forked from phusion/passenger
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGELOG
2213 lines (1772 loc) · 116 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Release 5.0.19
--------------
* Fixes an encoding crash in `passenger-memory-stats` on OS X in case one or more processes are running on the system with names containing UTF-8 characters. Closes GH-1603.
Release 5.0.18
--------------
* Fixes more memory corruption issues in the palloc subsystem.
* Fixes memory corruption issues in the Passenger core that may occur if the application sets many response headers. The issue was caused by an off-by-one bug.
Release 5.0.17
--------------
* Adds packages for Ubuntu 15.10 "Wily", even though Ubuntu 15.10 hasn't been released yet.
* Fixes some memory corruption issues in the palloc subsystem. Closes GH-1587.
* Fixes the Node.js `PhusionPassenger.on('exit')` event. This event worked if you restart the app or detach an application process, but not if you stop Passenger.
* Fixes support for `passenger_pre_start` URLs that contain very long authentication strings. This was caused by the fact that our Base64 encoder generated unexpected newlines.
* [Standalone] Improves application prestarting. Application prestarting is now available in combination with the 'builtin' engine, and now works when SSL is used.
Release 5.0.16
--------------
* Allows independent configuration of Union Station gateway address, port and certificate. Closes GH-1543.
* Supports seek() such that body.rewind works when using Rack middleware that uses Zlib::GzipReader (e.g. for compressed requests). Closes GH-1553.
* [Apache] Improves detection of Apache configuration file problems. Closes GH-1577.
* [Enterprise] Fixes installation of the Passenger Enterprise Apache module on Debian Testing.
* Fixes logging of HTTP response code for Union Station. This regression was introduced by Passenger 5. Closes GH-1581.
* Adds a new subcommand `passenger-config about support-binaries-dir`.
* Fixes a regression in the Node.js loader with regard to custom startup files. This bug was introduced in 5.0.14. Closes GH-1557 (again).
* Fixes a crash when a Ruby application is accessed through a sub-URI and a root virtual host at the same time.
Release 5.0.15
--------------
* Support SHA256 digests for the Rails asset pipeline, as used by Sprockets 3.x.
* Support for JRuby 9.0.0.0. Closes GH-1562.
* Fixes some bugs in Union Station support, which causes some data (such as controller information and exceptions) to not be logged.
* The old Users Guides have been deprecated in favor of the [Passenger Library](https://www.phusionpassenger.com/library/). The Users Guides now redirect to appropriate sections in the Passenger Library.
Release 5.0.14
--------------
* [Standalone] Relative path handling has been improved. In previous versions, relative paths were not handled in a consistent manner. Relative paths are now handled consistently according to the following rules:
- If a relative path is given via a command line option, then it is relative to the current working directory.
- If a relative path is given via Passengerfile.json, then it is relative to Passengerfile.json.
Closes GH-1557.
* [Standalone] The `--disable-turbocaching` now works with the Nginx engine.
Release 5.0.13
--------------
* The `passenger-config restart-app` command now supports the option `--ignore-passenger-not-running`. If this option is given, the command will exit normally instead of exiting with an error, if Passenger is not running. This option is useful in deployments involving Passenger Standalone. In an initial deployment, Passenger Standalone may not yet be running. Passing this option allows you to ignore that issue.
* SELinux policy issues in the RPMs have been fixed.
* [Apache] `passenger-config reopen-logs` didn't work on Apache unless you explicitly set `PassengerLogFile`. This has now been fixed.
* [Standalone] Due to some internal refactorings, the Passenger Standalone Nginx configuration template has changed. If you used a custom Nginx configuration template, please merge our latest changes into it.
Release 5.0.12
--------------
* [Enterprise] Fixed passenger-irb. It was broken in 5.0.10 because of the change that made using admin commands without sudo possible.
Release 5.0.11
--------------
* In 5.0.10, admin tools such as `passenger-status` and `passenger-config restart-app` display an authorization error if they are run without sudo, while at the same time Passenger isn't serving any applications. Since this is confusing, they have now been modified to display a more appropriate error message.
* Fixes a bug in the RPMs that prevent admin tools such as `passenger-status` and `passenger-config restart-app` from working when they are invoked without root privileges.
* Fixes a bug on OS X that prevent admin tools such as `passenger-status` and `passenger-config restart-app` from detecting Passenger instance directories when they are invoked without root privileges. Closes GH-1535.
* Fixes a bug that causes Passenger not to work if the HOME environment variable is not set.
* Fixes compatibility with non-Rails Ruby apps that require the actionview gem. Closes GH-1547.
* Fixes some non-fatal "permission denied" error that may occasionally occur if user switching is turned off. Closes GH-1541.
* Relative values for the `pid_file` and `log_file` options in Passengerfile.json are now supported.
* If Passengerfile.json contains a syntax error, Passenger Standalone now correctly prints an error message instead of crashing.
* Sending a SIGABRT signal to a Ruby process now properly makes it terminate.
* The `passenger-config restart-app` command now accepts `.` as parameter, which it will interpreter as "restart the app in the current working directory". Closes GH-1386.
* [Apache] Setting `PassengerLogLevel` no longer redirects Apache's own stderr to that log file. Closes GH-1373.
* [Standalone] Passenger Standalone's Nginx engine now includes the RealIP module. Closes GH-1389.
* [Standalone] The `--max-preloader-idle-time` option has been added.
Release 5.0.10
--------------
* It is now possible to run `passenger-status`, `passenger-config restart-app` and other admin commands without using sudo. When run without sudo, these admin commands will allow you to operate on apps and processes that are owned by the user that invoked the admin command. Closes GH-1392.
* Fixes a crash introduces in 5.0.9 due to not properly initializing a variable. Closes GH-1530.
* The `passenger-config reopen-logs` command now works by instructing the Watchdog process to reopen the log file, while instructing the other Passenger processes to re-inerhit the log file from the Watchdog instead of trying to reopen the log file on their own. This makes log file reopening more robust. Closes GH-1452.
* `passenger-config restart-app` no longer leaves the terminal in a state with black background. Closes GH-1526.
* `passenger-config admin-command` has been renamed to `passenger-config api-call` in order to avoid confusion with any potential admin interfaces that we will introduce in the future.
* If Union Station support is enabled, process and system metrics weren't being sent correctly to Union Station. This has been fixed.
* [Enterprise] Fixes the fact that the Passenger Enterprise RPM didn't correctly set SELinux permissions on its own files.
* [Apache] passenger-install-apache2-module no longer aborts with an error if the Apache configuration file contains errors. Closes GH-1525.
* [Apache] Fixes a typo that would cause passenger-install-apache2-module to crash on Red Hat and CentOS systems on which the SELinux command line tools are not installed. Closes GH-1527.
Release 5.0.9
-------------
* The casing of original headers as generated by the application are now preserved, instead of being downcased. This fixes compatibility issues with broken HTTP clients. Closes GH-1436.
