All Versions
144
Latest Version
Avg Release Cycle
33 days
Latest Release
560 days ago

Changelog History
Page 1

  • v6.0.0 Changes

    October 14, 2022

    • ๐Ÿ’ฅ Breaking Changes

      • Dropping Ruby 2.2 and 2.3 support (now 2.4+) ([#2919])
      • Remote_addr functionality has changed ([#2652], [#2653])
      • No longer supporting Java 1.7 or below (JRuby 9.1 was the last release to support this) ([#2849])
      • Remove nakayoshi GC ([#2933], [#2925])
      • wait_for_less_busy_worker is now default on ([#2940])
      • Prefix all environment variables with PUMA_ ([#2924], [#2853])
      • Removed some constants ([#2957], [#2958], [#2959], [#2960])
      • The following classes are now part of Puma's private API: Client, Cluster::Worker, Cluster::Worker, HandleRequest. ([#2988])
      • Configuration constants like DefaultRackup removed ([#2928])
      • Extracted LogWriter from Events ([#2798])

    • ๐Ÿ”‹ Features

      • Increase throughput on large (100kb+) response bodies by 3-10x ([#2896], [#2892])
      • Increase throughput on file responses ([#2923])
      • Add support for streaming bodies in Rack. ([#2740])
      • Allow OpenSSL session reuse via a 'reuse' ssl_bind method or bind string query parameter ([#2845])
      • Allow run_hooks to pass a hash to blocks for use later ([#2917], [#2915])
      • Allow using preload_app! with fork_worker ([#2907])
      • Support request_body_wait metric with higher precision ([#2953])
      • Allow header values to be arrays (Rack 3) ([#2936], [#2931])
      • Export Puma/Ruby versions in /stats ([#2875])
      • Allow configuring request uri max length & request path max length ([#2840])
      • Add a couple of public accessors ([#2774])
      • Log entire backtrace when worker start fails ([#2891])
      • [jruby] Enable TLSv1.3 support ([#2886])
      • [jruby] support setting TLS protocols + rename ssl_cipher_list ([#2899])
      • [jruby] Support a truststore option ([#2849], [#2904], [#2884])

    • ๐Ÿ›  Bugfixes

      • Load the configuration before passing it to the binder ([#2897])
      • Do not raise error raised on HTTP methods we don't recognize or support, like CONNECT ([#2932], [#1441])
      • Fixed a memory leak when creating a new SSL listener ([#2956])

    • ๐Ÿ”จ Refactor

      • log_writer.rb - add internal_write method ([#2888])
      • Extract prune_bundler code into it's own class. ([#2797])
      • Refactor Launcher#run to increase readability (no logic change) ([#2795])
      • Ruby 3.2 will have native IO#wait_* methods, don't require io/wait ([#2903])
      • Various internal API refactorings ([#2942], [#2921], [#2922], [#2955])

  • v5.6.5 Changes

    August 23, 2022

    • ๐Ÿ”‹ Feature

      • Puma::ControlCLI - allow refork command to be sent as a request ([#2868], [#2866])

    • ๐Ÿ›  Bugfixes

      • NullIO#closed should return false ([#2883])
      • [jruby] Fix TLS verification hang ([#2890], [#2729])
      • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ([#2885], [#2839])
      • MiniSSL - detect SSL_CTX_set_dh_auto ([#2864], [#2863])
      • Fix rack.after_reply exceptions breaking connections ([#2861], [#2856])
      • Escape SSL cert and filenames ([#2855])
      • Fail hard if SSL certs or keys are invalid ([#2848])
      • Fail hard if SSL certs or keys cannot be read by user ([#2847])
      • Fix build with Opaque DH in LibreSSL 3.5. ([#2838])
      • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) ([#2817])
      • Fix Puma::StateFile#load incompatibility ([#2810])

  • v5.6.4 Changes

    March 30, 2022
    • ๐Ÿ”’ Security
      • Close several HTTP Request Smuggling exploits (CVE-2022-24790)

  • v5.6.2 Changes

    February 11, 2022
    • ๐Ÿ›  Bugfix/Security
      • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to [#2809])

  • v5.6.1 Changes

    January 26, 2022
    • ๐Ÿ›  Bugfixes
      • Reverted a commit which appeared to be causing occasional blank header values ([#2809])

  • v5.6.0 Changes

    January 25, 2022

    • ๐Ÿ”‹ Features

      • Support localhost integration in ssl_bind ([#2764], [#2708])
      • Allow backlog parameter to be set with ssl_bind DSL ([#2780])
      • Remove yaml (psych) requirement in StateFile ([#2784])
      • Allow culling of oldest workers, previously was only youngest ([#2773], [#2794])
      • Add worker_check_interval configuration option ([#2759])
      • Always send lowlevel_error response to client ([#2731], [#2341])
      • Support for cert_pem and key_pem with ssl_bind DSL ([#2728])

    • ๐Ÿ›  Bugfixes

      • Keep thread names under 15 characters, prevents breakage on some OSes ([#2733])
      • Fix two 'old-style-definition' compile warning ([#2807], [#2806])
      • Log environment correctly using option value ([#2799])
      • Fix warning from Ruby master (will be 3.2.0) ([#2785])
      • extconf.rb - fix openssl with old Windows builds ([#2757])
      • server.rb - rescue handling (Errno::EBADF) for @notify.close ([#2745])

    • ๐Ÿ”จ Refactor

      • server.rb - refactor code using @options[:remote_address] ([#2742])
      • [jruby] a couple refactorings - avoid copy-ing bytes ([#2730])

  • v5.5.2 Changes

    October 12, 2021
    • ๐Ÿ›  Bugfixes
      • Allow UTF-8 in HTTP header values

  • v5.5.1 Changes

    October 12, 2021

    • ๐Ÿ”‹ Feature (added as mistake - we don't normally do this on bugfix releases, sorry!)

      • Allow setting APP_ENV in preference to RACK_ENV or RAILS_ENV ([#2702])

    • ๐Ÿ”’ Security

      • Do not allow LF as a line ending in a header (CVE-2021-41136)

  • v5.5.0 Changes

    September 19, 2021

    • ๐Ÿ”‹ Features

      • Automatic SSL certificate provisioning for localhost, via localhost gem ([#2610], [#2257])
      • add support for the PROXY protocol (v1 only) ([#2654], [#2651])
      • Add a semantic CLI option for no config file ([#2689])

    • ๐Ÿ›  Bugfixes

      • More elaborate exception handling - lets some dead pumas die. ([#2700], [#2699])
      • allow multiple after_worker_fork hooks ([#2690])
      • Preserve BUNDLE_APP_CONFIG on worker fork ([#2688], [#2687])

    • ๐ŸŽ Performance

      • Fix performance of server-side SSL connection close. ([#2675])

  • v5.4.0 Changes

    July 28, 2021

    • ๐Ÿ”‹ Features

      • Better/expanded names for threadpool threads ([#2657])
      • Allow pkg_config for OpenSSL ([#2648], [#1412])
      • Add rack_url_scheme to Puma::DSL, allows setting of rack.url_scheme header ([#2586], [#2569])

    • ๐Ÿ›  Bugfixes

      • Binder#parse - allow for symlinked unix path, add create_activated_fds debug ENV ([#2643], [#2638])
      • Fix deprecation warning: minissl.c - Use Random.bytes if available ([#2642])
      • Client certificates: set session id context while creating SSLContext ([#2633])
      • Fix deadlock issue in thread pool ([#2656])

    • ๐Ÿ”จ Refactor

      • Replace IO.select with IO#wait_* when checking a single IO ([#2666])