Exactly 15 years ago, I released Hiawatha v0.1. A lot has happened since then. From a small, simple and mostly experimental webserver, Hiawatha has grown to a mature and fully functional webserver. Many experimental security features have proven to be very usefull, even in a production environment, and make Hiawatha a very secure webserver. It might even be the most secure webserver available.
Despite all my attempts to make Hiawatha more known to the world, Hiawatha still doesn't have many users. My best guess is that Hiawatha is installed at a few hundred servers with only a few dozen serious users. The last few years, I'm perfectly fine with that. I've accepted that the world doesn't need another webserver, specially not one that has a main focus on security. Speed and performance is what truly matters to most people. Although Hiawatha is not a slow webserver [1, 2], I simply don't put my main focus on it and don't advertise it much.
The only feature that is missing to make Hiawatha really ready for the future is HTTP/2 support. It's not a secret that I'm not a big fan of HTTP/2 [3, 4]. In my opinion, HTTP/2 is a protocol by Google, for Google. If you're not (like) Google, you won't benefit much from it. Because implementing HTTP/2 will cost a lot of time, Hiawatha users won't benefit from it in any way and Hiawatha doesn't have many users, chances are very slim Hiawatha will have HTTP/2 support soon. Because many devices with an HTTP interface, like modems, routers, printers, storage devices, etc, only support HTTP/1.x at the moment, it's unlikely browsers will drop support for HTTP/1.x within the next decade. And in a decade, much can change. Perhaps I find the time and will to implement HTTP/2. Perhaps if I implement a bit of it each year, it will be ready in a few years. Maybe somebody else helps me implement it. Who knows. I still like developing and still like IT security, so Hiawatha will probably remain my hobby webserver for as long as I live.
Since Hiawatha v7.0, you can keep track of a lot of things that are going on at your webserver via the Hiawatha Monitor. It gives me a lot of information about hack attempts, malfunctioning websites or which website simply needs a bit of attention. Although I use it a lot myself, it also doesn't have many users. So, I will keep using and supporting it, but don't expect much new development there as well.
So, what can you expect instead? Hiawatha is and will always be a webserver with a main focus on security. So, new releases will contain new security features, both proven useful and experimental. But because Hiawatha is already a mature webserver, new versions won't be released as often as in the past time. Of course, bugs will be taken seriously and be dealt with as fast as I can.
Whether or not your website gets hacked, mostly depends on the security of the website itself, not the security of the webserver. Therefor, I also developed a secure PHP framework, called Banshee. Because there's more to do in Banshee than in Hiawatha, in the future, more of my free time will go to Banshee instead of Hiawatha.
To celebrate the 15th anniversary, I've released Hiawatha v10.5.