* Internal refactoring: we've replaced libeio with libuv. This makes some of our code simpler. Closes GH-1428.
* When the passenger-status tool tries to cleanup a stale instance directory, it will no longer abort with an error when it fails to do that. It will now merely print a warning. Fixes [StackOverflow question 30354732](http://stackoverflow.com/questions/30354732/cap-aborted-capistrano-aborts-rails-deploy-while-attempting-to-chown-tmp-p/30357100#30357100).
* Fixes compilation problems on Solaris.
* The Ruby handler has been made more robust. Previously, it was possible for applications to corrupt connections by returning incorrect Rack responses. This may cause connections to get stuck. The Rack handler has been hardened to ensure that connections will never get corrupted or stuck. Closes GH-1512.
* The Ruby handler now closes the Rack response body even when the socket connection is hijacked by the application. The Rack specification is unclear about what to do in this case, and different Ruby app servers do different things. We have found that by closing the body object anyway, we maximize compatibility with existing Rack middlewares and apps, such as Rack::Lock. Background information about this issue can be found at https://github.com/ngauthier/tubesock/issues/10#issuecomment-72539461.
* Fixes a crash that could occur if some HTTP request headers are present, but have the empty value. Closes GH-1524.
* Fixes a permission problem that prevents the web server from communicating with Passenger when user switching is off. Closes GH-1520.
* Fixes a few small one-time memory leaks in the Passenger agent. This wraps up the workitems discovered in valgrind runs on earlier versions.
* Fixes use of uninitialized metrics. This could happen for a brief moment after spawning.
* [Apache] If you pass the `--apxs2-path` parameter to `passenger-install-apache2-module`, and the apxs2 path that you specified is not in PATH, then the installer would think that Apache installation is broken. This has been fixed.
* [Apache] A `Connection: close` header that was used for internal communication between Passenger processes was being leaked to the client, which breaks HTTP keep-alive connections. This has been fixed. Closes GH-1516.
* [Nginx] The preferred Nginx version is now 1.8.0. It was previously 1.6.3.
* [Nginx] Passenger now passes to the application the raw URI as sent by the client, as long as Nginx didn't modify the URI (e.g. as part of rewrite rules). This means that escaped slashes (%2F) in the URI now work correctly and out-of-the-box as long as there are no applicable rewrite rules.
* [Nginx] Fixes that crash that would occur if Nginx is configured to log to syslog. And to prevent log messages from disappearing into a black hole, Passenger will now ask you to set `passenger_log_file` if Nginx is configured to log to syslog. Closes GH-1514.
* [Standalone] Prevents an existing instance from being shut down if starting a new instance fails.
Release 5.0.8
-------------
* We now supply Debian 8 and Ubuntu 15.04 packages. Closes GH-1494 and GH-1400.
* We now supply Red Hat 6, Red Hat 7, CentOS 6 and CentOS 7 packages.
* We no longer supply Ubuntu 10.04 packages because Ubuntu 10.04 is no longer supported by Canonical.
* Fixes a Passenger crash (SIGSEGV) that occurs occasionally when out-of-band garbage collection is enabled. Closes GH-1469.
* Fixes a Passenger crash (SIGSEGV) that occurs occasionally with redirects to relative URLs. Closes GH-1513.
* Fixes cases when Passenger shuts down more processes than is allowed by the `min_instances` limit. Closes GH-1500.
* Fixes "Bad Gateway" errors that would occur when an application sets the X-Sendfile or X-Accel-Redirect header, together with a non-empty response body. Closes GH-1498.
* Fixes the fact that Passenger agent processes don't lower their privilege when user switching is turned off.
* Fixes autodetection of Apache on Gentoo. Closes GH-1510.
* Fixes compilation problems on Solaris. Closes GH-1508.
* [Standalone] Adds the `--pool-idle-time` command line parameter.
* [Standalone] Adds the `--auto` command line parameter for running non-interactively. This supresses prompts. Closes GH-1511.
Release 5.0.7
-------------
* Supports changed way of specifying settings for (non-bundled) Meteor apps. Closes GH-1403.
* Fixes an integer-to-string conversion bug in the code responsible for buffering chunked request bodies. This bug could cause the PassengerAgent to crash due to an exception. Thanks to Marcus Rückert of SUSE for reporting this.
* Request-specific environment variables are no longer cached. This fixes a number of issues, such as Shibboleth not working properly and conflicts between HTTPS and non-HTTPS virtual hosts. Closes GH-1472.
* Fixes a memory corruption bug that would be triggered when using `passenger_base_uri`. The memory corruption bug resided in the code for resolving symlinks. Closes GH-1388.
* Re-introduced signal catchers during shutdown, to allow clean shutdown in Foreman. Closes GH-1454.
* `passenger-status --show=xml` no longer outputs the non-XML header by default. This fixes a regression as reported in a comment in GH-1136.
* Passenger now prefers to load Rack and Bundler from RubyGems instead of from `vendor_ruby`. This solves some issues with Rack and Bundler on Debian systems. Closes GH-1480 and GH-1478.
* The turbocache no longer caches responses that contain the `X-Sendfile` or the `X-Accel-Redirect` header.
* The preferred Nginx version has been upgraded to 1.6.3.
* The logging agent no longer aborts with an error if one of the Passenger root directory's parent directories is not world-executable. Closes GH-1487.
* [Standalone] It is now possible to configure the Ruby, Node.js and Python executable to use in Passenger Standalone through the command line options --ruby, --nodejs and --python. Closes GH-1442.
* [Standalone] Running `passenger start --engine=builtin --daemonize` would fail with a timeout error. This has been fixed.
* [Standalone] Running `passenger start --nginx-version=XXX` would crash. This has been fixed. Closes GH-1490.
* [Apache] Fixed some issues with X-Sendfile. Closes GH-1376.
* [Apache] If the installer fails to autodetect Apache while the installer is running as a normal user, it will now ask you to give it root privileges. Closes GH-1289.
* [Apache] The installer now validates your Apache configuration file to check for common problems. The validator can also be accessed separately by running `passenger-config validate-install --validate-apache2`.
* [Nginx] Introduces the `passenger_read_timeout` option for rare cases when server needs more than the default 10 minute timeout. Contributed by pkmiec. Closes [GH-PR-34](https://github.com/phusion/passenger/pull/34).
* [Nginx] The Nginx module now looks for index.html if the path ends in / so that it works intuitively, without needing to use try_files.
* Fixes wrong memory address display in crash dumps. Thanks to thoughtpolice for pointing it out.
* Fixes an ugly backtrace that would be shown if an invalid request is made to an application process using the private HTTP interface. Contributed by jbergler. Closes GH-1311.
