Releases: puma/puma
Releases · puma/puma
6.0.2
6.0.1
6.0.1 / 2022-12-20
- Bugfixes
- Refactor
- Add IOBuffer to Client, remove from ThreadPool thread instances ([#3013])
Full Changelog: v6.0.0...v6.0.1
6.0.0
6.0.0 Sunflower
-
Breaking Changes
- Dropping Ruby 2.2 and 2.3 support (now 2.4+) ([#2919])
- Remote_addr functionality has changed ([#2652], [#2653])
- No longer supporting Java 1.7 or below (JRuby 9.1 was the last release to support this) ([#2849])
- Remove nakayoshi GC ([#2933], [#2925])
- wait_for_less_busy_worker is now default on ([#2940])
- Prefix all environment variables with
PUMA_
([#2924], [#2853]) - Removed some constants ([#2957], [#2958], [#2959], [#2960])
- The following classes are now part of Puma's private API:
Client
,Cluster::Worker
,Cluster::Worker
,HandleRequest
. ([#2988]) - Configuration constants like
DefaultRackup
removed ([#2928]) - Extracted
LogWriter
fromEvents
([#2798])
-
Features
- Increase throughput on large (100kb+) response bodies by 3-10x ([#2896], [#2892])
- Increase throughput on file responses ([#2923])
- Add support for streaming bodies in Rack. ([#2740])
- Allow OpenSSL session reuse via a 'reuse' ssl_bind method or bind string query parameter ([#2845])
- Allow
run_hooks
to pass a hash to blocks for use later ([#2917], [#2915]) - Allow using
preload_app!
withfork_worker
([#2907]) - Support request_body_wait metric with higher precision ([#2953])
- Allow header values to be arrays (Rack 3) ([#2936], [#2931])
- Export Puma/Ruby versions in /stats ([#2875])
- Allow configuring request uri max length & request path max length ([#2840])
- Add a couple of public accessors ([#2774])
- Log entire backtrace when worker start fails ([#2891])
- [jruby] Enable TLSv1.3 support ([#2886])
- [jruby] support setting TLS protocols + rename ssl_cipher_list ([#2899])
- [jruby] Support a truststore option ([#2849], [#2904], [#2884])
-
Bugfixes
-
Refactor
- log_writer.rb - add internal_write method ([#2888])
- Extract prune_bundler code into it's own class. ([#2797])
- Refactor Launcher#run to increase readability (no logic change) ([#2795])
- Ruby 3.2 will have native IO#wait_* methods, don't require io/wait ([#2903])
- Various internal API refactorings ([#2942], [#2921], [#2922], [#2955])
5.6.5
5.6.5 / 2022-08-23
- Bugfixes
- NullIO#closed should return false ([#2883])
- Puma::ControlCLI - allow refork command to be sent as a request ([#2868], [#2866])
- [jruby] Fix TLS verification hang ([#2890], [#2729])
- extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ([#2885], [#2839])
- MiniSSL - detect SSL_CTX_set_dh_auto ([#2864], [#2863])
- Fix rack.after_reply exceptions breaking connections ([#2861], [#2856])
- Escape SSL cert and filenames ([#2855])
- Fail hard if SSL certs or keys are invalid ([#2848])
- Fail hard if SSL certs or keys cannot be read by user ([#2847])
- Fix build with Opaque DH in LibreSSL 3.5. ([#2838])
- Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) ([#2817])
- Fix Puma::StateFile#load incompatibility ([#2810])
5.6.4
- Security
- Close several HTTP Request Smuggling exploits (CVE-2022-24790)
The 5.6.3 release was a mistake (released the wrong branch), 5.6.4 is correct.
4.3.12
Security
- Close several HTTP Request Smuggling exploits (CVE-2022-24790)
5.6.2
5.6.2 / 2022-02-11
- Bugfix/Security
- Response body will always be
close
d. (GHSA-rmj8-8hhh-gv5h, related to [#2809])
- Response body will always be
4.3.11
- Bugfix/Security
- Response body will always be
close
d. (GHSA-rmj8-8hhh-gv5h, related to [#2809])
- Response body will always be
5.6.1
5.6.0 - Birdie's Version
Maintainer @nateberkopec had a daughter, nicknamed Birdie:
5.6.0 / 2022-01-25
-
Features
- Support
localhost
integration inssl_bind
([#2764], [#2708]) - Allow backlog parameter to be set with ssl_bind DSL ([#2780])
- Remove yaml (psych) requirement in StateFile ([#2784])
- Allow culling of oldest workers, previously was only youngest ([#2773], [#2794])
- Add worker_check_interval configuration option ([#2759])
- Always send lowlevel_error response to client ([#2731], [#2341])
- Support for cert_pem and key_pem with ssl_bind DSL ([#2728])
- Support
-
Bugfixes
- Keep thread names under 15 characters, prevents breakage on some OSes ([#2733])
- Fix two 'old-style-definition' compile warning ([#2807], [#2806])
- Log environment correctly using option value ([#2799])
- Fix warning from Ruby master (will be 3.2.0) ([#2785])
- extconf.rb - fix openssl with old Windows builds ([#2757])
- server.rb - rescue handling (
Errno::EBADF
) for@notify.close
([#2745])
-
Refactor