Skip to main content
mod_pagespeed 1.15 — Cyclone Cache, modernized optimizations, IIS + .NET support, and six years of security updates
2.0 1.1

Release Notes

ModPageSpeed 2.0 release notes — capabilities, performance, and security updates. Updating to the latest release is recommended.

On this page

ModPageSpeed 2.0 ships on a continuous release cadence. The current stable release is 2.0.37. This page summarizes what the product does and the user-facing changes in recent releases. We recommend running the latest release — it always carries the most recent performance and security work.

What’s in ModPageSpeed 2.0

Optimization pipeline

  • Always-on, asynchronous optimization. Optimization runs in a worker off the request path. The first request for a resource serves the original; subsequent requests serve the optimized variant, so optimization never adds latency to a page load.
  • Modern image delivery. Images are transcoded to WebP and AVIF and served per viewport class and pixel density, with Save-Data taken into account.
  • Critical CSS, loaded the fast way. Above-the-fold CSS is inlined and the rest is loaded asynchronously without blocking render, in a way that is safe under a strict Content-Security-Policy.
  • LCP and layout hints. Native lazy-loading, fetchpriority for the largest image, and preconnect discovery for third-party origins.
  • SVG vectorization for suitable raster images, and learned per-image quality prediction so each image is encoded at the right quality.

Operations and visibility

  • Web console for cache inspection, live statistics, and configuration.
  • Honest savings reporting — bandwidth and cache-hit figures reflect real net savings.
  • Statistics parity across the nginx integration and the ASP.NET Core middleware.

Content integrity

  • Content Credentials (C2PA) are preserved through image optimization, so provenance metadata survives the delivery layer instead of being stripped.

Licensing

  • Always functional. The optimizer never blocks your site. An unlicensed install keeps working and is signaled with a response header rather than gated.
  • Per-site licensing for straightforward, predictable coverage.

Recent releases

Most recent first. Security entries describe the impact class and recommend updating; we keep implementation specifics out of public notes by policy.

  • 2.0.37 — Security and reliability. The bundled runtime images are rebuilt against the latest distribution security updates, the admin console receives security and reliability hardening, and cache fixes cover long transfers, concurrent startup, and shutdown ordering. Updating is recommended.
  • 2.0.36 — Verified-crawler controls (experimental). Off-by-default RSL-CAP capability-token validation and an opt-in AI-crawl counter for Web Bot Auth, plus an async-CSS correctness fix and unified metrics output.
  • 2.0.32 – 2.0.33 — Security releases. Security updates to the bundled image-processing components, plus additional hardening of shipped binaries. Updating is recommended.
  • 2.0.30 — Content integrity. Content Credentials (C2PA) are now preserved through image optimization, and Markdown responses are served with the correct content type.
  • 2.0.28 — Stability. Fixed a flash-of-unstyled-content edge case when asynchronous CSS loaded against a cold cache, and removed a duplicate copy of inlined critical CSS.
  • 2.0.26 — Performance and visibility. CSP-safe asynchronous CSS loading, and accurate bandwidth-savings reporting in the console.
  • 2.0.22 — Licensing. Per-site licensing.
  • 2.0.18 — Licensing. Always-functional licensing: the engine never blocks serving; unlicensed use is signaled with a response header.
  • 2.0.15 — Visibility. Bandwidth-savings statistics now populate for the ASP.NET Core middleware, at parity with the nginx integration.

Install and upgrade

ModPageSpeed 2.0 ships as a NuGet package (ASP.NET Core middleware), as Docker images, and as a Helm chart. See Getting started to install, or Deployment for production rollouts. Upgrading is a matter of moving to the latest package or image tag.

Reporting a security issue

Found a security problem? Please email info@we-amp.com so we can investigate and ship a fix. We publish security-relevant changes here as part of the regular release notes.