Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
security:tls:staging
rubygem-puma
rubygem-puma.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-puma.changes of Package rubygem-puma
------------------------------------------------------------------- Mon Nov 4 17:16:17 UTC 2024 - Dan Čermák <dan.cermak@posteo.net> - 6.4.3: * Security * Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). ([CVE-2024-45614](https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4)/GHSA-9hf4-67fc-4vf4) ------------------------------------------------------------------- Mon Jan 29 14:23:04 UTC 2024 - Dan Čermák <dan.cermak@posteo.net> - 6.4.1: * Bugfixes * DSL#warn_if_in_single_mode - fixup when workers set via CLI ([#3256]) * Fix `idle-timeout` not working in cluster mode ([#3235], [#3228], [#3282], [#3283]) * Fix worker 0 timing out during phased restart ([#3225], [#2786]) * context_builder.rb - require openssl if verify_mode != 'none' ([#3179]) * Make puma cluster process suitable as PID 1 ([#3255]) * Improve Puma::NullIO consistency with real IO ([#3276]) * extconf.rb - fixup to detect openssl info in Ruby build ([#3271], [#3266]) * MiniSSL.java - set serialVersionUID, fix RaiseException deprecation ([#3270]) * dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set ([#3265], [#3264]) * Maintenance * LOTS of test refactoring to make tests more stable and easier to write - thanks to @MSP-Greg! * Fix bug in tests re: TestPuma::HOST4 ([#3254]) * Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed ([#3245]) * fix define_method calls, use Symbol parameter instead of String ([#3293]) * Docs * README.md - add the puma-acme plugin ([#3301]) * Remove `--keep-file-descriptors` flag from systemd docs ([#3248]) * Note symlink mechanism in restart documentation for hot restart ([#3298]) ------------------------------------------------------------------- Sat Nov 4 00:13:18 UTC 2023 - Marcus Rueckert <mrueckert@suse.de> - Update to 6.4.0 * Features * on_thread_exit hook ([#2920]) * on_thread_start_hook ([#3195]) * Shutdown on idle ([#3209], [#2580]) * New error message when control server port taken ([#3204]) * Refactor * Remove `Forwardable` dependency ([#3191], #3190) * Update URLMap Regexp usage for Ruby v3.3 ([#3165]) * Bugfixes * Bring the cert_pem: parameter into parity with the cert: parameter to ssl_bind. ([#3174]) * Fix using control server with IPv6 host ([#3181]) * control_cli.rb - add require_relative 'log_writer' ([#3187]) * Fix cases where fallback Rack response wasn't sent to the client ([#3094]) ------------------------------------------------------------------- Fri Nov 3 07:50:44 UTC 2023 - Dan Čermák <dan.cermak@posteo.net> - 6.3.1: * Security * Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields ([GHSA-68xg-gqqm-vgj8](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8)) ------------------------------------------------------------------- Wed Jun 21 21:31:39 UTC 2023 - Marcus Rueckert <mrueckert@suse.de> - Update to 6.3.0 - Features - Add dsl method `supported_http_methods` ([#3106], [#3014]) - Puma error responses no longer have any fingerprints to indicate Puma ([#3161], [#3037]) - Support decryption of SSL key ([#3133], [#3132]) - Bugfixes - Don't send 103 early hints response when only invalid headers are used ([#3163]) - Handle malformed request path ([#3155], [#3148]) - Misc lib file fixes - trapping additional errors, CI helper ([#3129]) - Fixup req form data file upload with "r\n" line endings ([#3137]) - Restore rack 1.6 compatibility Restore rack 1.6 compatibility ([#3156]) - Refactor - const.rb - Update Puma::HTTP_STATUS_CODES ([#3162]) - Clarify Reactor#initialize ([#3151]) ------------------------------------------------------------------- Fri Apr 28 21:46:00 UTC 2023 - Marcus Rueckert <mrueckert@suse.de> - Update to 6.2.2 - Bugfixes - Fix Rack-related NameError by adding :: operator ([#3118], [#3117]) - changes from 6.2.1 - Bugfixes - Fix java 8 compatibility ([#3109], [#3108]) - Always write io_buffer when in "enum bodies" branch. ([#3113], [#3112]) - Fix warn_if_in_single_mode incorrect message ([#3111]) - changes from 6.2.0 - Features - Ability to supply a custom logger ([#2770], [#2511]) - Warn when clustered-only hooks are defined in single mode ([#3089]) - Adds the on_booted event ([#2709]) - Bugfixes - Loggers - internal_write - catch Errno::EINVAL ([#3091]) - commonlogger.rb - fix HIJACK time format, use constants, not strings ([#3074]) - Fixed some edge cases regarding request hijacking ([#3072]) - changes from 6.1.1 - Bugfixes - We no longer try to use the systemd plugin for JRuby ([#3079]) - Allow ::Rack::Handler::Puma.run to work regardless of whether Rack/Rackup are loaded ([#3080]) - changes from 6.1.0 - Features - WebSocket support via partial hijack ([#3058], [#3007]) - Add built-in systemd notify support ([#3011]) - Periodically send status to systemd ([#3006], [#2604]) - Introduce the ability to return 413: payload too large for requests ([#3040]) - Log loaded extensions when `PUMA_DEBUG` is set ([#3036], [#3020]) - Bugfixes - Fix issue with rack 3 compatibility re: rackup ([#3061], [#3057]) - Allow setting TCP low_latency with SSL listener ([#3065]) - Performance - Reduce memory usage for large file uploads ([#3062]) - changes from 6.0.2 - Refactor - Remove use of etc and time gems in Puma ([#3035], [#3033]) - Refactor const.rb - freeze ([#3016]) - changes from 6.0.1 - Bugfixes - Handle waking up a closed selector in Reactor#add ([#3005]) - Fixup response processing, enumerable bodies ([#3004], [#3000]) - Correctly close app body for all code paths ([#3002], [#2999]) - Refactor - Add IOBuffer to Client, remove from ThreadPool thread instances ([#3013]) ------------------------------------------------------------------- Fri Apr 28 13:18:28 UTC 2023 - Marcus Rueckert <mrueckert@suse.de> - Fix file permissions in post_install so we do not get more rpmlint warnings ------------------------------------------------------------------- Wed Dec 7 11:30:20 UTC 2022 - Stephan Kulow <coolo@suse.com> - updated to version 6.0.0 see installed History.md ## 6.0.0 / 2022-10-XX * Breaking Changes * Dropping Ruby 2.2 and 2.3 support (now 2.4+) ([#2919]) * Remote_addr functionality has changed ([#2652], [#2653]) * No longer supporting Java 1.7 or below (JRuby 9.1 was the last release to support this) ([#2849]) * Remove nakayoshi GC ([#2933], [#2925]) * wait_for_less_busy_worker is now default on ([#2940]) * Prefix all environment variables with `PUMA_` ([#2924], [#2853]) * Removed some constants ([#2957], [#2958], [#2959], [#2960]) * The following classes are now part of Puma's private API: `Client`, `Cluster::Worker`, `Cluster::Worker`, `HandleRequest`. ([#2988]) * Features * Increase throughput on large (100kb+) response bodies by 3-10x ([#2896], [#2892]) * Increase throughput on file responses ([#2923]) * Add support for streaming bodies in Rack. ([#2740]) * Allow OpenSSL session reuse via a 'reuse' ssl_bind method or bind string query parameter ([#2845]) * Allow `run_hooks` to pass a hash to blocks for use later ([#2917], [#2915]) * Allow using `preload_app!