|
|
|
|
Changelog for ruby2.7-rubygem-puma-5-5.6.8-8.20.x86_64.rpm :
* Mon Jan 29 2024 Dan Čermák - New upstream release 5.6.8, see bundled History.md * Fri Nov 03 2023 Dan Čermák - 5.6.7: Security Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields ([GHSA-68xg-gqqm-vgj8](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8)) * Mon Jan 02 2023 Stephan Kulow - Update to version 5.6.5 (decoupling from main puma) 5.6.5 / 2022-08-23 • Feature * Puma::ControlCLI - allow refork command to be sent as a request (#2868, [#2866]) • Bugfixes * NullIO#closed should return false (#2883) * [jruby] Fix TLS verification hang (#2890, #2729) * extconf.rb - don\'t use pkg_config(\'openssl\') if \'--with-openssl-dir\' is used (#2885, #2839) * MiniSSL - detect SSL_CTX_set_dh_auto (#2864, #2863) * Fix rack.after_reply exceptions breaking connections (#2861, #2856) * Escape SSL cert and filenames (#2855) * Fail hard if SSL certs or keys are invalid (#2848) * Fail hard if SSL certs or keys cannot be read by user (#2847) * Fix build with Opaque DH in LibreSSL 3.5. (#2838) * Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) (#2817) * Fix Puma::StateFile#load incompatibility (#2810) 5.6.4 / 2022-03-30 • Security * Close several HTTP Request Smuggling exploits (CVE-2022-24790) 5.6.2 / 2022-02-11 • Bugfix/Security * Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to # 2809) 5.6.1 / 2022-01-26 • Bugfixes * Reverted a commit which appeared to be causing occasional blank header values (#2809) 5.6.0 / 2022-01-25 • Features * Support localhost integration in ssl_bind (#2764, #2708) * Allow backlog parameter to be set with ssl_bind DSL (#2780) * Remove yaml (psych) requirement in StateFile (#2784) * Allow culling of oldest workers, previously was only youngest (#2773, # 2794) * Add worker_check_interval configuration option (#2759) * Always send lowlevel_error response to client (#2731, #2341) * Support for cert_pem and key_pem with ssl_bind DSL (#2728) • Bugfixes * Keep thread names under 15 characters, prevents breakage on some OSes ( [#2733]) * Fix two \'old-style-definition\' compile warning (#2807, #2806) * Log environment correctly using option value (#2799) * Fix warning from Ruby master (will be 3.2.0) (#2785) * extconf.rb - fix openssl with old Windows builds (#2757) * server.rb - rescue handling (Errno::EBADF) for AATTnotify.close (#2745) • Refactor * server.rb - refactor code using AATToptions[:remote_address] (#2742) * [jruby] a couple refactorings - avoid copy-ing bytes (#2730) 5.5.2 / 2021-10-12 • Bugfixes * Allow UTF-8 in HTTP header values 5.5.1 / 2021-10-12 • Feature (added as mistake - we don\'t normally do this on bugfix releases, sorry!) * Allow setting APP_ENV in preference to RACK_ENV or RAILS_ENV (#2702) • Security * Do not allow LF as a line ending in a header (CVE-2021-41136) 5.5.0 / 2021-09-19 • Features * Automatic SSL certificate provisioning for localhost, via localhost gem (#2610, #2257) * add support for the PROXY protocol (v1 only) (#2654, #2651) * Add a semantic CLI option for no config file (#2689) • Bugfixes * More elaborate exception handling - lets some dead pumas die. (#2700, # 2699) * allow multiple after_worker_fork hooks (#2690) * Preserve BUNDLE_APP_CONFIG on worker fork (#2688, #2687) • Performance * Fix performance of server-side SSL connection close. (#2675) 5.4.0 / 2021-07-28 • Features * Better/expanded names for threadpool threads (#2657) * Allow pkg_config for OpenSSL (#2648, #1412) * Add rack_url_scheme to Puma::DSL, allows setting of rack.url_scheme header (#2586, #2569) • Bugfixes * Binder#parse - allow for symlinked unix path, add create_activated_fds debug ENV (#2643, #2638) * Fix deprecation warning: minissl.c - Use Random.bytes if available (# 2642) * Client certificates: set session id context while creating SSLContext ( [#2633]) * Fix deadlock issue in thread pool (#2656) • Refactor * Replace IO.select with IO#wait_ * when checking a single IO (#2666) 5.3.2 / 2021-05-21 • Bugfixes * Gracefully handle Rack not accepting CLI options (#2630, #2626) * Fix sigterm misbehavior (#2629) * Improvements