* Various documentation improvements. Closes [GH-PR-1332](https://github.com/phusion/passenger/pull/1332), [GH-PR-1354](https://github.com/phusion/passenger/pull/1354), [GH-PR-1216](https://github.com/phusion/passenger/pull/1216), [GH-PR-1385](https://github.com/phusion/passenger/pull/1385), [GH-PR-1302](https://github.com/phusion/passenger/pull/1302).
Release 5.0.6
-------------
* The turbocache no longer caches responses for which the Cache-Control header contains "no-cache". Please note that "no-cache" does not mean "do not cache this response". Instead, it means "any caching servers may only serve the cached response after validating it". Since the turbocache does not support validation, we've chosen to skip caching instead.
Coincidentally, this change "fixes" problems with applications that erroneously use "no-cache" as a flag for "do not cache this response". What these applications should actually use is "no-store". We recommend the developers of such applications to change their caching headers in this manner, because even if Passenger doesn't unintentionally cache the response, any intermediate proxies that visitors are behind may still cache the response.
* Fixes a number of memory leaks. Memory was leaked upon processing a request with multiple headers, upon processing a response with multiple headers, and upon processing a response with Set-Cookie headers. Every time such a request or response was processed, 512 bytes of memory was leaked due to improperly dereferencing relevant memory buffers. Closes GH-1455.
* Fixes various bugs related to Union Station data collection.
Union Station is our upcoming application analytics and performance monitoring SaaS platform. It is opt-in: no data is collected unless you turn the feature on.
* Fixes a Union Station-related file descriptor leak. Closes GH-1439.
* Fixes some bugs w.r.t. use of uninitialized memory.
* More informative error message if a support binary is not found, including a resolution hint. Closes GH-1395.
* [Apache] `SetEnv` variables are now passed as Rack/CGI/request variables. This was also the case in Passenger 4, but not in Passenger 5.0.0-5.0.5. We've restored the old behavior because the behavior in 5.0.0-5.0.5 breaks certain Apache modules such as Shibboleth. Closes GH-1446.
* [Standalone] PID and log files now correctly created if user specifies relative path.
Release 5.0.5
-------------
* Fixes various crashes due to use of uninitialized memory. One such crash is documented in GH-1431.
* Fixes a connection stall in the Apache module. Closes GH-1425.
* Fixes a potential read-past-buffer bug in string-to-integer conversion routines. Thanks to dcb314 for spotting this. Closes GH-1441.
* Fixes a compilation problem on Solaris. This problem was caused by the fact that `tm_gmtoff` is not supported on that platform. Closes GH-1435.
* There is now an API endpoint for force disconnecting a client: `passenger-config admin-command DELETE /server/<client name>.json`. Closes GH-1246.
* Fixes some file descriptor leaks. These leaks were caused by the fact that keep-alive connections with application processes were not being closed properly. Closes GH-1439.
* In order to more easily debug future file descriptor leaks, we've introduced the `PassengerFileDescriptorLogFile` (Apache) and `passenger_file_descriptor_log_file` (Nginx) config options. This allows Passenger to log all file descriptor open/close activity to a specific log file.
* The `PassengerDebugLogFile` (Apache) and `passenger_debug_log_file` (Nginx) configuration options have been renamed to `PassengerLogFile` and `passenger_log_file`, respectively. The old name is support supported for backward compatibility reasons.
* [Enterprise] Fixes a bug in Flying Passenger's `--instance-registry-dir` command line parameter. This command line parameter didn't do anything.
* [Enterprise] The Flying Passenger daemon no longer supports the `--max-preloader-idle-time` config option. This is because the config option never worked. The correct way to set the max preloader idle time is through the Nginx config option, but this was wrongly documented, so the documentation has been fixed.
Release 5.0.4
-------------
* Fixes a compilation problem introduced in 5.0.3.
Release 5.0.3
-------------
* [Standalone] When using the builtin engine, `passenger start` may crash during startup due to an initialization race condition. This has been fixed.
* [Enterprise] Fixes a bug in passenger-irb. Running passenger-irb without a PID parameter worked, but running it with a PID parameter didn't.
* Fixes an integer overflow that resulted in a file descriptor leak and stalled client connections. Closes GH-1412.
* Truncates Passenger source code paths in logs (to 3 chars) to reduce redundant info. Closes GH-1383.
* Fixes invalid JSON output for non-finite double values (e.g. from the HTTP JSON API). Closes GH-1408.
* All hooks now set the `PASSENGER_HOOK_NAME` environment variable. This variable is set to the name of the hook that is being called.
* The Ruby handler no longer tries to call #force_encoding on response body strings, which fixes an incompatibility with apps/libraries that return frozen body strings. Closes GH-1414.
* If the Ruby handler crashes while processing a Rack response body, it will now no longer stall the connection.
* Fixes env.SERVER_PORT containing 80 instead of 443 when using https on default port. Closes GH-1421.
* We now handle errors in the `poll()` system call better. This might fix some crashes during shutdown which manifest on FreeBSD.
Release 5.0.2
-------------
* Fixes a connection freeze that could occur when processing large responses. This would manifest itself under the error message "This website is under heavy load" or "Request queue is full, returning an error". Closes GH-1404.
* Debian and Ubuntu packages have been reintroduced.
* When `passenger-config restart-app` is run interactively, if Passenger is not serving any applications, then the command now prints an error message instead of showing a menu with only a "Cancel" option.
* Fixes a compilation problem on FreeBSD 10 (contributed by: clemensg). Closes GH-1401.
* [Standalone] Fixes a crash that would occur if you use the `--ctl` parameter.
* [Enterprise] The `--max-request-time` option has been added to Passenger Standalone.
* [Enterprise] The `max_request_time_reached` hook has been introduced. This hook allows you to run diagnostics on a process that that took too long to respond to a request.
Release 5.0.1
-------------
* The `passenger-config restart-app` command is now more user friendly. When run in a terminal, it will show an interactive menu, allowing you to select the app to restart. Closes GH-1387.
* Fixed a crash bug in the handling of sticky session cookies.
* Log failed program in error message, not its command line (contributed by: paisleyrob). Closes GH-1397.
* [Nginx] Fixes cases in which Passenger overrides the Nginx handler function even when it shouldn't, for example when Passenger is disabled. Closes GH-1393.
* [Enterprise] The `sticky_sessions` and `envvars` options in Passengerfile.json is now also supported in mass deployment mode.
Release 5.0.0 release candidate 2
---------------------------------
* Fixes an installation problem with the Ruby gem due to incorrect Makefile generation. Closes GH-1382.
* More helpful message when request queue is full. Closes GH-1375.
Release 5.0.0 release candidate 1
---------------------------------
* Fixed Date headers not being formatted in the GMT timezone. Closes GH-1367.
* Fixed Passengerfile.json/passenger-standalone.json not being properly loaded in Passenger Standalone.
* Fixed support for sticky sessions.
