TL;DR: If you are using althttpd.c on your website, you will need to get the latest code and recompile before the next time you need to get a cert from LetsEncrypt.
There are no (known) vulnerabilities or problems with althttpd.c. This is merely an update for LetsEncrypt compatibility due to recent changes in the LetsEncrypt certbot. Background: The althttpd.c webserver has nothing to do with SQLite, except for the fact that it was created to host the https://sqlite.org/ website, and the source code to althttpd.c is hosted on the SQLite documentation repository. See the althttpd documentation and source code here: https://www.sqlite.org/docsrc/doc/trunk/misc/althttpd.md https://www.sqlite.org/docsrc/doc/trunk/misc/althttpd.c Reason for the change: Today, I was notified by LetsEncrypt that they will be revoking some certs because of a bug in their website validation system. The cert for sqlite.org was among those being revoked. Owners of those certs were advised to get a new cert before tomorrow. But in the meantime, LetsEncrypt has modified their certbot so that it no longer worked with the legacy althttpd. Althttpd takes certain security precautions that are incompatible with the new LetsEncrypt certbot. So, in order to get a new cert, althttpd had to be modified to make an exception to the security precautions for LetsEncrypt. So, if you are one of the handful of people who are using althttpd.c for your own website, you should probably download the new althttpd.c source file and recompile. You will almost certainly need to do this before you get your next cert from LetsEncrypt. And you might need to do that before tomorrow. -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