` with `fork_worker` ([#2907]) * Support request_body_wait metric with higher precision ([#2953]) * Allow header values to be arrays (Rack 3) ([#2936], [#2931]) * Export Puma/Ruby versions in /stats ([#2875]) * Allow configuring request uri max length & request path max length ([#2840]) * Add a couple of public accessors ([#2774]) * Log entire backtrace when worker start fails ([#2891]) * [jruby] Enable TLSv1.3 support ([#2886]) * [jruby] support setting TLS protocols + rename ssl_cipher_list ([#2899]) * [jruby] Support a truststore option ([#2849], [#2904], [#2884]) * Bugfixes * Load the configuration before passing it to the binder ([#2897]) * Do not raise error raised on HTTP methods we don't recognize or support, like CONNECT ([#2932], [#1441]) * Fixed a memory leak when creating a new SSL listener ([#2956]) * Refactor * log_writer.rb - add internal_write method ([#2888]) * [WIP] Refactor: Split out LogWriter from Events (no logic change) ([#2798]) * Extract prune_bundler code into it's own class. ([#2797]) * Refactor Launcher#run to increase readability (no logic change) ([#2795]) * Ruby 3.2 will have native IO#wait_* methods, don't require io/wait ([#2903]) * Various internal API refactorings ([#2942], [#2921], [#2922], [#2955]) ------------------------------------------------------------------- Fri Aug 26 16:34:41 UTC 2022 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.6.5 * Bugfixes * NullIO#closed should return false ([#2883]) * Puma::ControlCLI - allow refork command to be sent as a request ([#2868], [#2866]) * [jruby] Fix TLS verification hang ([#2890], [#2729]) * extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ([#2885], [#2839]) * MiniSSL - detect SSL_CTX_set_dh_auto ([#2864], [#2863]) * Fix rack.after_reply exceptions breaking connections ([#2861], [#2856]) * Escape SSL cert and filenames ([#2855]) * Fail hard if SSL certs or keys are invalid ([#2848]) * Fail hard if SSL certs or keys cannot be read by user ([#2847]) * Fix build with Opaque DH in LibreSSL 3.5. ([#2838]) * Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) ([#2817]) * Fix Puma::StateFile#load incompatibility ([#2810]) ------------------------------------------------------------------- Wed Mar 30 22:24:21 UTC 2022 - Marcus Rueckert <mrueckert@suse.de> - Update to version 5.6.4 https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9 https://github.com/puma/puma/releases/tag/v5.6.4 ------------------------------------------------------------------- Sat Feb 12 16:18:43 UTC 2022 - Marcus Rueckert <mrueckert@suse.de> - Update to version 5.6.2 https://github.com/advisories/GHSA-rmj8-8hhh-gv5h https://rubysec.com/advisories/CVE-2022-23634/ other changes: https://github.com/puma/puma/releases/tag/v5.6.1 https://github.com/puma/puma/releases/tag/v5.6.0 ------------------------------------------------------------------- Tue Dec 21 00:24:34 UTC 2021 - Marcus Rueckert <mrueckert@suse.de> - Update to version 5.5.2 https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx Re-allows UTF-8 in HTTP header values ------------------------------------------------------------------- Sat Oct 9 09:16:35 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.5.0 * Features * Automatic SSL certificate provisioning for localhost, via localhost gem ([#2610], [#2257]) * add support for the PROXY protocol (v1 only) ([#2654], [#2651]) * Add a semantic CLI option for no config file ([#2689]) * Bugfixes * More elaborate exception handling - lets some dead pumas die. ([#2700], [#2699]) * allow multiple after_worker_fork hooks ([#2690]) * Preserve BUNDLE_APP_CONFIG on worker fork ([#2688], [#2687]) * Performance * Fix performance of server-side SSL connection close. ([#2675]) ------------------------------------------------------------------- Wed Aug 25 05:21:15 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.4.0 * Features * Better/expanded names for threadpool threads ([#2657]) * Allow pkg_config for OpenSSL ([#2648], [#1412]) * Add `rack_url_scheme` to Puma::DSL, allows setting of `rack.url_scheme` header ([#2586], [#2569]) * Bugfixes * `Binder#parse` - allow for symlinked unix path, add create_activated_fds debug ENV ([#2643], [#2638]) * Fix deprecation warning: minissl.c - Use Random.bytes if available ([#2642]) * Client certificates: set session id context while creating SSLContext ([#2633]) * Fix deadlock issue in thread pool ([#2656]) * Refactor * Replace `IO.select` with `IO#wait_*` when checking a single IO ([#2666]) ------------------------------------------------------------------- Tue Jun 1 03:39:59 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.3.2 * Bugfixes * Gracefully handle Rack not accepting CLI options (#2630, #2626) * Fix sigterm misbehavior (#2629) * Improvements to keepalive-connection shedding (#2628) ------------------------------------------------------------------- Fri May 14 16:22:43 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.3.1 ## 5.3.1 / 2021-05-11 * Security * Close keepalive connections after the maximum number of fast inlined requests (#2625) ## 5.3.0 / 2021-05-07 * Features * Add support for Linux's abstract sockets ([#2564], [#2526]) * Add debug to worker timeout and startup ([#2559], [#2528]) * Print warning when running one-worker cluster ([#2565], [#2534]) * Don't close systemd activated socket on pumactl restart ([#2563], [#2504]) * Bugfixes * systemd - fix event firing ([#2591], [#2572]) * Immediately unlink temporary files ([#2613]) * Improve parsing of HTTP_HOST header ([#2605], [#2584]) * Handle fatal error that has no backtrace ([#2607], [#2552]) * Fix timing out requests too early ([#2606], [#2574]) * Handle segfault in Ruby 2.6.6 on thread-locals ([#2567], [#2566]) * Server#closed_socket? - parameter may be a MiniSSL::Socket ([#2596]) * Define UNPACK_TCP_STATE_FROM_TCP_INFO in the right place ([#2588], [#2556]) * request.rb - fix chunked assembly for ascii incompatible encodings, add test ([#2585], [#2583]) * Performance * Reset peerip only if remote_addr_header is set ([#2609]) * Reduce puma_parser struct size ([#2590]) * Refactor * Refactor drain on shutdown ([#2600]) * Micro optimisations in `wait_for_less_busy_worker` feature ([#2579]) * Lots of test fixes ------------------------------------------------------------------- Mon Mar 15 04:30:12 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.2.2 * Bugfixes * Add `#flush` and `#sync` methods to `Puma::NullIO` ([#2553]) * Restore `sync=true` on `STDOUT` and `STDERR` streams ([#2557]) ------------------------------------------------------------------- Sat Feb 6 11:34:39 UTC 2021 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.2.1 * Bugfixes * Fix TCP cork/uncork operations to work with ssl clients ([#2550]) * Require rack/common_logger explicitly if :verbose is true ([#2547]) * MiniSSL::Socket#write - use data.byteslice(wrote..-1) ([#2543]) * Set `@env[CONTENT_LENGTH]` value as string. ([#2549]) ------------------------------------------------------------------- Fri Dec 11 03:18:21 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com> ## 5.1.1 / 2020-12-10 * Bugfixes * Fix over eager matching against banned header names ([#2510]) ## 5.1.0 / 2020-11-30 * Features * Phased restart availability is now always logged, even if it is not available. * Prints the loaded configuration if the environment variable `PUMA_LOG_CONFIG` is present ([#2472]) * Integrate with systemd's watchdog and notification features ([#2438]) * Adds max_fast_inline as a configuration option for the Server object ([#2406]) * You can now fork workers from worker 0 using SIGURG w/o fork_worker enabled [#2449] * Add option to bind to systemd activated sockets ([#2362]) * Add compile option to change the `QUERY_STRING` max length ([#2485]) * Bugfixes * Fix JRuby handling in Puma::DSL#ssl_bind ([#2489]) * control_cli.rb - all normal output should be to @stdout ([#2487]) * Catch 'Error in reactor loop escaped: mode not supported for this object: r' ([#2477]) * Ignore Rails' reaper thread (and any thread marked forksafe) for warning ([#2475]) * Ignore illegal (by Rack spec) response header ([#2439]) * Close idle connections immediately on shutdown ([#2460]) * Fix some instances of phased restart errors related to the `json` gem ([#2473]) * Remove use of `json` gem to fix phased restart errors ([#2479]) * Fix grouping regexp of ILLEGAL_HEADER_KEY_REGEX ([#2495])- ------------------------------------------------------------------- Sun Nov 1 16:31:28 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 5.0.4 * Bugfixes * Pass preloaded application into new workers if available when using `preload_app` ([#2461], [#2454]) ## 5.0.3 / 2020-10-26 * Bugfixes * Add Client#io_ok?, check before Reactor#register ([#2432]) * Fix hang on shutdown in refork ([#2442]) * Fix `Bundler::GemNotFound` errors for `nio4r` gem during phased restarts ([#2427], [#2018]) * Server run thread safety fix ([#2435]) * Fire `on_booted` after server starts ([#2431], [#2212]) * Cleanup daemonization