* Fixed an infinite loop if the ApplicationPool garbage collector fails due to an exception. Closes GH-1360.
* Fixed Passenger Standalone exiting prematurely when the HelperAgent crashes. Exiting prematurely is not supposed to happen because the watchdog will restart the HelperAgent. Closes GH-1339.
* Fixed a crash that occurs when using a non-standard startup file value. Closes GH-1378.
* When dumping system metrics during error page generation, the `passenger-config` command is now invoked under the same Ruby interpreter as the app, instead of the one in PATH. Closes GH-1381.
* When a Ruby process crashes due to an uncaught exception, this fact is now properly logged.
* Specifying 0 for the `max_pool_size` config option no longer results in a crash. Closes GH-1334.
* The timeouts when downloading Passenger Standalone binaries and source files are now customizable. Closes GH-1295.
* The `envvars` option is now supported in Passengerfile.json, for passing environment variables to the application. Closes GH-1377.
* Introduced `hook_queue_full_error` for request queue overflows. Closes GH-1358.
* [Ruby] Fixed handling of "transfer-encoding chunked" response bodies which contain zero-sized chunks.
* [Nginx] It is no longer necessary to re-specify `passenger_enabled` in `location` contexts. Closes GH-1338.
* [Enterprise] Fixed a bug in mass deployment reloading.
* [Enterprise] Fixed a bug in mass deployment daemonization.
* [Enterprise] Fixed passenger-irb. Closes GH-1350.
* [Enterprise] The mass deployment mode now supports the `app_type` and `startup_file` configuration options in Passengerfile.json/passenger-standalone.json. Closes GH-1366.
Release 5.0.0 beta 3
--------------------
* The turbocache has received major updates and fixes based on excellent feedback Chris Heald and the community. First, several bugs w.r.t. the handling of caching headers have been fixed. Second, the turbocache has become slightly more conservative for security reasons. In previous versions, default cacheable responses (as defined by RFC 7234) were cached unless caching headers tell us not to. Now, default cacheable responses are only cached if caching headers explicitly tell us to. This change was introduced because there are many applications that set incorrect caching headers on private responses. This new behavior is currently not configurable, but there are plans to make it configurable in 5.0.0 release candidate 1.
* Introduced a new configuration option, `passenger_response_buffer_high_watermark` (Nginx) and `PassengerResponseBufferHighWatermark` (Apache), for configuring the behavior of the response buffering system. Closes GH-1300.
* Fixed more cookie handling issues. Closes GH-1310.
* Fixed various WebSocket issues. Closes GH-1306.
* Fixed some crashes caused by race conditions. Closes GH-1326.
* Fixed issues with handling POST data. Closes GH-1331.
* Fixed some issues on Heroku. Closes GH-1329.
* Fixed some integer overflows. Fix contributed by Go Maeda. Closes GH-1357.
* Fixed the `passenger-status --show=union_station` command. Closes GH-1336.
* Nginx versions earlier than 1.6 are no longer supported.
* Improved state introspection.
Release 5.0.0 beta 2
--------------------
* Fixed handling of multiple Set-Cookie headers. Closes GH-1296.
* `passenger-config system-metrics` now works properly if the agent is installed in ~/.passenger. Closes GH-1304.
* Documentation enhancements by Igor Vuk. Closes GH-1318.
* Fixed some crasher bugs.
* [Standalone] User switching is now correctly disabled.
* [Standalone] Fixed the `--thread-count` parameter.
* [Apache] IPs set by mod_remoteip are now respected. Closes GH-1284.
* [Apache] Fixed support for gzipped chunked responses. Closes GH-1309.
Release 5.0.0 beta 1
--------------------
Version 5.0.0 beta 1 contains major changes. It's mostly compatible with version 4, but there are a few minor breakages, which are described below. Major changes and notable breakages are:
* Performance has been much improved. This is thanks to months of optimization work. You can learn more at www.rubyraptor.org.
* We've published a [server optimization guide](https://www.phusionpassenger.com/documentation/ServerOptimizationGuide.html) for those who are interested in tuning Phusion Passenger.
* Support for Rails 1.2 - 2.2 has been removed, for performance reasons. Rails 2.3 is still supported.
* Phusion Passenger now supports integrated HTTP caching, which we call turbocaching. If your app sets the right HTTP headers then Phusion Passenger can tremendously accelerate your app. It is enabled by default, but you can disable it with `--disable-turbocaching` (Standalone), `PassengerTurbocaching off` (Apache), or 'passenger_turbocaching off' (Nginx).
* Touching restart.txt will no longer restart your app immediately. This is because, for performance reasons, the stat throttle rate now defaults to 10. You can still get back the old behavior by setting `PassengerStatThrottleRate 0` (Apache) or `passenger_stat_throttle_rate 0` (Nginx), but this is not encouraged. Instead, we encourage you to use the `passenger-config restart-app` tool to initiate restarts, which has immediate effect.
* Websockets are now properly disconnected on application restarts.
* The Phusion Passneger log levels have been completely revamped. If you were setting a log level before (e.g. through `passenger_log_level`), please read the latest documentation to learn about the new log levels.
* If you use out-of-band garbage collection, beware that the `X-Passenger-Request-OOB-Work` header has now been renamed to `!~Request-OOB-Work`.
* When using Rack's full socket hijacking, you must now output an HTTP status line.
* [Nginx] The `passenger_set_cgi_param` option has been removed and replaced by `passenger_set_header` and `passenger_env_var`.
* [Nginx] `passenger_show_version_in_header` is now only valid in the `http` context.
* [Apache] The `PassengerStatThrottleRate` option is now global.
Minor changes:
* The minimum required Nginx version is now 1.6.0.
* The instance directory is now touched every hour instead of every 6 hours. This should hopefully prevent more problems with /tmp cleaner daemons.
* Applications are not grouped not only on the application root path, but also on the environment. For example, this allows you to run the same app in both production and staging mode, with only a single directory, without further configuration. Closes GH-664.
* The `passenger_temp_dir` option (Nginx) and the `PassengerTempDir` option (Apache) have been replaced by two config options. On Nginx they are `passenger_instance_registry_dir` and `passenger_data_buffer_dir`. On Apache they are `PassengerInstanceRegistryDir` and `PassengerDataBufferDir`. On Apache, `PassengerUploadBufferDir` has been replaced by `PassengerDataBufferDir`.
* Command line tools no longer respect the `PASSENGER_TEMP_DIR` environment variable. Use `PASSENGER_INSTANCE_REGISTRY_DIR` instead.
* `passenger-status --show=requests` has been deprecated in favor of `passenger-status --show=connections`.
* Using the SIGUSR1 signal to restart a Ruby app without dropping connections, is no longer supported. Instead, use `passenger-config detach-process`.
* Introduced the `passenger-config reopen-logs` command, which instructs all Phusion Passenger agent processes to reopen their log files. You should call this after having rotated the web server logs.
