Version 2.16.20

27 August, 2025 [Early bird]

• Added support to getting maximum request count for FastCGI processes from an environment variable such as PHP_FCGI_MAX_REQUESTS
  • No more spurious Error 500s with FastCGI PHP interpreters.
  • By default, the FastCGI PHP interpreter will stop responding after servicing 500 requests. When this happens, Abyss Web Server will wait for the interpreter, deem it dead, and report Error 500. We've implemented a new way to account for that behavior and adapt the Web server to the expectations of PHP without any extra configuration. Now Abyss Web Server is able to adapt its process recycling based on the value of a special environment variable if present, otherwise it uses a default value (500). This is done for PHP only but could be configured for any other FastCGI interpreter.
• Added support to "WebSocket and Post-Protocol Switch Timeout" in reverse-proxy
  • No more WebSocket disconnections
  • Reverse-proxying has now two timeouts: one for HTTP service and another once the connection switches to a tunnel mode. This happens with the HTTP CONNECT verb or more commonly with WebSocket connections. The second timeout should be larger than the first to account for the difference of use.
• Added an option to disable compressing dynamically generated content which could cause security issues with SSL/TLS
  • Hardened SSL/TLS hosted sites against BREACH class attacks;
  • When a SSL/TLS host site contains scripts that could generate content based on user controlled input (forms or query string), a malicious man-in-the-middle can monitor Gzip-compressed responses to known requests and derive from the information about the secrets in the actual encrypted replies without any knowledge of the encryption keys. The most guaranteed mitigation to this class of attacks is to disable altogether any compression of dynamically-generated HTTP responses over HTTPS. Abyss Web Server has now the right default to do so without any extra configuration. You can still control what to compress if you have precise knowledge about the behavior of your scripts and their output.
• Added support for accepting clear text requests on a port dedicated to SSL/TLS
  • Handle protocol mismatch when accessing a HTTPS endpoint using a http:// schema;
  • When using HTTPS on a non-standard port, visitors could wrongly access the URL using http:// instead of https://. Instead of refusing the connection, Abyss Web Server can now process the clear text HTTP request and redirect the visitor with a 302 status code to the right URL with the https:// prefix.
• Updated the internals of the console for better responsiveness:
  • New JS-free implementation of the responsive menu;
  • Removed third-party JS library dependency (zepto.js);
  • Updated console.css to not use px (except for thin borders) and to accommodate the new responsive menu CSS-only design;
  • Fixed console "Bind To" drop down contents.
• Added case-insensitivity support to user names
  • Added support for optional case-sensitivity in user names in "Access Control";
  • Added case-insensitivity for console login.
• Improved certificates handling
  • Added "valid until" parameter in self-signed certificates generation;
  • Added support for generating CSRs and self-signed certificates with IP addresses in SAN field;
  • Improved the generation of CN and SAN fields to select domain names with length less than 63 characters in CN;
  • Added SAN field decoding in certificates listing with proper support for IPs and International Domain Names;
  • Added SS (South Sudan) to the list of countries dropdown in CSR and self-signed certificate generation in the console.
• Miscellaneous changes
  • Fixed headers table case sensitivity in reverse-proxy;
  • Implemented Camel-Case transformation for headers received over a HTTP/2 stream;
  • Added H2 and HTTPS counters and stats in the console and to the X_ABYSS_STAT CGI variables.
• Networking implementation
  • Updated connection handling internals to improve speed and fix edge cases with timeouts and stalled TCP/IP;
  • Reverted to activating the TCP_NODELAY option to avoid the 40ms penalty per TCP/IP connection on most operating systems;
  • Fixed handling of disconnections of back-end servers during reverse-proxy processing.