lighttpd just fixed a remote hole (case insensitive file systems) in the CURRENT VERSION!
Does this inspire confidence? I mean for fck sake, the version just before they fixed %00 append bug! Next thing they will discover directory traversal. o_O YEAH, yeah I want this FINE PIECE OF SOFTWARE running on my production servers. Bummer too, because the hype had it sounded pretty cool until I realized how recent those remote holes were :( > I think you have way more chance to ever see lighttpd replace apache 1.3 > oppose to have apache 2.x for sure. I am not talking for the project > what so ever, but the archive make it very obvious that apache is not > going to go higher then where it is now. Plus lighttpd does have a BSD > license, so that would be my bet. But don't expect that to change soon I > think. -- Best regards, paul mailto:[EMAIL PROTECTED]