in rc.d script ([#2409]) * Refactor * Remove accept_nonblock.rb, add test_integration_ssl.rb ([#2448]) * Refactor status.rb - dry it up a bit ([#2450]) * Extract req/resp methods to new request.rb from server.rb ([#2419]) * Refactor Reactor and Client request buffering ([#2279]) * client.rb - remove JRuby specific 'finish' code ([#2412]) * Consolidate fast_write calls in Server, extract early_hints assembly ([#2405]) * Remove upstart from docs ([#2408]) * Extract worker process into separate class ([#2374]) * Consolidate option handling in Server, Server small refactors, doc changes ([#2389]) ## 5.0.2 / 2020-09-28 * Bugfixes * Reverted API changes to Server. ## 5.0.1 / 2020-09-28 * Bugfixes * Fix LoadError in CentOS 8 ([#2381]) * Better error handling during force shutdown ([#2271]) * Prevent connections from entering Reactor after shutdown begins ([#2377]) * Fix error backtrace debug logging && Do not log request dump if it is not parsed ([#2376]) * Split TCP_CORK and TCP_INFO ([#2372]) * Do not log EOFError when a client connection is closed without write ([#2384]) * Refactor * Change Events#ssl_error signature from (error, peeraddr, peercert) to (error, ssl_socket) ([#2375]) * Consolidate option handling in Server, Server small refactors, doc chang ([#2373]) ------------------------------------------------------------------- Fri Sep 25 14:40:42 UTC 2020 - Stephan Kulow <coolo@suse.com> updated to version 5.0.0 see installed History.md ## 5.0.0 * Features * Allow compiling without OpenSSL and dynamically load files needed for SSL, add 'no ssl' CI (#2305) * EXPERIMENTAL: Add `fork_worker` option and `refork` command for reduced memory usage by forking from a worker process instead of the master process. (#2099) * EXPERIMENTAL: Added `wait_for_less_busy_worker` config. This may reduce latency on MRI through inserting a small delay before re-listening on the socket if worker is busy (#2079). * EXPERIMENTAL: Added `nakayoshi_fork` option. Reduce memory usage in preloaded cluster-mode apps by GCing before fork and compacting, where available. (#2093, #2256) * Added pumactl `thread-backtraces` command to print thread backtraces (#2054) * Added incrementing `requests_count` to `Puma.stats`. (#2106) * Increased maximum URI path length from 2048 to 8192 bytes (#2167, #2344) * `lowlevel_error_handler` is now called during a forced threadpool shutdown, and if a callable with 3 arguments is set, we now also pass the status code (#2203) * Faster phased restart and worker timeout (#2220) * Added `state_permission` to config DSL to set state file permissions (#2238) * Added `Puma.stats_hash`, which returns a stats in Hash instead of a JSON string (#2086, #2253) * `rack.multithread` and `rack.multiprocess` now dynamically resolved by `max_thread` and `workers` respectively (#2288) * Deprecations, Removals and Breaking API Changes * `--control` has been removed. Use `--control-url` (#1487) * `worker_directory` has been removed. Use `directory`. * min_threads now set by environment variables PUMA_MIN_THREADS and MIN_THREADS. (#2143) * max_threads now set by environment variables PUMA_MAX_THREADS and MAX_THREADS. (#2143) * max_threads default to 5 in MRI or 16 for all other interpreters. (#2143) * preload by default if workers > 1 (#2143) * Puma::Plugin.workers_supported? has been removed. Use Puma.forkable? instead. (#2143) * `tcp_mode` has been removed without replacement. (#2169) * Daemonization has been removed without replacement. (#2170) * Changed #connected_port to #connected_ports (#2076) * Configuration: `environment` is read from `RAILS_ENV`, if `RACK_ENV` can't be found (#2022) * Log binding on http:// for TCP bindings to make it clickable * Bugfixes * Fix JSON loading issues on phased-restarts (#2269) * Improve shutdown reliability (#2312, #2338) * Close client http connections made to an ssl server with TLSv1.3 (#2116) * Do not set user_config to quiet by default to allow for file config (#2074) * Always close SSL connection in Puma::ControlCLI (#2211) * Windows update extconf.rb for use with ssp and varied Ruby/MSYS2 combinations (#2069) * Ensure control server Unix socket is closed on shutdown (#2112) * Preserve `BUNDLE_GEMFILE` env var when using `prune_bundler` (#1893) * Send 408 request timeout even when queue requests is disabled (#2119) * Rescue IO::WaitReadable instead of EAGAIN for blocking read (#2121) * Ensure `BUNDLE_GEMFILE` is unspecified in workers if unspecified in master when using `prune_bundler` (#2154) * Rescue and log exceptions in hooks defined by users (on_worker_boot, after_worker_fork etc) (#1551) * Read directly from the socket in #read_and_drop to avoid raising further SSL errors (#2198) * Set `Connection: closed` header when queue requests is disabled (#2216) * Pass queued requests to thread pool on server shutdown (#2122) * Fixed a few minor concurrency bugs in ThreadPool that may have affected non-GVL Rubies (#2220) * Fix `out_of_band` hook never executed if the number of worker threads is > 1 (#2177) * Fix ThreadPool#shutdown timeout accuracy (#2221) * Fix `UserFileDefaultOptions#fetch` to properly use `default` (#2233) * Improvements to `out_of_band` hook (#2234) * Prefer the rackup file specified by the CLI (#2225) * Fix for spawning subprocesses with fork_worker option (#2267) * Set `CONTENT_LENGTH` for chunked requests (#2287) * JRuby - Add Puma::MiniSSL::Engine#init? and #teardown methods, run all SSL tests (#2317) * Improve shutdown reliability (#2312) * Resolve issue with threadpool waiting counter decrement when thread is killed * Constrain rake-compiler version to 0.9.4 to fix `ClassNotFound` exception when using MiniSSL with Java8. * Fix recursive `prune_bundler` (#2319). * Ensure that TCP_CORK is usable * Fix corner case when request body is chunked (#2326) * Fix filehandle leak in MiniSSL (#2299) * Refactor * Remove unused loader argument from Plugin initializer (#2095) * Simplify `Configuration.random_token` and remove insecure fallback (#2102) * Simplify `Runner#start_control` URL parsing (#2111) * Removed the IOBuffer extension and replaced with Ruby (#1980) * Update `Rack::Handler::Puma.run` to use `**options` (#2189) * ThreadPool concurrency refactoring (#2220) * JSON parse cluster worker stats instead of regex (#2124) * Support parallel tests in verbose progress reporting (#2223) * Refactor error handling in server accept loop (#2239) ------------------------------------------------------------------- Sat Sep 12 12:35:48 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 4.3.6 * Bugfixes * Explicitly include ctype.h to fix compilation warning and build error on macOS with Xcode 12 (#2304) * Don't require json at boot (#2269) ------------------------------------------------------------------- Wed May 27 11:04:58 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 4.3.5 * CVE-2020-11076, CVE-2020-11077: Fixed two separate HTTP smuggling vulnerabilities that used the Transfer-Encoding header ------------------------------------------------------------------- Tue Mar 3 10:37:59 UTC 2020 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 4.3.3 # Bugfixes * Fix: Fixes a problem where we weren't splitting headers correctly on newlines (#2132) # Security * Fix: Prevent HTTP Response splitting via CR in early hints. ------------------------------------------------------------------- Sat Dec 14 00:29:15 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 4.3.1 * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack (CVE-2019-16770) ------------------------------------------------------------------- Tue Nov 12 14:54:48 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 4.3.0 * Features * Strip whitespace at end of HTTP headers (#2010) * Optimize HTTP parser for JRuby (#2012) * Add SSL support for the control app and cli (#2046, #2052) * Bugfixes * Fix Errno::EINVAL when SSL is enabled and browser rejects cert (#1564) * Fix pumactl defaulting puma to development if an environment was not specified (#2035) * Fix closing file stream when reading pid from pidfile (#2048) * Fix a typo in configuration option `--extra_runtime_dependencies` (#2050) ------------------------------------------------------------------- Thu Aug 15 13:33:10 UTC 2019 - Manuel Schnitzer <mschnitzer@suse.com> - updated to version 4.1.0 * 4 features * Add REQUEST_PATH on parse error message (#1831) * You can now easily add custom log formatters with the `log_formatter` config option (#1816) * Puma.stats now provides process start times (#1844) * Add support for disabling TLSv1.1 (#1836) * 7 bugfixes * Fix issue where Puma was creating zombie process entries (#1887) * Fix bugs with line-endings and chunked encoding (#1812) * RACK_URL_SCHEME is now set correctly in all conditions (#1491) * We no longer mutate global STDOUT/STDERR, particularly the sync setting (#1837) * SSL read_nonblock no longer blocks (#1857) * Swallow connection errors when sending early hints (#1822) * Backtrace no longer dumped when invalid pumactl commands are run (#1863) * 5 other * Avoid casting worker_timeout twice (#1838) * Removed a call to private that wasn't doing anything (#1882) * README, Rakefile, docs and test cleanups (#1848, #1847, #1846, #1853, #1859, #1850, #1866, #1870, #1872, #1833, #1888) * Puma.io has proper documentation now (https://puma.io/puma/) * Added the Contributor Covenant CoC * 1 known issue * Some users are still experiencing issues surrounding socket activation and Unix sockets (#1842) ------------------------------------------------------------------- Fri Jul 19 09:29:39 UTC 2019 - Stephan Kulow <coolo@suse.com> - updated to version 4.0.1 see installed History.md ------------------------------------------------------------------- Thu Mar 21 10:30:40 UTC 2019 - manuel <mschnitzer@suse.com> - updated to version 3.12.1 * 1 features * Internal strings are frozen (#1649) * 3 bugfixes * Fix chunked ending check (#1607) * Rack handler should use provided default host (#1700) * Better support for detecting runtimes that support `fork` (#1630) ------------------------------------------------------------------- Fri Jul 13 17:15:17 UTC 2018 - factory-auto@kulow.org - updated to version 3.12.0 see installed History.md ## 3.12.0 / 2018-07-13 * 5 features: * You can now specify which SSL ciphers the server should support, default is unchanged (#1478) * The setting for Puma's `max_threads` is now in `Puma.stats` (#1604) * Pool capacity is now in `Puma.stats` (#1579) * Installs restricted to Ruby 2.2+ (#1506) * `--control` is now deprecated in favor of `--control-url` (#1487) * 2 bugfixes: * Workers will no longer accept more web requests than they have capacity to process. This prevents an issue where one worker would accept lots of requests while starving other workers (#1563) * In a test env puma now emits the stack on an exception (#1557) ------------------------------------------------------------------- Thu Apr 12 20:44:52 UTC 2018 - factory-auto@kulow.org - updated to version 3.11.4 see installed History.md ## 3.11.4 / 2018-04-12 * 2 features: * Manage puma as a service using rc.d (#1529) * Server stats are now available from a top level method (#1532) * 5 bugfixes: * Fix parsing CLI options (#1482) * Order of stderr and stdout is made before redirecting to a log file (#1511) * Init.d fix of `ps -p` to check if pid exists (#1545) * Early hits bugfix (#1550) * Purge interrupt queue when closing socket fails (#1553) ------------------------------------------------------------------- Tue Mar 20 10:14:18 UTC 2018 - factory-auto@kulow.org - updated to version 3.11.3 see installed History.md ## 3.11.3 / 2018-03-05 * 3 bugfixes: * Add closed? to MiniSSL::Socket for use in reactor (#1510) * Handle EOFError at the toplevel of the server threads (#1524) (#1507) * Deal with zero sized bodies when using SSL (#1483) ------------------------------------------------------------------- Thu Feb 8 06:21:17 UTC 2018 - coolo@suse.com - updated to version 3.11.2 see installed History.md ## 3.11.2 / 2018-01-19 * 1 bugfix: * Deal with read\_nonblock returning nil early ## 3.11.1 / 2018-01-18 * 1 bugfix: * Handle read\_nonblock returning nil when the socket close (#1502) ------------------------------------------------------------------- Sun Dec 3 19:29:36 UTC 2017 - coolo@suse.com - updated to version 3.11.0 see installed History.md ## 3.11.0 / 2017-11-20 * 2 features: * HTTP 203 Early Hints (#1403) * 421/451 status codes now have correct status messages attached (#1435) * 9 bugfixes: * Environment config files (/config/puma/<ENV>.rb) load correctly (#1340) * Specify windows dependencies correctly (#1434, #1436) * puma/events required in test helper (#1418) * Correct control CLI's option help text (#1416) * Remove a warning for unused variable in mini_ssl (#1409) * Correct pumactl docs argument ordering (#1427) * Fix an uninitialized variable warning in server.rb (#1430) * Fix docs typo/error in Launcher init (#1429) * Deal with leading spaces in RUBYOPT (#1455) * 2 other: * Add docs about internals (#1425, #1452) * Tons of test fixes from @MSP-Greg (#1439, #1442, #1464) ------------------------------------------------------------------- Mon Sep 11 12:47:58 UTC 2017 - coolo@suse.com - updated to version 3.10.0 see installed History.md ## 3.10.0 / 2017-08-17 * 3 features: * The status server has a new /gc and /gc-status command. (#1384) * The persistent and first data timeouts are now configurable (#1111) * Implemented RFC 2324 (#1392) * 12 bugfixes: * Not really a Puma bug, but @NickolasVashchenko created a gem to workaround a Ruby bug that some users of Puma may be experiencing. See README for more. (#1347) * Fix hangups with SSL and persistent connections. (#1334) * Fix Rails double-binding to a port (#1383) * Fix incorrect thread names (#1368) * Fix issues with /etc/hosts and JRuby where localhost addresses were not correct. (#1318) * Fix compatibility with RUBYOPT="--enable-frozen-string-literal" (#1376) * Fixed some compiler warnings (#1388) * We actually run the integration tests in CI now (#1390) * No longer shipping unnecessary directories in the gemfile (#1391) * If RUBYOPT is nil, we no longer blow up on restart. (#1385) * Correct response to SIGINT (#1377) * Proper exit code returned when we receive a TERM signal (#1337) * 3 refactors: * Various test improvements from @grosser * Rubocop (#1325) * Hoe has been removed (#1395) * 1 known issue: * Socket activation doesn't work in JRuby. Their fault, not ours. (#1367) ------------------------------------------------------------------- Tue Jun 6 05:40:02 UTC 2017 - coolo@suse.com - updated to version 3.9.1 see installed History.md ## 3.9.1 / 2017-06-03 * 2 bugfixes: * Fixed compatibility with older Bundler versions (#1314) * Some internal test/development cleanup (#1311, #1313) ## 3.9.0 / 2017-06-01 * 2 features: * The ENV is now reset to its original values when Puma restarts via USR1/USR2 (#1260) (MRI only, no JRuby support) * Puma will no longer accept more clients than the maximum number of threads. (#1278) * 9 bugfixes: * Reduce information leakage by preventing HTTP parse errors from writing environment hashes to STDERR (#1306) * Fix SSL/WebSocket compatibility (#1274) * HTTP headers with empty values are no longer omitted from responses. (#1261) * Fix a Rack env key which was set to nil. (#1259) * peercert has been implemented for JRuby (#1248) * Fix port settings when using rails s (#1277, #1290) * Fix compat w/LibreSSL (#1285) * Fix restarting Puma w/symlinks and a new Gemfile (#1282) * Replace Dir.exists? with Dir.exist? (#1294) * 1 known issue: * A bug in MRI 2.2+ can result in IOError: stream closed. See #1206. This issue has existed since at least Puma 3.6, and probably further back. * 1 refactor: * Lots of test fixups from @grosser. ------------------------------------------------------------------- Mon Jun 5 01:16:01 UTC 2017 - mrueckert@suse.de - fix gem2rpm.yml syntax ------------------------------------------------------------------- Thu Mar 16 05:40:19 UTC 2017 - coolo@suse.com - updated to version 3.8.2 see installed History.md ## 3.8.2 / 2017-03-14 * 1 bugfix: * Deal with getsockopt with TCP\_INFO failing for sockets that say they're TCP but aren't really. (#1241) ## 3.8.1 / 2017-03-10 * 1 bugfix: * Remove method call to method that no longer exists (#1239) ## 3.8.0 / 2017-03-09 * 2 bugfixes: * Port from rack handler does not take precedence over config file in Rails 5.1.0.beta2+ and 5.0.1.rc3+ (#1234) * The `tmp/restart.txt` plugin no longer restricts the user from running more than one server from the same folder at a time (#1226) * 1 feature: * Closed clients are aborted to save capacity (#1227) * 1 refactor: * Bundler is no longer a dependency from tests (#1213) ------------------------------------------------------------------- Tue Feb 21 05:35:00 UTC 2017 - coolo@suse.com - updated to version 3.7.1 see installed History.md ## 3.7.1 / 2017-02-20 * 2 bugfixes: * Fix typo which blew up MiniSSL (#1182) * Stop overriding command-line options with the config file (#1203) ------------------------------------------------------------------- Sat Jan 28 05:45:23 UTC 2017 - coolo@suse.com - updated to version 3.7.0 History.txt removed upstream ------------------------------------------------------------------- Fri Dec 9 05:42:40 UTC 2016 - coolo@suse.com - updated to version 3.6.2 see installed History.txt === 3.6.2 / 2016-11-22 * 1 bug fix: * Revert #1118/Fix access priorities of each level in LeveledOptions. This had an unintentional side effect of changing the importance of command line options, such as -p. ------------------------------------------------------------------- Tue Nov 22 05:37:07 UTC 2016 - coolo@suse.com - updated to version 3.6.1 see installed History.txt === 3.6.1 / 2016-11-21 * 8 bug fixes: * Fix Puma start in init.d script. * Fix default SSL mode back to none. Fixes #1036 * Fixed the issue of @listeners getting nil io, fix rails restart (#1120) * More gracefully deal with SSL sessions. Fixes #1002 * Prevent short term thread churn. * Provide write as <<. Fixes #1089 * Fix access priorities of each level in LeveledOptions - fixes TTIN. * Stub description files updated for init.d. * 2 new project committers: * Nate Berkopec (@nateberkopec) * Richard Schneeman (@schneems) ------------------------------------------------------------------- Tue Jul 26 04:32:54 UTC 2016 - coolo@suse.com - updated to version 3.6.0 see installed History.txt === 3.6.0 / 2016-07-24 * 12 bug fixes: * Add ability to detect a shutting down server. Fixes #932 * Add support for Expect: 100-continue. Fixes #519 * Check SSLContext better. Fixes #828 * Clarify behavior of '-t <num>'. Fixes #984 * Don't default to VERIFY_PEER. Fixes #1028 * Don't use ENV['PWD'] on windows. Fixes #1023 * Enlarge the scope of catching app exceptions. Fixes #1027 * Execute background hooks after daemonizing. Fixes #925 * Handle HUP as a stop unless there is IO redirection. Fixes #911 * Implement chunked request handling. Fixes #620 * Just rescue exception to return a 500. Fixes #1027 * Redirect IO in the jruby daemon mode. Fixes #778 ------------------------------------------------------------------- Sat Jul 23 04:30:40 UTC 2016 - coolo@suse.com - updated to version 3.5.2 see installed History.txt === 3.5.2 / 2016-07-20 * 1 bug fix: * Don't let persistent_timeout be nil * 1 PR merged: * Merge pull request #1021 from benzrf/patch-1 === 3.5.1 / 2016-07-20 * 1 bug fix: * Be sure to only listen on host:port combos once. Fixes #1022 ------------------------------------------------------------------- Wed Jul 20 04:30:08 UTC 2016 - coolo@suse.com - updated to version 3.5.0 see installed History.txt === 3.5.0 / 2016-07-18 * 1 minor features: * Allow persistent_timeout to be configured via the dsl. * 9 bug fixes: * Allow a bare % in a query string. Fixes #958 * Explicitly listen on all localhost addresses. Fixes #782 * Fix `TCPLogger` log error in tcp cluster mode. * Fix puma/puma#968 Cannot bind SSL port due to missing verify_mode option * Fix puma/puma#968 Default verify_mode to peer * Log any exceptions in ThreadPool. Fixes #1010 * Silence connection errors in the reactor. Fixes #959 * Tiny fixes in hook documentation for #840 * It should not log requests if we want it to be quiet * 5 doc fixes: * Add How to stop Puma on Heroku using plugins to the example directory * Provide both hot and phased restart in jungle script * Update reference to the instances management script * Update default number of threads * Fix typo in example config * 14 PRs merged: * Merge pull request #1007 from willnet/patch-1 * Merge pull request #1014 from jeznet/patch-1 * Merge pull request #1015 from bf4/patch-1 * Merge pull request #1017 from jorihardman/configurable_persistent_timeout * Merge pull request #954 from jf/master * Merge pull request #955 from jf/add-request-info-to-standard-error-rescue * Merge pull request #956 from maxkwallace/master * Merge pull request #960 from kmayer/kmayer-plugins-heroku-restart * Merge pull request #969 from frankwong15/master * Merge pull request #970 from willnet/delete-blank-document * Merge pull request #974 from rocketjob/feature/name_threads * Merge pull request #977 from snow/master * Merge pull request #981 from zach-chai/patch-1 * Merge pull request #993 from scorix/master ------------------------------------------------------------------- Tue Apr 12 04:31:32 UTC 2016 - coolo@suse.com - updated to version 3.4.0 see installed History.txt === 3.4.0 / 2016-04-07 * 2 minor features: * Add ability to force threads to stop on shutdown. Fixes #938 * Detect and commit seppuku when fork(2) fails. Fixes #529 * 3 unknowns: * Ignore errors trying to update the backport tables. Fixes #788 * Invoke the lowlevel_error in more places to allow for exception tracking. Fixes #894 * Update the query string when an absolute URI is used. Fixes #937 * 5 doc fixes: * Add Process Monitors section to top-level README * Better document the hooks. Fixes #840 * docs/system.md sample config refinements and elaborations * Fix typos at couple of places. * Cleanup warnings * 3 PRs merged: * Merge pull request #945 from dekellum/systemd-docs-refined * Merge pull request #946 from vipulnsward/rm-pid * Merge pull request #947 from vipulnsward/housekeeping-typos ------------------------------------------------------------------- Wed Apr 6 06:29:33 UTC 2016 - coolo@suse.com - updated to version 3.3.0 see installed History.txt === 3.3.0 / 2016-04-05 * 2 minor features: * Allow overriding options of Configuration object * Rename to inherit_ssl_listener like inherit_tcp|unix * 2 doc fixes: * Add docs/systemd.md (with socket activation sub-section) * Document UNIX signals with cluster on README.md * 3 PRs merged: * Merge pull request #936 from prathamesh-sonpatki/allow-overriding-config-options * Merge pull request #940 from kyledrake/signalsdoc * Merge pull request #942 from dekellum/socket-activate-improve === 3.2.0 / 2016-03-20 * 1 deprecation removal: * Delete capistrano.rb * 3 bug fixes: * Detect gems.rb as well as Gemfile * Simplify and fix logic for directory to use when restarting for all phases * Speed up phased-restart start * 2 PRs merged: * Merge pull request #927 from jlecour/gemfile_variants * Merge pull request #931 from joneslee85/patch-10 ------------------------------------------------------------------- Sat Mar 19 05:30:57 UTC 2016 - coolo@suse.com - updated to version 3.1.1 see installed History.txt === 3.1.1 / 2016-03-17 * 4 bug fixes: * Disable USR1 usage on JRuby * Fixes #922 - Correctly define file encoding as UTF-8 * Set a more explicit SERVER_SOFTWARE Rack variable * Show RUBY_ENGINE_VERSION if available. Fixes #923 * 3 PRs merged: * Merge pull request #912 from tricknotes/fix-allow-failures-in-travis-yml * Merge pull request #921 from swrobel/patch-1 * Merge pull request #924 from tbrisker/patch-1 ------------------------------------------------------------------- Sun Mar 6 05:32:14 UTC 2016 - coolo@suse.com - updated to version 3.1.0 see installed History.txt === 3.1.0 / 2016-03-05 * 1 minor feature: * Add 'import' directive to config file. Fixes #916 * 5 bug fixes: * Add 'fetch' to options. Fixes #913 * Fix jruby daemonization. Fixes #918 * Recreate the proper args manually. Fixes #910 * Require 'time' to get iso8601. Fixes #914 ------------------------------------------------------------------- Wed Mar 2 05:35:25 UTC 2016 - coolo@suse.com - updated to version 3.0.2 see installed History.txt === 3.0.2 / 2016-02-26 * 5 bug fixes: * Fix 'undefined local variable or method `pid` for #<Puma::ControlCLI:0x007f185fcef968>' when execute pumactl with `--pid` option. * Fix 'undefined method `windows?