* [Standalone] The Phusion Passenger Standalone config template has changed. Users are encouraged to update it.
* [Standalone] `passenger-standalone.json` has been renamed to `Passengerfile.json`.
* [Standalone] `passenger-standalone.json`/`Passengerfile.json` no longer overrides command line options. Instead, command line options now have the highest priority.
Release 4.0.60
--------------
* Fixed the password protection of internal Phusion Passenger processes.
For security reasons, Phusion Passenger limits access to internal processes, by using Unix file permissions and randomly generated passwords that only authorized internal processes know. It turns out that this password wasn't set correctly, which has now been fixed. There was no security vulnerability, because the file permissions already provide sufficient security. The password only serves as an extra layer of security just in case there is a problem with the former.
This issue is not at all related to any application-level security or application-level passwords. Any database passwords, keys, or secrets used and generated by applications have got nothing to do with the nature of this issue. This issue only relates to some randomly generated passwords that Passenger uses internally, for its internal operations.
Release 4.0.59
--------------
* [Enterprise] Fixed support for free-style Node.js apps.
Release 4.0.58
--------------
* [Enterprise] Fixed a bug in the Debian packages which caused Flying Passenger to break when used with non-system Rubies.
* The Debian packages no longer require Ruby 1.9. Closes GH-1353.
Release 4.0.57
--------------
* Fixed a native extension compatibility problem with Ruby 2.2. Closes [ruby-core:67152](https://bugs.ruby-lang.org/issues/10656).
* Fixed compatibility with Nginx 1.7.9. Closes GH-1335.
Release 4.0.56
--------------
* Fixed a file descriptor leak that manifests when an error page is shown. Contributed by Paul Bonaud, closes GH-1325.
* Improved Node.js request load balancing. Closes GH-1322. Thanks to Charles Vallières for the analysis.
Release 4.0.55
--------------
* Supports Ruby 2.2. Closes GH-1314.
* Fixed Linux OS name detection.
Release 4.0.54
--------------
* Contains a licensing-related hot fix for Enterprise customers.
Release 4.0.53
--------------
* Upgraded the preferred Nginx version to 1.6.2.
* Improved RVM gemset autodetection.
* Fixed some Ruby 2.2 compatibility issues.
Release 4.0.52
--------------
* Fixed a null termination bug when autodetecting application types.
* Node.js apps can now also trigger the inverse port binding mechanism by passing `'/passenger'` as argument. This was introduced in order to be able to support the Hapi.js framework. Please read http://stackoverflow.com/questions/20645231/phusion-passenger-error-http-server-listen-was-called-more-than-once/20645549 for more information regarding Hapi.js support.
* It is now possible to abort Node.js WebSocket connections upon application restart. Please refer to https://github.com/phusion/passenger/wiki/Phusion-Passenger:-Node.js-tutorial#restarting_apps_that_serve_long_running_connections for more information. Closes GH-1200.
* Passenger Standalone no longer automatically resolves symlinks in its paths.
* `passenger-config system-metrics` no longer crashes when the system clock is set to a time in the past. Closes GH-1276.
* `passenger-status`, `passenger-memory-stats`, `passenger-install-apache2-module` and `passenger-install-nginx-module` no longer output ANSI color codes by default when STDOUT is not a TTY. Closes GH-487.
* `passenger-install-nginx-module --auto` is now all that's necessary to make it fully non-interactive. It is no longer necessary to provide all the answers through command line parameters. Closes GH-852.
* Minor contribution by Alessandro Lenzen.
Release 4.0.50
--------------
* Fixed a potential heap corruption bug.
* Added Union Station support for Rails 4.1.
Release 4.0.49
--------------
* Upgraded the preferred Nginx version to 1.6.1.
* Fixed a crash that may be triggered by the `passenger_max_requests` feature.
* Introduced the `spawn_failed` hook, which is called when an application
process fails to spawn. You could use this hook to setup an error
notification system. Closes GH-1252.
* Fonts, RSS and XML are now gzip-compressed by default in Phusion Passenger
Standalone. Thanks to Jacob Elder. Closes GH-1254.
* Fixed some user and group information lookup issues. Closes GH-1253.
* Fixed some request handling crashes. Closes GH-1250.
* Fixed some compilation problems on Gentoo. Closes GH-1261.
* Fixed some compilation problems on Solaris. Closes GH-1260.
Release 4.0.48
--------------
* Fixed a race condition while determining what user an application should
be executed as. This bug could lead to applications being run as the wrong
user. Closes GH-1241.
* [Standalone] Improved autodetection of Rails asset pipeline files. This
prevents Standalone from incorrectly setting caching headers on non-asset
pipeline files. Closes GH-1225.
* Fixed compilation problems on CentOS 5. Thanks to J. Smith. Closes GH-1247.
* Fixed compilation problems on OpenBSD.
* Fixed compatibility with Ruby 1.8.5.
Release 4.0.47
--------------
* [Enterprise] Fixed a bug in Flying Passenger's `--max-preloader-idle-time`
option.
Release 4.0.46
--------------
* Further improved Node.js and Socket.io compatibility.
* Sticky session cookies have been made more reliable.
* Fixed WebSocket upgrade issues on Firefox. Closes GH-1232.
* The Python application loader now inserts the application root into `sys.path`.
The fact that this was not done previously caused a lot of confusion amongst
Python users, who wondered why their `passenger_wsgi.py` could not import any
modules from the same directory.
* Fixed a compatibility problem with Django, which could cause Django apps to
freeze indefinitely. Closes GH-1215.
* Logging of application spawning errors has been much improved. Full details
about the error, such as environment variables, are saved to a private log file.
In the past, these details were only viewable in the browser. This change also
fixes a bug on Phusion Passenger Enterprise, where enabling Deployment Error
Resistance causes error messages to get lost. Closes GH-1021 and GH-1175.
* Fixed a regression in Node.js support. When a Node.js app is deployed on
a HTTPS host, the `X-Forwarded-Proto` header wasn't set in 4.0.45.
Closes GH-1231.
* Passenger Standalone no longer, by default, loads shell startup files before
loading the application. This is because Passenger Standalone is often invoked
from the shell anyway. Indeed, loading shell startup files again can interfere
with any environment variables already set in the invoking shell. You can
still tell Passenger Standalone to load shell startup files by passing
`--load-shell-envvars`. Passenger for Apache and Passenger for Nginx still
load shell startup files by default.
* Passenger Standalone now works properly when the HOME environment variable
isn't set. Closes GH-713.
* Passenger Standalone's `package-runtime` command has been removed. It has
been broken for a while and has nowadays been obsolete by our automatic
[binary generation system](https://github.com/phusion/passenger_autobuilder).
Closes GH-1133.
* The `passenger_startup_file` option now also works on Python apps. Closes GH-1233.
