Development

[DannyArends]

###Security

-Guard against malformed Range header — to!long wrapped in try/catch, returns [-1, -1] on bad input
-environment.toAA() replaced with a whitelist — CGI scripts no longer receive the full server environment
-SSL context race condition fixed — contextsMutex added, all reads/writes to contexts[] now locked

###Performance

-nAlive/nAliveFromIP linear scans replaced with nAlivePerIP[string] rebuilt each loop iteration
-WebConfig now cached per domain — only re-parsed when web.config changes on disk
-needsupdate() double fileSize() syscall reduced to one
-scan() no longer calls needsupdate() before buffer() — eliminates duplicate log output
-rebuffer() now uses byValue — removes repeated AA lookups

###Robustness

-Thread.sleep(2ms) busy-wait replaced with sISelect — clients block on socket read, wake on data
-Server accept loop and client receive timeouts explicitly separated (5ms vs 25ms)
-SocketSet allocation moved to driver field — reused per connection instead of allocated per call
-TOCTOU race in needsupdate/buffer fixed — re-check under lock inside buffer()
-rebuffer() now synchronized
-setPayload sets havepost = true — logically consistent with ready
-buffer() returns bool — callers can check success

###Windows fixes

-/dev/null replaced with platform-aware NUL in process.d unittest
-split(":")[0] crash on empty lines in CGI header parser fixed
-keepalive.d trailing \n removed — fixes Content-Length mismatch on Windows

###Code quality

-Magic OpenSSL numeric constants replaced with named immutable values
-sISelect unified into a single function with write flag and timeout parameter
-findContextLocked dead code removed
-nAlive() simplified to derive from nAlivePerIP.byValue.sum