` for Puma:Module' when execute pumactl. * Harden tmp_restart against errors related to the restart file * Make `plugin :tmp_restart` behavior correct in Windows. * fix uninitialized constant Puma::ControlCLI::StateFile * 3 PRs merged: * Merge pull request #901 from mitto/fix-pumactl-uninitialized-constant-statefile * Merge pull request #902 from corrupt952/fix_undefined_method_and_variable_when_execute_pumactl * Merge pull request #905 from Eric-Guo/master ------------------------------------------------------------------- Fri Feb 26 05:43:10 UTC 2016 - coolo@suse.com - updated to version 3.0.1 see installed History.txt === 3.0.1 / 2016-02-25 * 1 bug fix: * Removed the experimental support for async.callback as it broke websockets entirely. Seems no server has both hijack and async.callback and thus faye is totally confused what to do and doesn't work. === 3.0.0 / 2016-02-25 * 2 major changes: * Ruby pre-2.0 is no longer supported. We'll do our best to not add features that break those rubies but will no longer be testing with them. * Don't log requests by default. Fixes #852 * 2 major features: * Plugin support! Plugins can interact with configuration as well as provide augment server functionality! * Experimental env['async.callback'] support * 4 minor features: * Listen to unix socket with provided backlog if any * Improves the clustered stats to report worker stats * Pass the env to the lowlevel_error handler. Fixes #854 * Treat path-like hosts as unix sockets. Fixes #824 * 5 bug fixes: * Clean thread locals when using keepalive. Fixes #823 * Cleanup compiler warnings. Fixes #815 * Expose closed? for use by the reactor. Fixes #835 * Move signal handlers to separate method to prevent space leak. Fixes #798 * Signal not full on worker exit #876 * 5 doc fixes: * Update README.md with various grammar fixes * Use newest version of Minitest * Add directory configuration docs, fix typo [ci skip] * Remove old COPYING notice. Fixes #849 * 10 merged PRs: * Merge pull request #871 from deepj/travis * Merge pull request #874 from wallclockbuilder/master * Merge pull request #883 from dadah89/igor/trim_only_worker * Merge pull request #884 from uistudio/async-callback * Merge pull request #888 from mlarraz/tick_minitest * Merge pull request #890 from todd/directory_docs * Merge pull request #891 from ctaintor/improve_clustered_status * Merge pull request #893 from spastorino/add_missing_require * Merge pull request #897 from zendesk/master * Merge pull request #899 from kch/kch-readme-fixes ------------------------------------------------------------------- Thu Jan 28 05:31:53 UTC 2016 - coolo@suse.com - updated to version 2.16.0 see installed History.txt === 2.16.0 / 2016-01-27 * 7 minor features: * Add 'set_remote_address' config option * Allow to run puma in silent mode * Expose cli options in DSL * Support passing JRuby keystore info in ssl_bind DSL * Allow umask for unix:/// style control urls * Expose `old_worker_count` in stats url * Support TLS client auth (verify_mode) in jruby * 7 bug fixes: * Don't persist before_fork hook in state file * Reload bundler before pulling in rack. Fixes #859 * Remove NEWRELIC_DISPATCHER env variable * Cleanup C code * Use Timeout.timeout instead of Object.timeout * Make phased restarts faster * Ignore the case of certain headers, because HTTP * 1 doc changes: * Test against the latest Ruby 2.1, 2.2, 2.3, head and JRuby 9.0.4.0 on Travis * 12 merged PRs * Merge pull request #822 from kwugirl/remove_NEWRELIC_DISPATCHER * Merge pull request #833 from joemiller/jruby-client-tls-auth * Merge pull request #837 from YuriSolovyov/ssl-keystore-jruby * Merge pull request #839 from mezuka/master * Merge pull request #845 from deepj/timeout-deprecation * Merge pull request #846 from sriedel/strip_before_fork * Merge pull request #850 from deepj/travis * Merge pull request #853 from Jeffrey6052/patch-1 * Merge pull request #857 from zendesk/faster_phased_restarts * Merge pull request #858 from mlarraz/fix_some_warnings * Merge pull request #860 from zendesk/expose_old_worker_count * Merge pull request #861 from zendesk/allow_control_url_umask ------------------------------------------------------------------- Mon Nov 9 05:30:52 UTC 2015 - coolo@suse.com - updated to version 2.15.3 see installed History.txt === 2.15.3 / 2015-11-07 * 1 bug fix: * Fix JRuby parser ------------------------------------------------------------------- Sat Nov 7 05:31:46 UTC 2015 - coolo@suse.com - updated to version 2.15.2 see installed History.txt === 2.15.2 / 2015-11-06 * 2 bug fixes: * ext/puma_http11: handle duplicate headers as per RFC * Only set ctx.ca iff there is a params['ca'] to set with. * 2 PRs merged: * Merge pull request #818 from unleashed/support-duplicate-headers * Merge pull request #819 from VictorLowther/fix-ca-and-verify_null-exception === 2.15.1 / 2015-11-06 * 1 bug fix: * Allow older openssl versions === 2.15.0 / 2015-11-06 * 6 minor features: * Allow setting ca without setting a verify mode * Make jungle for init.d support rbenv * Use SSL_CTX_use_certificate_chain_file for full chain * cluster: add worker_boot_timeout option * configuration: allow empty tags to mean no tag desired * puma/cli: support specifying STD{OUT,ERR} redirections and append mode * 5 bug fixes: * Disable SSL Compression * Fix bug setting worker_directory when using a symlink directory * Fix error message in DSL that was slightly inaccurate * Pumactl: set correct process name. Fixes #563 * thread_pool: fix race condition when shutting down workers * 10 doc fixes: * Add before_fork explanation in Readme.md * Correct spelling in DEPLOYMENT.md * Correct spelling in docs/nginx.md * Fix spelling errors. * Fix typo in deployment description * Fix typos (it's -> its) in events.rb and server.rb * fixing for typo mentioned in #803 * Spelling correction for README * thread_pool: fix typos in comment * More explicit docs for worker_timeout * 18 PRs merged: * Merge pull request #768 from nathansamson/patch-1 * Merge pull request #773 from rossta/spelling_corrections * Merge pull request #774 from snow/master * Merge pull request #781 from sunsations/fix-typo * Merge pull request #791 from unleashed/allow_empty_tags * Merge pull request #793 from robdimarco/fix-working-directory-symlink-bug * Merge pull request #794 from peterkeen/patch-1 * Merge pull request #795 from unleashed/redirects-from-cmdline * Merge pull request #796 from cschneid/fix_dsl_message * Merge pull request #799 from annafw/master * Merge pull request #800 from liamseanbrady/fix_typo * Merge pull request #801 from scottjg/ssl-chain-file * Merge pull request #802 from scottjg/ssl-crimes * Merge pull request #804 from burningTyger/patch-2 * Merge pull request #809 from unleashed/threadpool-fix-race-in-shutdown * Merge pull request #810 from vlmonk/fix-pumactl-restart-bug * Merge pull request #814 from schneems/schneems/worker_timeout-docs * Merge pull request #817 from unleashed/worker-boot-timeout ------------------------------------------------------------------- Sat Sep 19 04:32:46 UTC 2015 - coolo@suse.com - updated to version 2.14.0 see installed History.txt === 2.14.0 / 2015-09-18 * 1 minor feature: * Make building with SSL support optional * 1 bug fix: * Use Rack::Builder if available. Fixes #735 ------------------------------------------------------------------- Mon Aug 24 04:30:05 UTC 2015 - coolo@suse.com - updated to version 2.13.4 see installed History.txt === 2.13.4 / 2015-08-16 * 1 bug fix: * Use the environment possible set by the config early