Puma Versions Save

A Ruby/Rack web server built for parallelism

v6.0.2

1 year ago

6.0.2 / 2023-01-01

  • Refactor
    • Remove use of etc and time gems in Puma ([#3035], [#3033])
    • Refactor const.rb - freeze ([#3016])

v6.0.1

1 year ago

6.0.1 / 2022-12-20

  • Bugfixes
    • Handle waking up a closed selector in Reactor#add ([#3005])
    • Fixup response processing, enumerable bodies ([#3004], [#3000])
    • Correctly close app body for all code paths ([#3002], [#2999])
  • Refactor
    • Add IOBuffer to Client, remove from ThreadPool thread instances ([#3013])

Full Changelog: https://github.com/puma/puma/compare/v6.0.0...v6.0.1

v6.0.0

1 year ago

6.0.0 Sunflower

Image by Todd Trapani, Unsplash

  • Breaking Changes

    • Dropping Ruby 2.2 and 2.3 support (now 2.4+) ([#2919])
    • Remote_addr functionality has changed ([#2652], [#2653])
    • No longer supporting Java 1.7 or below (JRuby 9.1 was the last release to support this) ([#2849])
    • Remove nakayoshi GC ([#2933], [#2925])
    • wait_for_less_busy_worker is now default on ([#2940])
    • Prefix all environment variables with PUMA_ ([#2924], [#2853])
    • Removed some constants ([#2957], [#2958], [#2959], [#2960])
    • The following classes are now part of Puma's private API: Client, Cluster::Worker, Cluster::Worker, HandleRequest. ([#2988])
    • Configuration constants like DefaultRackup removed ([#2928])
    • Extracted LogWriter from Events ([#2798])

  • Features

    • Increase throughput on large (100kb+) response bodies by 3-10x ([#2896], [#2892])
    • Increase throughput on file responses ([#2923])
    • Add support for streaming bodies in Rack. ([#2740])
    • Allow OpenSSL session reuse via a 'reuse' ssl_bind method or bind string query parameter ([#2845])
    • Allow run_hooks to pass a hash to blocks for use later ([#2917], [#2915])
    • Allow using preload_app! with fork_worker ([#2907])
    • Support request_body_wait metric with higher precision ([#2953])
    • Allow header values to be arrays (Rack 3) ([#2936], [#2931])
    • Export Puma/Ruby versions in /stats ([#2875])
    • Allow configuring request uri max length & request path max length ([#2840])
    • Add a couple of public accessors ([#2774])
    • Log entire backtrace when worker start fails ([#2891])
    • [jruby] Enable TLSv1.3 support ([#2886])
    • [jruby] support setting TLS protocols + rename ssl_cipher_list ([#2899])
    • [jruby] Support a truststore option ([#2849], [#2904], [#2884])

  • Bugfixes

    • Load the configuration before passing it to the binder ([#2897])
    • Do not raise error raised on HTTP methods we don't recognize or support, like CONNECT ([#2932], [#1441])
    • Fixed a memory leak when creating a new SSL listener ([#2956])

  • Refactor

    • log_writer.rb - add internal_write method ([#2888])
    • Extract prune_bundler code into it's own class. ([#2797])
    • Refactor Launcher#run to increase readability (no logic change) ([#2795])
    • Ruby 3.2 will have native IO#wait_* methods, don't require io/wait ([#2903])
    • Various internal API refactorings ([#2942], [#2921], [#2922], [#2955])

v5.6.5

1 year ago

5.6.5 / 2022-08-23

  • Bugfixes
    • NullIO#closed should return false ([#2883])
    • Puma::ControlCLI - allow refork command to be sent as a request ([#2868], [#2866])
    • [jruby] Fix TLS verification hang ([#2890], [#2729])
    • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ([#2885], [#2839])
    • MiniSSL - detect SSL_CTX_set_dh_auto ([#2864], [#2863])
    • Fix rack.after_reply exceptions breaking connections ([#2861], [#2856])
    • Escape SSL cert and filenames ([#2855])
    • Fail hard if SSL certs or keys are invalid ([#2848])
    • Fail hard if SSL certs or keys cannot be read by user ([#2847])
    • Fix build with Opaque DH in LibreSSL 3.5. ([#2838])
    • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) ([#2817])
    • Fix Puma::StateFile#load incompatibility ([#2810])

v4.3.12

2 years ago

Security

  • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

v5.6.4

2 years ago
  • Security
    • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

The 5.6.3 release was a mistake (released the wrong branch), 5.6.4 is correct.

v5.6.2

2 years ago

5.6.2 / 2022-02-11

  • Bugfix/Security
    • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to [#2809])

v4.3.11

2 years ago
  • Bugfix/Security
    • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to [#2809])

v5.6.1

2 years ago

Bugfixes

  • Reverted a commit which appeared to be causing occasional blank header values (see issue #2808) (#2809)

Full Changelog: https://github.com/puma/puma/compare/v5.6.0...v5.6.1

v5.6.0

2 years ago

Maintainer @nateberkopec had a daughter, nicknamed Birdie:

slack-imgs

5.6.0 / 2022-01-25

  • Features

    • Support localhost integration in ssl_bind ([#2764], [#2708])
    • Allow backlog parameter to be set with ssl_bind DSL ([#2780])
    • Remove yaml (psych) requirement in StateFile ([#2784])
    • Allow culling of oldest workers, previously was only youngest ([#2773], [#2794])
    • Add worker_check_interval configuration option ([#2759])
    • Always send lowlevel_error response to client ([#2731], [#2341])
    • Support for cert_pem and key_pem with ssl_bind DSL ([#2728])

  • Bugfixes

    • Keep thread names under 15 characters, prevents breakage on some OSes ([#2733])
    • Fix two 'old-style-definition' compile warning ([#2807], [#2806])
    • Log environment correctly using option value ([#2799])
    • Fix warning from Ruby master (will be 3.2.0) ([#2785])
    • extconf.rb - fix openssl with old Windows builds ([#2757])
    • server.rb - rescue handling (Errno::EBADF) for @notify.close ([#2745])

  • Refactor

    • server.rb - refactor code using @options[:remote_address] ([#2742])
    • [jruby] a couple refactorings - avoid copy-ing bytes ([#2730])