to keepalive-connection shedding (#2628) 5.3.1 / 2021-05-11 • Security * Close keepalive connections after the maximum number of fast inlined requests (CVE-2021-29509) (#2625) 5.3.0 / 2021-05-07 • Features * Add support for Linux\'s abstract sockets (#2564, #2526) * Add debug to worker timeout and startup (#2559, #2528) * Print warning when running one-worker cluster (#2565, #2534) * Don\'t close systemd activated socket on pumactl restart (#2563, #2504) • Bugfixes * systemd - fix event firing (#2591, #2572) * Immediately unlink temporary files (#2613) * Improve parsing of HTTP_HOST header (#2605, #2584) * Handle fatal error that has no backtrace (#2607, #2552) * Fix timing out requests too early (#2606, #2574) * Handle segfault in Ruby 2.6.6 on thread-locals (#2567, #2566) * Server#closed_socket? - parameter may be a MiniSSL::Socket (#2596) * Define UNPACK_TCP_STATE_FROM_TCP_INFO in the right place (#2588, #2556) * request.rb - fix chunked assembly for ascii incompatible encodings, add test (#2585, #2583) • Performance * Reset peerip only if remote_addr_header is set (#2609) * Reduce puma_parser struct size (#2590) • Refactor * Refactor drain on shutdown (#2600) * Micro optimisations in wait_for_less_busy_worker feature (#2579) * Lots of test fixes 5.2.2 / 2021-02-22 • Bugfixes * Add #flush and #sync methods to Puma::NullIO (#2553) * Restore sync=true on STDOUT and STDERR streams (#2557) 5.2.1 / 2021-02-05 • Bugfixes * Fix TCP cork/uncork operations to work with ssl clients (#2550) * Require rack/common_logger explicitly if :verbose is true (#2547) * MiniSSL::Socket#write - use data.byteslice(wrote..-1) (#2543) * Set AATTenv[CONTENT_LENGTH] value as string. (#2549) 5.2.0 / 2021-01-27 • Features * 10x latency improvement for MRI on ssl connections by reducing overhead (#2519) * Add option to specify the desired IO selector backend for libev (#2522) * Add ability to set OpenSSL verification flags (MRI only) (#2490) * Uses flush after writing messages to avoid mutating $stdout and $stderr using sync=true (#2486) • Bugfixes * MiniSSL - Update dhparam to 2048 bit for use with SSL_CTX_set_tmp_dh (# 2535) * Change \'Goodbye!\' message to be output after listeners are closed (# 2529) * Fix ssl bind logging with 0.0.0.0 and localhost (#2533) * Fix compiler warnings, but skipped warnings related to ragel state machine generated code (#1953) * Fix phased restart errors related to nio4r gem when using the Puma control server (#2516) * Add #string method to Puma::NullIO (#2520) * Fix binding via Rack handler to IPv6 addresses (#2521) • Refactor * Refactor MiniSSL::Context on MRI, fix MiniSSL::Socket#write (#2519) * Remove Server#read_body (#2531) * Fail build if compiling extensions raises warnings on GH Actions, configurable via MAKE_WARNINGS_INTO_ERRORS (#1953) 5.1.1 / 2020-12-10 • Bugfixes * Fix over eager matching against banned header names (#2510) 5.1.0 / 2020-11-30 • Features * Phased restart availability is now always logged, even if it is not available. * Prints the loaded configuration if the environment variable PUMA_LOG_CONFIG is present (#2472) * Integrate with systemd\'s watchdog and notification features (#2438) * Adds max_fast_inline as a configuration option for the Server object (# 2406) * You can now fork workers from worker 0 using SIGURG w/o fork_worker enabled #2449 * Add option to bind to systemd activated sockets (#2362) * Add compile option to change the QUERY_STRING max length (#2485) • Bugfixes * Fix JRuby handling in Puma::DSL#ssl_bind (#2489) * control_cli.rb - all normal output should be to AATTstdout (#2487) * Catch \'Error in reactor loop escaped: mode not supported for this object: r\' (#2477) * Ignore Rails\' reaper thread (and any thread marked forksafe) for warning (#2475) * Ignore illegal (by Rack spec) response header (#2439) * Close idle connections immediately on shutdown (#2460) * Fix some instances of phased restart errors related to the json gem (# 2473) * Remove use of json gem to fix phased restart errors (#2479) * Fix grouping regexp of ILLEGAL_HEADER_KEY_REGEX (#2495) * Sun Nov 01 