and from the config file later (if set). === 2.13.3 / 2015-08-15 Seriously, I need to revamp config with tests. * 1 bug fix: * Fix preserving options before cleaning for state. Fixes #769 === 2.13.2 / 2015-08-15 The "clearly I don't have enough tests for the config" release. * 1 bug fix: * Fix another place binds wasn't initialized. Fixes #767 === 2.13.1 / 2015-08-15 * 2 bug fixes: * Fix binds being masked in config files. Fixes #765 * Use options from the config file properly in pumactl. Fixes #764 ------------------------------------------------------------------- Sat Aug 15 04:32:20 UTC 2015 - coolo@suse.com - updated to version 2.13.0 see installed History.txt === 2.13.0 / 2015-08-14 * 1 minor feature: * Add before_fork hooks option. * 3 bug fixes: * Check for OPENSSL_NO_ECDH before using ECDH * Eliminate logging overhead from JRuby SSL * Prefer cli options over config file ones. Fixes #669 * 1 deprecation: * Add deprecation warning to capistrano.rb. Fixes #673 * 4 PRs merged: * Merge pull request #668 from kcollignon/patch-1 * Merge pull request #754 from nathansamson/before_boot * Merge pull request #759 from BenV/fix-centos6-build * Merge pull request #761 from looker/no-log ------------------------------------------------------------------- Wed Aug 5 04:33:27 UTC 2015 - coolo@suse.com - updated to version 2.12.3 see installed History.txt === 2.12.3 / 2015-08-03 * 8 minor bugs fixed: * Fix Capistrano 'uninitialized constant Puma' error. * Fix some ancient and incorrect error handling code * Fix uninitialized constant error * Remove toplevel rack interspection, require rack on load instead * Skip empty parts when chunking * Switch from inject to each in config_ru_binds iteration * Wrap SSLv3 spec in version guard. * ruby 1.8.7 compatibility patches * 4 PRs merged: * Merge pull request #742 from deivid-rodriguez/fix_missing_require * Merge pull request #743 from matthewd/skip-empty-chunks * Merge pull request #749 from huacnlee/fix-cap-uninitialized-puma-error * Merge pull request #751 from costi/compat_1_8_7 * 1 test fix: * Add 1.8.7, rbx-1 (allow failures) to Travis. ------------------------------------------------------------------- Sat Jul 18 04:30:46 UTC 2015 - coolo@suse.com - updated to version 2.12.2 see installed History.txt === 2.12.2 / 2015-07-17 * 2 bug fix: * Pull over and use Rack::URLMap. Fixes #741 * Stub out peercert on JRuby for now. Fixes #739 ------------------------------------------------------------------- Fri Jul 17 04:30:06 UTC 2015 - coolo@suse.com - updated to version 2.12.1 see installed History.txt === 2.12.1 / 2015-07-16 * 2 bug fixes: * Use a constant format. Fixes #737 * Use strerror for Windows sake. Fixes #733 * 1 doc change: * typo fix: occured -> occurred * 1 PR merged: * Merge pull request #736 from paulanunda/paulanunda/typo-fix ------------------------------------------------------------------- Wed Jul 15 04:31:11 UTC 2015 - coolo@suse.com - updated to version 2.12.0 see installed History.txt === 2.12.0 / 2015-07-14 * X bug fixes: * Add thread reaping to thread pool * Do not automatically use chunked responses when hijacked * Do not suppress Content-Length on partial hijack * Don't allow any exceptions to terminate a thread * Handle ENOTCONN client disconnects when setting REMOTE_ADDR * Handle very early exit of cluster mode. Fixes #722 * Install rack when running tests on travis to use rack/lint * Make puma -v and -h return success exit code * Make pumactl load config/puma.rb by default * Pass options from pumactl properly when pruning. Fixes #694 * Remove rack dependency. Fixes #705 * Remove the default Content-Type: text/plain * Add Client Side Certificate Auth * X doc/test changes: * Added example sourcing of environment vars * Added tests for bind configuration on rackup file * Fix example config text * Update DEPLOYMENT.md * Update Readme with example of custom error handler * ci: Improve Travis settings * ci: Start running tests against JRuby 9k on Travis * ci: Convert to container infrastructure for travisci * X ops changes: * Check for system-wide rbenv * capistrano: Add additional env when start rails * X PRs merged: * Merge pull request #686 from jjb/patch-2 * Merge pull request #693 from rob-murray/update-example-config * Merge pull request #697 from spk/tests-bind-on-rackup-file * Merge pull request #699 from deees/fix/require_rack_builder * Merge pull request #701 from deepj/master * Merge pull request #702 from Jimdo/thread-reaping * Merge pull request #703 from deepj/travis * Merge pull request #704 from grega/master * Merge pull request #709 from lian/master * Merge pull request #711 from julik/master * Merge pull request #712 from yakara-ltd/pumactl-default-config * Merge pull request #715 from RobotJiang/master * Merge pull request #725 from rwz/master * Merge pull request #726 from strenuus/handle-client-disconnect * Merge pull request #729 from allaire/patch-1 * Merge pull request #730 from iamjarvo/container-infrastructure ------------------------------------------------------------------- Tue May 19 04:29:36 UTC 2015 - coolo@suse.com - updated to version 2.11.3 see installed History.txt === 2.11.3 / 2015-05-18 * 5 bug fixes: * Be sure to unlink tempfiles after a request. Fixes #690 * Coerce the key to a string before checking. (thar be symbols). Fixes #684 * Fix hang on bad SSL handshake * Remove `enable_SSLv3` support from JRuby * 1 PR merged: * Merge pull request #698 from looker/hang-handshake ------------------------------------------------------------------- Sun Apr 12 05:48:53 UTC 2015 - coolo@suse.com - updated to version 2.11.2 * 2 minor features: * Add `on_worker_fork` hook, which allows to mimic Unicorn's behavior * Add shutdown_debug config option * 4 bug fixes: * Fix the Config constants not being available in the DSL. Fixes #683 * Ignore multiple port declarations * Proper 'Connection' header handling compatible with HTTP 1.[01] protocols * Use "Puma" instead of "puma" to reporting to New Relic * 1 doc fixes: * Add Gitter badge. * 6 PRs merged: * Merge pull request #657 from schneems/schneems/puma-once-port * Merge pull request #658 from Tomohiro/newrelic-dispatcher-default-update * Merge pull request #662 from basecrm/connection-compatibility * Merge pull request #664 from fxposter/on-worker-fork * Merge pull request #667 from JuanitoFatas/doc/gemspec ------------------------------------------------------------------- Fri Feb 13 05:30:22 UTC 2015 - coolo@suse.com - updated to version 2.11.1 ------------------------------------------------------------------- Fri Feb 6 13:12:46 UTC 2015 - coolo@suse.com - updated to version 2.11.0 * 9 bug fixes: * Add mode as an additional bind option to unix sockets. Fixes #630 * Advertise HTTPS properly after a hot restart * Don't write lowlevel_error_handler to state * Fix phased restart with stuck requests * Handle spaces in the path properly. Fixes #622 * Set a default REMOTE_ADDR to avoid using peeraddr on unix sockets. Fixes #583 * Skip device number checking on jruby. Fixes #586 * Update extconf.rb to compile correctly on OS X * redirect io right after daemonizing so startup errors are shown. Fixes #359 * 6 minor features: * Add a configuration option that prevents puma from queueing requests. * Add reload_worker_directory * Add the ability to pass environment variables to the init script (for Jungle). * Add the proctitle tag to the worker. Fixes #633 * Infer a proctitle tag based on the directory * Update lowlevel error message to be more meaningful. * 10 PRs merged: * Merge pull request #478 from rubencaro/master * Merge pull request #610 from kwilczynski/master * Merge pull request #611 from jasonl/better-lowlevel-message * Merge pull request #616 from jc00ke/master * Merge pull request #623 from raldred/patch-1 * Merge pull request #628 from rdpoor/master * Merge pull request #634 from deepj/master * Merge pull request #637 from raskhadafi/patch-1 * Merge pull request #639 from ebeigarts/fix-phased-restarts * Merge pull request #640 from codehotter/issue-612-dependent-requests-deadlock === 2.10.2 / 2014-11-26 * 1 bug fix: * Conditionalize thread local cleaning, fixes perf degradation fix The code to clean out all Thread locals adds pretty significant overhead to a each request, so it has to be turned on explicitly if a user needs it. ------------------------------------------------------------------- Sun May 18 09:04:44 UTC 2014 - coolo@suse.com - updated to version 2.8.2 * 4 bug fixes: * During upgrade, change directory in main process instead of workers. * Close the client properly on error * Capistrano: fallback from phased restart to start when not started * Allow tag option in conf file * 4 doc fixes: * Fix Puma daemon service README typo * `preload_app!