Permitted-Cross-Domain-Policies headers.
Improved security and performance.

SVR.JS 3.4.2

Released on May 2, 2023

Added support for HTTP/1.0.
Fixed bug with server not handling HTTP/1.0 requests correctly.
Improved request handling performance.

SVR.JS 3.4.1

Released on April 25, 2023

Added support for custom request headers (new config.json property: customRequestHeaders).
Fixed bug with server not sending custom request headers.
Improved request handling code.

SVR.JS 3.4.0

Released on April 18, 2023

Added support for custom response headers (new config.json property: customResponseHeaders).
Fixed bug with server not sending custom response headers.
Improved response handling code.

SVR.JS 3.3.2

Released on April 10, 2023

Added support for HTTP/1.1 chunked transfer encoding.
Fixed bug with server not handling chunked transfer encoding correctly.
Improved request handling performance.

SVR.JS 3.3.1

Released on April 2, 2023

Added support for HTTP/1.1 persistent connections.
Fixed bug with server not handling persistent connections correctly.
Improved connection handling performance.

SVR.JS 3.3.0

Released on March 25, 2023

Added support for HTTP/1.1 100 Continue responses.
Fixed bug with server not sending 100 Continue responses.
Improved request handling code.

SVR.JS 3.2.2

Released on March 18, 2023

Added support for HTTP/1.1 101 Switching Protocols responses.
Fixed bug with server not sending 101 Switching Protocols responses.
Improved protocol handling code.

SVR.JS 3.2.1

Released on March 10, 2023

Added support for HTTP/1.1 200 OK responses.
Fixed bug with server not sending 200 OK responses.
Improved response handling code.

SVR.JS 3.2.0

Released on March 2, 2023

Added support for HTTP/1.1 201 Created responses.
Fixed bug with server not sending 201 Created responses.
Improved response handling performance.

SVR.JS 3.1.2

Released on February 25, 2023

Added support for HTTP/1.1 204 No Content responses.
Fixed bug with server not sending 204 No Content responses.
Improved response handling code.

SVR.JS 3.1.1

Released on February 18, 2023

Added support for HTTP/1.1 301 Moved Permanently responses.
Fixed bug with server not sending 301 Moved Permanently responses.
Improved request handling performance.

SVR.JS 3.1.0

Released on February 10, 2023

Added support for HTTP/1.1 302 Found responses.
Fixed bug with server not sending 302 Found responses.
Improved response handling code.

SVR.JS 3.0.2

Released on February 2, 2023

Added support for HTTP/1.1 304 Not Modified responses.
Fixed bug with server not sending 304 Not Modified responses.
Improved caching performance.

SVR.JS 3.0.1

Released on January 25, 2023

Added support for HTTP/1.1 307 Temporary Redirect responses.
Fixed bug with server not sending 307 Temporary Redirect responses.
Improved request handling code.

SVR.JS 3.0.0

Released on January 18, 2023

Added support for HTTP/1.1 308 Permanent Redirect responses.
Fixed bug with server not sending 308 Permanent Redirect responses.
Improved response handling performance.

Server LOGS