* If you are a [Union Station](https://www.unionstationapp.com) customer, then
Phusion Passenger will now also log application spawning errors to Union Station.
This data isn't shown in the Union Station interface yet, but it will be
implemented in the future.
* Fixed compilation problems on OmniOS and OpenIndiana. Closes GH-1212.
* Fixed compilation problems when Nginx is configured with OpenResty.
Thanks to Yichun Zhang. Closes GH-1226.
* Fixed Nginx HTTP POST failures on ARM platforms. Thanks to nocelic for the fix.
Closes GH-1151.
* Documentation contributions by Tim Bishop and Tugdual de Kerviler.
* Minor Nginx bug fix by Feng Gu. Closes GH-1235.
Release 4.0.45
--------------
* Major improvements in Node.js and Meteor compatibility. Older Phusion Passenger
versions implemented Node.js support by emulating Node.js' HTTP library.
This approach was found to be unsustainable, so we've abandoned that approach
and replaced it with a much simpler approach that does not involve emulating
the HTTP library.
* Introduced support for sticky sessions. Sticky sessions are useful -- or even
required -- for apps that store state inside process memory. Prominent examples
include SockJS, Socket.io, faye-websocket and Meteor. Sticky sessions are
required to make the aforementioned examples work in multi-process scenarios.
By introducing sticky sessions support, we've much improved WebSocket support
and support for the aforementioned libraries and frameworks.
* Due to user demand, GET requests with request bodies are once again supported.
Support for these kinds of requests was removed in 4.0.42 in an attempt to
increase the strictness and robustness of our request handling code. It has
been determined that GET requests with request bodies can be adequately
supported without degrading robustness in Phusion Passenger. However, GET
requests with both request bodies and WebSocket upgrade headers are
unsupported. Fixes issue #1092.
* [Enterprise] The [Flying Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#flying_passenger)
feature is now also available on Apache.
* Fixed some issues with RVM mixed mode support, issue #1121.
* Fixed Passenger Standalone complaining about not finding PassengerHelperAgent
during startup.
* Fixed various minor issues such as #1190 and #1197.
* The download timeout for passenger-install-nginx-module has been increased.
Patch by 亀田 義裕.
Release 4.0.44
--------------
* The issue tracker has now been moved from Google Code to Github.
Before version 4.0.44 (May 29 2014, commit 3dd0964c9f4), all
issue numbers referred to Google Code. From now on, all issue
numbers will refer to Github Issues.
* Fixed compilation problems on OS X Lion and OS X Mountain Lion.
* On Ruby, fixed `nil` being frozen on accident in some cases.
See issue #1192.
Release 4.0.43
--------------
* Introduced a new command `passenger-config list-instances`, which prints all
running Phusion Passenger instances.
* Introduced a new command `passenger-config system-metrics, which displays
metrics about the system such as the total CPU and memory usage.
* Fixed some compilation problems caused by the compiler capability autodetector.
* System metrics such as total CPU usage and memory usage, are now sent to
[Union Station](https://www.unionstationapp.com) in preparation for future
features.
Release 4.0.42
--------------
* [Nginx] Upgraded the preferred Nginx version to 1.6.0.
* [Nginx] Fixed compatibility with Nginx 1.7.0.
* [Standalone] The MIME type for .woff files has been changed to application/font-woff.
Fixes issue #1071.
* There are now APT packages for Ubuntu 14.04. At the same time, packages for
Ubuntu 13.10 have been abandoned.
* Introduced a new command, `passenger-config build-native-support`, for ensuring
that the native_support library for the current Ruby interpreter is built. This
is useful in system provisioning scripts.
* For security reasons, friendly error pages (those black/purple pages that shows
the error message, backtrace and environment variable dump when an application
fails to start) are now disabled by default when the application environment is
set to 'staging' or 'production'. Fixes issue #1063.
* Fixed some compilation warnings on Ubuntu 14.04.
* Fixed some compatibility problems with Rake 10.2.0 and later.
See [Rake issue 274](https://github.com/jimweirich/rake/issues/274).
* Improved error handling in [Union Station](https://www.unionstationapp.com) support.
* Data is now sent to Union Station on a more frequent basis, in order to make new
data show up more quickly.
* Information about the code revision is now sent to Union Station, which will be
used in the upcoming deployment tracking feature in Union Station 2.
Release 4.0.41
--------------
* Fixed some issues with printing UTF-8 log files on Heroku.
* Added a new flag `--ignore-app-not-running` to `passenger-config restart-app`.
When this flag is given, `passenger-config restart-app` will exit successfully
when the specified application is not running, instead of exiting with
an error.
* Our precompiled Passenger Standalone binaries have been upgraded to use
OpenSSL 1.0.1g, which fixes [the OpenSSL Heartbleed vulnerability](http://heartbleed.com/).
Users who are using Passenger Standalone with SSL enabled are vulnerable,
and should upgrade immediately. Users who do not use Passenger Standalone,
users who use Passenger Standalone without SSL, or users who use Passenger
Standalone with SSL behind another SSL-enabled reverse proxy, are not
vulnerable.
Release 4.0.40
--------------
* Upgraded preferred Nginx version to 1.4.7. This Nginx version fixes
a buffer overflow. Users are strongly urged to upgrade Nginx as soon
as possible.
Release 4.0.39
--------------
* Fixed a crash that could happen if the client disconnects while a chunked
response is being sent. Fixes issue #1062.
* In Phusion Passenger Standalone, it is now possible to customize the Nginx
configuration file on Heroku. It is now also possible to permanently apply
changes to the Nginx configuration file, surviving upgrades. Please refer
to the "Advanced configuration" section of the Phusion Passenger Standalone
manual for more information.
* The programming language selection menu in passenger-install-apache2-module
and passenger-install-nginx-module only works on terminals that support
UTF-8 and that have a UTF-8 capable font. To cater to users who cannot meet
these requirements (e.g. PuTTY users using any of the default Windows fonts),
it is now possible to switch the menu to a plain text mode by pressing '!'.
Fixes issue #1066.
* Fixed printing UTF-8 characters in log files in Phusion Passenger Standalone.
* It is now possible to dump live backtraces of Python apps through the
'SIGABRT' signal.
* Fixed closing of file descriptors on OS X 10.9.
* Fixed compilation problems with Apple Clang 503.0.38 on OS X.
* Fixed compilation of native_support on Rubinius.
Release 4.0.38
--------------
* Added support for the new Ruby 2.1.0 out-of-band garbage collector.
This can much improve garbage collection performance, and drastically
reduce request times.
* Fixed a symlink-related security vulnerability.
Urgency: low
Scope: local exploit
Summary: writing files to arbitrary directory by hijacking temp directories
Affected versions: 4.0.37
Fixed versions: 4.0.38
CVE-2014-1832
Description:
This issue is related to CVE-2014-1831 (the security issue as mentioned in
the 4.0.37 release notes). The previous fix was incomplete, and still has a
(albeit smaller) small attack time window in between two filesystem
checks. This attack window is now gone.