2020 Manuel Schnitzer - updated to version 5.0.4 * Bugfixes * Pass preloaded application into new workers if available when using `preload_app` ([#2461], [#2454]) [#]# 5.0.3 / 2020-10-26 * Bugfixes * Add Client#io_ok?, check before Reactor#register ([#2432]) * Fix hang on shutdown in refork ([#2442]) * Fix `Bundler::GemNotFound` errors for `nio4r` gem during phased restarts ([#2427], [#2018]) * Server run thread safety fix ([#2435]) * Fire `on_booted` after server starts ([#2431], [#2212]) * Cleanup daemonization in rc.d script ([#2409]) * Refactor * Remove accept_nonblock.rb, add test_integration_ssl.rb ([#2448]) * Refactor status.rb - dry it up a bit ([#2450]) * Extract req/resp methods to new request.rb from server.rb ([#2419]) * Refactor Reactor and Client request buffering ([#2279]) * client.rb - remove JRuby specific \'finish\' code ([#2412]) * Consolidate fast_write calls in Server, extract early_hints assembly ([#2405]) * Remove upstart from docs ([#2408]) * Extract worker process into separate class ([#2374]) * Consolidate option handling in Server, Server small refactors, doc changes ([#2389]) [#]# 5.0.2 / 2020-09-28 * Bugfixes * Reverted API changes to Server. [#]# 5.0.1 / 2020-09-28 * Bugfixes * Fix LoadError in CentOS 8 ([#2381]) * Better error handling during force shutdown ([#2271]) * Prevent connections from entering Reactor after shutdown begins ([#2377]) * Fix error backtrace debug logging && Do not log request dump if it is not parsed ([#2376]) * Split TCP_CORK and TCP_INFO ([#2372]) * Do not log EOFError when a client connection is closed without write ([#2384]) * Refactor * Change Events#ssl_error signature from (error, peeraddr, peercert) to (error, ssl_socket) ([#2375]) * Consolidate option handling in Server, Server small refactors, doc chang ([#2373]) * Fri Sep 25 2020 Stephan Kulow updated to version 5.0.0 see installed History.md [#]# 5.0.0 * Features * Allow compiling without OpenSSL and dynamically load files needed for SSL, add \'no ssl\' CI (#2305) * EXPERIMENTAL: Add `fork_worker` option and `refork` command for reduced memory usage by forking from a worker process instead of the master process. (#2099) * EXPERIMENTAL: Added `wait_for_less_busy_worker` config. This may reduce latency on MRI through inserting a small delay before re-listening on the socket if worker is busy (#2079). * EXPERIMENTAL: Added `nakayoshi_fork` option. Reduce memory usage in preloaded cluster-mode apps by GCing before fork and compacting, where available. (#2093, #2256) * Added pumactl `thread-backtraces` command to print thread backtraces (#2054) * Added incrementing `requests_count` to `Puma.stats`. (#2106) * Increased maximum URI path length from 2048 to 8192 bytes (#2167, #2344) * `lowlevel_error_handler` is now called during a forced threadpool shutdown, and if a callable with 3 arguments is set, we now also pass the status code (#2203) * Faster phased restart and worker timeout (#2220) * Added `state_permission` to config DSL to set state file permissions (#2238) * Added `Puma.stats_hash`, which returns a stats in Hash instead of a JSON string (#2086, #2253) * `rack.multithread` and `rack.multiprocess` now dynamically resolved by `max_thread` and `workers` respectively (#2288) * Deprecations, Removals and Breaking API Changes * `--control` has been removed. Use `--control-url` (#1487) * `worker_directory` has been removed. Use `directory`. * min_threads now set by environment variables PUMA_MIN_THREADS and MIN_THREADS. (#2143) * max_threads now set by environment variables PUMA_MAX_THREADS and MAX_THREADS. (#2143) * max_threads default to 5 in MRI or 16 for all other interpreters. (#2143) * preload by default if workers > 1 (#2143) * Puma::Plugin.workers_supported? has been removed. Use Puma.forkable? instead. (#2143) * `tcp_mode` has been removed without replacement. (#2169) * Daemonization has been removed without replacement. (#2170) * Changed #connected_port to #connected_ports (#2076) * Configuration: `environment` is read from `RAILS_ENV`, if `RACK_ENV` can\'t be found (#2022) * Log binding on http:// for