All Versions
142
Latest Version
Avg Release Cycle
27 days
Latest Release
131 days ago

Changelog History
Page 1

  • v5.6.4 Changes

    March 30, 2022
    • ๐Ÿ”’ Security
      • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

  • v5.6.2 Changes

    February 11, 2022
    • ๐Ÿ›  Bugfix/Security
      • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to [#2809])

  • v5.6.1 Changes

    January 26, 2022
    • ๐Ÿ›  Bugfixes
      • Reverted a commit which appeared to be causing occasional blank header values ([#2809])

  • v5.6.0 Changes

    January 25, 2022

    • ๐Ÿ”‹ Features

      • Support localhost integration in ssl_bind ([#2764], [#2708])
      • Allow backlog parameter to be set with ssl_bind DSL ([#2780])
      • Remove yaml (psych) requirement in StateFile ([#2784])
      • Allow culling of oldest workers, previously was only youngest ([#2773], [#2794])
      • Add worker_check_interval configuration option ([#2759])
      • Always send lowlevel_error response to client ([#2731], [#2341])
      • Support for cert_pem and key_pem with ssl_bind DSL ([#2728])

    • ๐Ÿ›  Bugfixes

      • Keep thread names under 15 characters, prevents breakage on some OSes ([#2733])
      • Fix two 'old-style-definition' compile warning ([#2807], [#2806])
      • Log environment correctly using option value ([#2799])
      • Fix warning from Ruby master (will be 3.2.0) ([#2785])
      • extconf.rb - fix openssl with old Windows builds ([#2757])
      • server.rb - rescue handling (Errno::EBADF) for @notify.close ([#2745])

    • ๐Ÿ”จ Refactor

      • server.rb - refactor code using @options[:remote_address] ([#2742])
      • [jruby] a couple refactorings - avoid copy-ing bytes ([#2730])

  • v5.5.2 Changes

    October 12, 2021
    • ๐Ÿ›  Bugfixes
      • Allow UTF-8 in HTTP header values

  • v5.5.1 Changes

    October 12, 2021

    • ๐Ÿ”‹ Feature (added as mistake - we don't normally do this on bugfix releases, sorry!)

      • Allow setting APP_ENV in preference to RACK_ENV or RAILS_ENV ([#2702])

    • ๐Ÿ”’ Security

      • Do not allow LF as a line ending in a header (CVE-2021-41136)

  • v5.5.0 Changes

    September 19, 2021

    • ๐Ÿ”‹ Features

      • Automatic SSL certificate provisioning for localhost, via localhost gem ([#2610], [#2257])
      • add support for the PROXY protocol (v1 only) ([#2654], [#2651])
      • Add a semantic CLI option for no config file ([#2689])

    • ๐Ÿ›  Bugfixes

      • More elaborate exception handling - lets some dead pumas die. ([#2700], [#2699])
      • allow multiple after_worker_fork hooks ([#2690])
      • Preserve BUNDLE_APP_CONFIG on worker fork ([#2688], [#2687])

    • ๐ŸŽ Performance

      • Fix performance of server-side SSL connection close. ([#2675])

  • v5.4.0 Changes

    July 28, 2021

    • ๐Ÿ”‹ Features

      • Better/expanded names for threadpool threads ([#2657])
      • Allow pkg_config for OpenSSL ([#2648], [#1412])
      • Add rack_url_scheme to Puma::DSL, allows setting of rack.url_scheme header ([#2586], [#2569])

    • ๐Ÿ›  Bugfixes

      • Binder#parse - allow for symlinked unix path, add create_activated_fds debug ENV ([#2643], [#2638])
      • Fix deprecation warning: minissl.c - Use Random.bytes if available ([#2642])
      • Client certificates: set session id context while creating SSLContext ([#2633])
      • Fix deadlock issue in thread pool ([#2656])

    • ๐Ÿ”จ Refactor

      • Replace IO.select with IO#wait_* when checking a single IO ([#2666])

  • v5.3.2 Changes

    May 21, 2021
    • ๐Ÿ›  Bugfixes
      • Gracefully handle Rack not accepting CLI options ([#2630], [#2626])
      • Fix sigterm misbehavior ([#2629])
      • Improvements to keepalive-connection shedding ([#2628])

  • v5.3.1 Changes

    May 11, 2021
    • ๐Ÿ”’ Security
      • Close keepalive connections after the maximum number of fast inlined requests (CVE-2021-29509) ([#2625])