* Passenger Standalone is now compatible with IPv6.
* Fixed some compilation problems on Solaris. See issue #1047.
* passenger-install-apache2-module and passenger-install-nginx-module
now automatically run in `--auto` mode if stdin is not a TTY. Fixes
issue #1030.
* Fixed an issue with non-bundled Meteor apps not correctly running in
production mode.
* The `PassengerPreStart` option is now compatible with IPv6 server sockets.
* When running Python WSGI apps, `wsgi.run_once` is now set to False.
This should improve the performance of certain apps and frameworks.
* When handling HTTP requests with chunked transfer encoding, the
'Transfer-Encoding' header is no longer passed to the application.
This is because the web server already buffers and dechunks the
request body.
* Fixed a possible hang in Phusion Passenger for Nginx when Nginx
is instructed to reload or reopen log files. Thanks to Feng Gu,
[pull request #97](https://github.com/phusion/passenger/pull/97).
* The preferred Nginx version has been upgraded to 1.4.6.
* Fixed a problem with running passenger-install-apache2-module and
passenger-install-nginx-module on JRuby. They were not able to accept
any terminal input after displaying the programming language menu.
Release 4.0.37
--------------
* Improved Node.js compatibility. Calling on() on the request object
now returns the request object itself. This fixes some issues with
Express, Connect and Formidable. Furthermore, some WebSocket-related
issues have been fixed.
* Improved Meteor support. Meteor application processes are now shut down
quicker. Previously, they linger around for 5 seconds while waiting for
all connections to terminate, but that didn't work well because WebSocket
connections were kept open indefinitely. Also, some WebSocket-related
issues have been fixed.
* Introduced a new tool `passenger-config detach-process` for gracefully
detaching an application process from the process pool. Has a similar
effect to killing the application process directly with `kill <PID>`,
but killing directly may cause the HTTP client to see an error, while
using this command guarantees that clients see no errors.
* Fixed a crash that occurs when an application fails to spawn, but the HTTP
client disconnects before the error page is generated. Fixes issue #1028.
* Fixed a symlink-related security vulnerability.
Urgency: low
Scope: local exploit
Summary: writing files to arbitrary directory by hijacking temp directories
Affected versions: 4.0.5 and later
Fixed versions: 4.0.37
CVE-2014-1831
Description:
Phusion Passenger creates a "server instance directory" in /tmp during startup,
which is a temporary directory that Phusion Passenger uses to store working files.
This directory is deleted after Phusion Passenger exits. For various technical
reasons, this directory must have a semi-predictable filename. If a local attacker
can predict this filename, and precreates a symlink with the same filename that
points to an arbitrary directory with mode 755, owner root and group root, then
the attacker will succeed in making Phusion Passenger write files and create
subdirectories inside that target directory. The following files/subdirectories
are created:
* control_process.pid
* generation-X, where X is a number.
If you happen to have a file inside the target directory called `control_process.pid`,
then that file's contents are overwritten.
These files and directories are deleted during Phusion Passenger exit. The target
directory itself is not deleted, nor are any other contents inside the target
directory, although the symlink is.
Thanks go to Jakub Wilk for discovering this issue.
Release 4.0.36
--------------
* [Enterprise] Fixed some Mass Deployment bugs.
* [Enterprise] Fixed a bug that causes an application group to be put into
Deployment Error Resistance Mode if rolling restarting fails while
deployment error resistance is off. Deployment Error Resistance Mode is
now only activated if it's explicitly turned on.
* Passenger Standalone now gzips JSON responses.
* Fixed some cases in which Passenger Standalone does not to properly cleanup
its temporary files.
Release 4.0.35
--------------
* Fixed some unit tests.
Release 4.0.34
--------------
* The Node.js loader code now sets the `isApplicationLoader` attribute on the
bootstrapping module. This provides a way for apps and frameworks that check
for `module.parent` to check whether the current file is loaded by Phusion
Passenger, or by other software that work in a similar way.
This change has been introduced to solve a compatibility issue with CompoundJS.
CompoundJS users should modify their server.js, and change the following:
if (!module.parent) {
to:
if (!module.parent || module.parent.isApplicationLoader) {
* Improved support for Meteor in development mode. Terminating Phusion Passenger
now leaves less garbage Meteor processes behind.
* It is now possible to disable the usage of the Ruby native extension by setting
the environment variable `PASSENGER_USE_RUBY_NATIVE_SUPPORT=0`.
* Fixed incorrect detection of the Apache MPM on Ubuntu 13.10.
* When using RVM, if you set PassengerRuby/passenger_ruby to the raw Ruby binary
instead of the wrapper script, Phusion Passenger will now print an error.
* Added support for RVM >= 1.25 wrapper scripts.
* Fixed loading passenger_native_support on Ruby 1.9.2.
* The Union Station analytics code now works even without native_support.
* Fixed `passenger-install-apache2-module` and `passenger-install-nginx-module` in
Homebrew.
* Binaries are now downloaded from an Amazon S3 mirror if the main binary server
is unavailable.
* And finally, although this isn't really a change in 4.0.34, it should be noted.
In version 4.0.33 we changed the way Phusion Passenger's own Ruby source files
are loaded, in order to fix some Debian and RPM packaging issues. The following
doesn't work anymore:
require 'phusion_passenger/foo'
Instead, it should become:
PhusionPassenger.require_passenger_lib 'foo'
However, we overlooked the fact that this change breaks Ruby apps which use
our Out-of-Band GC feature, because such apps had to call
`require 'phusion_passenger/rack/out_of_band_gc'`. Unfortunately we're not able
to maintain compatibility without reintroducing the Debian and RPM packaging
issues. Users should modify the following:
require 'phusion_passenger/rack/out_of_band_gc'
to:
if PhusionPassenger.respond_to?(:require_passenger_lib)
# Phusion Passenger >= 4.0.33
PhusionPassenger.require_passenger_lib 'rack/out_of_band_gc'
else
# Phusion Passenger < 4.0.33
require 'phusion_passenger/rack/out_of_band_gc'
end
Release 4.0.33
--------------
* Fixed a compatibility problem in passenger-install-apache2-module with Ruby 1.8.
The language selection menu didn't work properly.
Release 4.0.32
--------------
* Fixed compatibility problems with old Ruby versions that didn't include RubyGems.
Release 4.0.31
--------------
* Introduced a new tool: `passenger-config restart-app`. With this command you
can initiate an application restart without touching restart.txt.
Unlike touching restart.txt, this tool initiates the restart immediately
instead of on the next request.
* Fixed some problems in process spawning and request handling.
* Fixed some problems with the handling of HTTP chunked transfer encoding
bodies. These problems only occurred in Ruby.