TCP bindings to make it clickable * Bugfixes * Fix JSON loading issues on phased-restarts (#2269) * Improve shutdown reliability (#2312, #2338) * Close client http connections made to an ssl server with TLSv1.3 (#2116) * Do not set user_config to quiet by default to allow for file config (#2074) * Always close SSL connection in Puma::ControlCLI (#2211) * Windows update extconf.rb for use with ssp and varied Ruby/MSYS2 combinations (#2069) * Ensure control server Unix socket is closed on shutdown (#2112) * Preserve `BUNDLE_GEMFILE` env var when using `prune_bundler` (#1893) * Send 408 request timeout even when queue requests is disabled (#2119) * Rescue IO::WaitReadable instead of EAGAIN for blocking read (#2121) * Ensure `BUNDLE_GEMFILE` is unspecified in workers if unspecified in master when using `prune_bundler` (#2154) * Rescue and log exceptions in hooks defined by users (on_worker_boot, after_worker_fork etc) (#1551) * Read directly from the socket in #read_and_drop to avoid raising further SSL errors (#2198) * Set `Connection: closed` header when queue requests is disabled (#2216) * Pass queued requests to thread pool on server shutdown (#2122) * Fixed a few minor concurrency bugs in ThreadPool that may have affected non-GVL Rubies (#2220) * Fix `out_of_band` hook never executed if the number of worker threads is > 1 (#2177) * Fix ThreadPool#shutdown timeout accuracy (#2221) * Fix `UserFileDefaultOptions#fetch` to properly use `default` (#2233) * Improvements to `out_of_band` hook (#2234) * Prefer the rackup file specified by the CLI (#2225) * Fix for spawning subprocesses with fork_worker option (#2267) * Set `CONTENT_LENGTH` for chunked requests (#2287) * JRuby - Add Puma::MiniSSL::Engine#init? and #teardown methods, run all SSL tests (#2317) * Improve shutdown reliability (#2312) * Resolve issue with threadpool waiting counter decrement when thread is killed * Constrain rake-compiler version to 0.9.4 to fix `ClassNotFound` exception when using MiniSSL with Java8. * Fix recursive `prune_bundler` (#2319). * Ensure that TCP_CORK is usable * Fix corner case when request body is chunked (#2326) * Fix filehandle leak in MiniSSL (#2299) * Refactor * Remove unused loader argument from Plugin initializer (#2095) * Simplify `Configuration.random_token` and remove insecure fallback (#2102) * Simplify `Runner#start_control` URL parsing (#2111) * Removed the IOBuffer extension and replaced with Ruby (#1980) * Update `Rack::Handler::Puma.run` to use ` * *options` (#2189) * ThreadPool concurrency refactoring (#2220) * JSON parse cluster worker stats instead of regex (#2124) * Support parallel tests in verbose progress reporting (#2223) * Refactor error handling in server accept loop (#2239) * Sat Sep 12 2020 Manuel Schnitzer - updated to version 4.3.6 * Bugfixes * Explicitly include ctype.h to fix compilation warning and build error on macOS with Xcode 12 (#2304) * Don\'t require json at boot (#2269) * Wed May 27 2020 Manuel Schnitzer - updated to version 4.3.5 * CVE-2020-11076, CVE-2020-11077: Fixed two separate HTTP smuggling vulnerabilities that used the Transfer-Encoding header * Tue Mar 03 2020 Manuel Schnitzer - updated to version 4.3.3 [#] Bugfixes * Fix: Fixes a problem where we weren\'t splitting headers correctly on newlines (#2132) [#] Security * Fix: Prevent HTTP Response splitting via CR in early hints. * Sat Dec 14 2019 Manuel Schnitzer - updated to version 4.3.1 * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma\'s reactor and create a denial of service attack (CVE-2019-16770) * Tue Nov 12 2019 Manuel Schnitzer - updated to version 4.3.0 * Features * Strip whitespace at end of HTTP headers (#2010) * Optimize HTTP parser for JRuby (#2012) * Add SSL support for the control app and cli (#2046, #2052) * Bugfixes * Fix Errno::EINVAL when SSL is enabled and browser rejects cert (#1564) * Fix pumactl defaulting puma to development if an environment was not specified (#2035) * Fix closing file stream when reading pid from pidfile (#2048) * Fix a typo in configuration option `--extra_runtime_dependencies` (#2050)
|
|
|