And lighttpd 1.4 is still alive :)

Especially for ssl users this release should be important: by setting

ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"

you can mitigate BEAST attacks.
Also check your site with Qualys SSL Labs Server Test

Important changes

• [mod_auth] Fix signedness error in http_auth (CVE-2011-4362)
• ssl: disable client initiated renegotiations
• ssl: support mitigating BEAST attack
• fix connection stalls

Downloads

• https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.gz
  • GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.gz.asc
  • SHA256: 59ae55b0ec427c328fa74d683e00eb1bc99bcc20cd184177875e9b6865de2b8b
• https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.bz2
  • GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.bz2.asc
  • SHA256: 0d795597e4666dbf6ffe44b4a42f388ddb44736ddfab0b1ac091e5bb35212c2d
• https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.xz
  • GPG signature: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.xz.asc
  • SHA256: c237692366935b19ef8a6a600b2f3c9b259a9c3107271594c081a45902bd9c9b
• SHA256 checksums: https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.sha256sum

In the comments for 1.4.29 we were asked for a launchpad repository for ubuntu. This is not going to happen (launchpad sucks), but we have repositories for some dists on build.opensuse.org.
Checkout GetLighttpd, or server:http/lighttpd or home:stbuehler/lighttpd on build.opensuse.org.\

Changes from 1.4.29

• Always use our ‘own’ md5 implementation, fixes linking issues on MacOS (fixes #2331)
• Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems.
• [ssl] fix build errors when Elliptic-Curve Diffie-Hellman is disabled
• Add static-file.disable-pathinfo option to prevent handling of urls like …/secret.php/image.jpg as static file
• Don’t overwrite 401 (auth required) with 501 (unknown method) (fixes #2341)
• Fix mod_status bug: always showed “0/0” in the “Read” column for uploads (fixes #2351)
• [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
• [ssl] count renegotiations to prevent client renegotiations
• [ssl] add option to honor server cipher order (fixes #2364, BEAST attack)
• [core] accept dots in ipv6 addresses in host header (fixes #2359)
• [ssl] fix ssl connection aborts if files are larger than the MAX_WRITE_LIMIT (256kb)
• [libev/cgi] fix waitpid ECHILD errors in cgi with libev (fixes #2324)