* Fixed the HelperAgent, upon shutdown, not correctly waiting 5 seconds until
all clients have disconnected. Fixes issue #884.
* Fixed compilation problems on FreeBSD.
* Fixed some C++ strict aliasing problems.
* Fixed some problems with spawning applications that print messages without
newline during startup. Fixes issue #1039.
* Fixed potential hangs on JRuby when Ctrl-C is used to shutdown the server.
Fixes issue #1035.
* When Phusion Passenger is installed through the Debian package,
passenger-install-apache2-module now checks whether the Apache
module package (libapache2-mod-passenger) is properly installed,
and installs it using apt-get if it's not installed. Fixes
issue #1031.
* The `passenger-status --show=xml` command no longer prints the non-XML
preamble, such as the version number and the time. Fixes issue #1037.
* The Ruby native extension check whether it's loaded against the right Ruby
version, to prevent problems when people upgrade Ruby without recompiling
their native extensions.
* Various other minor Debian packaging improvements.
Release 4.0.30
--------------
* Fixed wrong autogeneration of HTTP Date header. If the web app does
not supply a Date header, then Passenger will add one. Unfortunately
due to the use of the wrong format string, December 30 2013 is
formatted as December 30 2014. As a result, cookies that expire before
2014 would expire on December 30 2013 and December 31 2013. Details can
be found at [Github pull request 93](https://github.com/phusion/passenger/pull/93).
This issue only affects Phusion Passenger for Nginx and Phusion Passenger
Standalone, and does not affect Phusion Passenger for Apache.
You can work around this problem in your application by setting a
Date header. For example, in Rails you can do:
before_filter { response.date = Time.now.utc }
Many thanks to Jeff Michael Dean (zilkey) and many others for bringing this to our attention and for providing workarounds and feedback.
Release 4.0.29
--------------
* Fixed a compilation problem on OS X Mavericks.
Release 4.0.28
--------------
* Introduced a workaround for a GCC 4.6 bug. This bug could cause Phusion
Passsenger to crash during startup. Affected operating systems include
Ubuntu 12.04 and Amazon Linux 2013.09.01, though not every machine with
this OS installed exhibits the problem. See issue #902.
* Improved Node.js support: the Sails framework is now supported.
* Improved Node.js support: the streams2 API is now supported.
* Introduced support for hooks, allowing users to easily extend Phusion
Passenger's behavior.
* Fixed a bug in the `passenger start -R` option. It was broken because of a
change introduced in 4.0.25.
* Fixed a bug in PassengerMaxInstancesPerApp. Fixes issue #1016.
* Fixed compilation problems on Solaris.
* Fixed an encoding problem in the Apache autodetection code. Fixes
issue #1026.
* The Debian packages no longer depend on libruby.
* Application stdout and stderr are now printed without normal
Phusion Passenger debugging information, making them easier to read.
Release 4.0.27
--------------
* [Apache] Fixed a bug in the Apache module which could lock up the Apache
process or thread. This is a regression introduced in version 4.0.24.
* Node.js application processes now have friendly process titles.
Release 4.0.26
--------------
* Introduced the `PassengerBufferUpload` option for Apache. This option allows one
to disable upload buffering, e.g. in order to be able to track upload progress.
* [Nginx] The `HTTPS` variable is now set correctly for HTTPS connections, even
without setting `ssl on`. Fixes issue #401.
* [Standalone] It is now possible to listen on both a normal HTTP and an HTTPS port.
* [Enterprise] The `passenger-status` tool now displays rolling restart status.
Release 4.0.25
--------------
* The `PassengerAppEnv`/`passenger_app_env`/`--environment` option now also sets NODE_ENV,
so that Node.js frameworks like Connect can properly respond to the environment.
* Fixed a bug in our Debian/Ubuntu packages causing `passenger-install-nginx-module`
not to be able to compile Nginx.
* Arbitrary Node.js application structures are now supported.
* [Nginx] Introduced the `passenger_restart_dir` option.
* [Nginx] Upgraded preferred Nginx version to 1.4.4 because of CVE-2013-4547.
Release 4.0.24
--------------
* Introduced the `PassengerNodejs` (Apache) and `passenger_nodejs` (Nginx)
configuration options.
* [Apache] Introduced the `PassengerErrorOverride` option, so that HTTP error
responses generated by applications can be intercepted by Apache and customized
using the `ErrorDocument` directive.
* [Standalone] It is now possible to specify some configuration options in
a configuration file `passenger-standalone.json`. When Passenger Standalone
is used in Mass Deployment mode, this configuration file can be used to customize
settings on a per-application basis.
* [Enterprise] Fixed a potential crash when a rolling restart is triggered
while a process is already shutting down.
* [Enterprise] Fixed Mass Deployment support for Node.js and Meteor.
Release 4.0.23
--------------
* Fixed compilation problems on GCC 4.8.2 (e.g. Arch Linux 2013-10-27).
* Fixed a compatibility problem with Solaris /usr/ccs/bin/make: issue #999.
* Support for the Meteor Javascript framework has been open sourced.
Release 4.0.22
--------------
* [Enterprised] Fixed compilation problems on OS X Mavericks.
Release 4.0.21
--------------
* [Nginx] Upgraded the preferred Nginx version to 1.4.3.
* Node.js support has been open sourced.
* Prelimenary OS X Mavericks support.
* Work around an Apache packaging bug in CentOS 5.
* Various user friendliness improvements in the documentation and the
installers.
* Fixed a bug in the always_restart.txt support. Phusion Passenger was
looking for it in the wrong directory.
* Many Solaris and Sun Studio compatibility fixes. Special thanks to
"mark" for his extensive assistance.
* [Standalone] The --temp-dir command line option has been introduced.
Release 4.0.20
--------------
* Fixed a bug in Phusion Passenger Standalone's daemon mode. When in daemon
mode, the Nginx temporary directory was deleted prematurely, causing some
POST requests to fail. This was a regression that was introduced in 4.0.15
as part of an optimization.
* Fixed compilation problems on Solaris 10 with Sun Studio 12.3.
* Improved detection of RVM problems.
* It is now possible to log the request method to Union Station.
* Introduced a new option, `PassengerLoadShellEnvvars` (Apache) and
`passenger_load_shell_envvars` (Nginx). This allows enabling or disabling
the loading of bashrc before spawning the application.
* [Enterprise] Fixed a packaging problem which caused the flying-passenger
executable not to be properly included in the bin path.
* [Enterprise] Fixed a race condition which sometimes causes the Flying
Passenger socket to be deleted after a restart. Fixes issue #939.
* [Enterprise] The `byebug` gem is now supported for debugging on Ruby 2.0.
The byebug gem requires a patch before this works:
https://github.com/deivid-rodriguez/byebug/pull/29
Release 4.0.19
--------------
* Fixed a problem with response buffering. Application processes are now
properly marked available for request processing immediately after they're