` instead of `preload_app` * add preload_app and prune_bundler to example config * allow changing of worker_timeout in config file * 11 PRs merged: * Merge pull request #487 from ckuttruff/master * Merge pull request #492 from ckuttruff/master * Merge pull request #493 from alepore/config_tag * Merge pull request #503 from mariuz/patch-1 * Merge pull request #505 from sammcj/patch-1 * Merge pull request #506 from FlavourSys/config_worker_timeout * Merge pull request #510 from momer/rescue-block-handle-servers-fix * Merge pull request #511 from macool/patch-1 * Merge pull request #514 from edogawaconan/refactor_env * Merge pull request #517 from misfo/patch-1 * Merge pull request #518 from LongMan/master ------------------------------------------------------------------- Tue Mar 18 14:57:18 UTC 2014 - coolo@suse.com - updated to version 2.8.1 * 1 bug fixes: * Run puma-wild with proper deps for prune_bundler * 2 doc changes: * Described the configuration file finding behavior added in 2.8.0 and how to disable it. * Start the deployment doc * 6 PRs merged: * Merge pull request #471 from arthurnn/fix_test * Merge pull request #485 from joneslee85/patch-9 * Merge pull request #486 from joshwlewis/patch-1 * Merge pull request #490 from tobinibot/patch-1 * Merge pull request #491 from brianknight10/clarify-no-config === 2.8.0 / 2014-02-28 * 8 minor features: * Add ability to autoload a config file. Fixes #438 * Add ability to detect and terminate hung workers. Fixes #333 * Add booted_workers to stats response * Add config to customize the default error message * Add prune_bundler option * Add worker indexes, expose them via on_worker_boot. Fixes #440 * Add pretty process name * Show the ruby version in use * 7 bug fixes: * Added 408 status on timeout. * Be more hostile with sockets that write block. Fixes #449 * Expect at_exit to exclusively remove the pidfile. Fixes #444 * Expose latency and listen backlog via bind query. Fixes #370 * JRuby raises IOError if the socket is there. Fixes #377 * Process requests fairly. Fixes #406 * Rescue SystemCallError as well. Fixes #425 * 4 doc changes: * Add 2.1.0 to the matrix * Add Code Climate badge to README * Create signals.md * Set the license to BSD. Fixes #432 * 14 PRs merged: * Merge pull request #428 from alexeyfrank/capistrano_default_hooks * Merge pull request #429 from namusyaka/revert-const_defined * Merge pull request #431 from mrb/master * Merge pull request #433 from alepore/process-name * Merge pull request #437 from ibrahima/master * Merge pull request #446 from sudara/master * Merge pull request #451 from pwiebe/status_408 * Merge pull request #453 from joevandyk/patch-1 * Merge pull request #470 from arthurnn/fix_458 * Merge pull request #472 from rubencaro/master * Merge pull request #480 from jjb/docs-on-running-test-suite * Merge pull request #481 from schneems/master * Merge pull request #482 from prathamesh-sonpatki/signals-doc-cleanup * Merge pull request #483 from YotpoLtd/master ------------------------------------------------------------------- Thu Feb 6 12:46:22 UTC 2014 - coolo@suse.com - use new macros ------------------------------------------------------------------- Mon Dec 16 11:57:17 UTC 2013 - cfarrell@suse.com - license update: Ruby See data/LICENSE ------------------------------------------------------------------- Thu Dec 12 10:19:38 UTC 2013 - coolo@suse.com - updated to version 2.7.1 * 1 bug fix: * Keep STDOUT/STDERR the right mode. Fixes #422 === 2.7.0 / 2013-12-03 * 1 minor feature: * Adding TTIN and TTOU to increment/decrement workers * N bug fixes: * Always use our Process.daemon because it's not busted * Add capistrano restart failback to start. * Change position of `cd` so that rvm gemset is loaded * Clarify some platform specifics * Do not close the pipe sockets when retrying * Fix String#byteslice for Ruby 1.9.1, 1.9.2 * Fix compatibility with 1.8.7. * Handle IOError closed stream in IO.select * Increase the max URI path length to 2048 chars from 1024 chars * Upstart jungle use config/puma.rb instead ------------------------------------------------------------------- Mon Sep 23 14:53:06 UTC 2013 - coolo@suse.com - updated to version 2.6.0 * 2 minor features: * Add support for event hooks ** Add a hook for state transitions * Add phased restart to capistrano recipe. * 4 bug fixes: * Convince workers to stop by SIGKILL after timeout * Define RSTRING_NOT_MODIFIED for Rubinius performance * Handle BrokenPipe, StandardError and IOError in fat_wrote and break out * Return success status to the invoking environment ------------------------------------------------------------------- Mon Aug 26 05:05:52 UTC 2013 - coolo@suse.com - updated to version 2.5.1 * 2 bug fixes: * Keep jruby daemon mode from retrying on a hot restart * Extract version from const.rb in gemspec === 2.5.0 / 2013-08-08 * 2 minor features: * Allow configuring pumactl with config.rb * make `pumactl restart` start puma if not running * 6 bug fixes: * Autodetect ruby managers and home directory in upstart script * Convert header values to string before sending. * Correctly report phased-restart availability * Fix pidfile creation/deletion race on jruby daemonization * Use integers when comparing thread counts * Fix typo in using lopez express (raw tcp) mode * 6 misc changes: * Fix typo in phased-restart response * Uncomment setuid/setgid by default in upstart * Use Puma::Const::PUMA_VERSION in gemspec * Update upstart comments to reflect new commandline * Remove obsolete pumactl instructions; refer to pumactl for details * Make Bundler used puma.gemspec version agnostic === 2.4.1 / 2013-08-07 * 1 experimental feature: * Support raw tcp servers (aka Lopez Express mode) ------------------------------------------------------------------- Wed Jul 31 05:45:57 UTC 2013 - coolo@suse.com - updated to version 2.4.0 * 5 minor features: * Add PUMA_JRUBY_DAEMON_OPTS to get around agent starting twice * Add ability to drain accept socket on shutdown * Add port to DSL * Adds support for using puma config file in capistrano deploys. * Make phased_restart fallback to restart if not available * 10 bug fixes: * Be sure to only delete the pid in the master. Fixes #334 * Call out -C/--config flags * Change parser symbol names to avoid clash. Fixes #179 * Convert thread pool sizes to integers * Detect when the jruby daemon child doesn't start properly * Fix typo in CLI help * Improve the logging output when hijack is used. Fixes #332 * Remove unnecessary thread pool size conversions * Setup :worker_boot as an Array. Fixes #317 * Use 127.0.0.1 as REMOTE_ADDR of unix client. Fixes #309 === 2.3.2 / 2013-07-08 * 1 bug fix: * Move starting control server to after daemonization. === 2.3.1 / 2013-07-06 * 2 bug fixes: * Include the right files in the Manifest. * Disable inheriting connections on restart on windows. Fixes #166 * 1 doc change: * Better document some platform constraints === 2.3.0 / 2013-07-05 * 1 major bug fix: * Stabilize control server, add support in cluster mode ------------------------------------------------------------------- Fri May 24 07:03:23 UTC 2013 - coolo@suse.com - updated to version 2.0.1, see History.txt ------------------------------------------------------------------- Wed Dec 19 22:13:35 UTC 2012 - mrueckert@suse.de - initial package
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor