All Versions
143
Latest Version
Avg Release Cycle
36 days
Latest Release
34 days ago

Changelog History
Page 1

  • v5.6.5 Changes

    August 23, 2022
    • ๐Ÿ”‹ Feature

      • Puma::ControlCLI - allow refork command to be sent as a request ([#2868], [#2866])
    • ๐Ÿ›  Bugfixes

      • NullIO#closed should return false ([#2883])
      • [jruby] Fix TLS verification hang ([#2890], [#2729])
      • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ([#2885], [#2839])
      • MiniSSL - detect SSL_CTX_set_dh_auto ([#2864], [#2863])
      • Fix rack.after_reply exceptions breaking connections ([#2861], [#2856])
      • Escape SSL cert and filenames ([#2855])
      • Fail hard if SSL certs or keys are invalid ([#2848])
      • Fail hard if SSL certs or keys cannot be read by user ([#2847])
      • Fix build with Opaque DH in LibreSSL 3.5. ([#2838])
      • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) ([#2817])
      • Fix Puma::StateFile#load incompatibility ([#2810])
  • v5.6.4 Changes

    March 30, 2022
    • ๐Ÿ”’ Security
      • Close several HTTP Request Smuggling exploits (CVE-2022-24790)
  • v5.6.2 Changes

    February 11, 2022
    • ๐Ÿ›  Bugfix/Security
      • Response body will always be closed. (GHSA-rmj8-8hhh-gv5h, related to [#2809])
  • v5.6.1 Changes

    January 26, 2022
    • ๐Ÿ›  Bugfixes
      • Reverted a commit which appeared to be causing occasional blank header values ([#2809])
  • v5.6.0 Changes

    January 25, 2022
    • ๐Ÿ”‹ Features

      • Support localhost integration in ssl_bind ([#2764], [#2708])
      • Allow backlog parameter to be set with ssl_bind DSL ([#2780])
      • Remove yaml (psych) requirement in StateFile ([#2784])
      • Allow culling of oldest workers, previously was only youngest ([#2773], [#2794])
      • Add worker_check_interval configuration option ([#2759])
      • Always send lowlevel_error response to client ([#2731], [#2341])
      • Support for cert_pem and key_pem with ssl_bind DSL ([#2728])
    • ๐Ÿ›  Bugfixes

      • Keep thread names under 15 characters, prevents breakage on some OSes ([#2733])
      • Fix two 'old-style-definition' compile warning ([#2807], [#2806])
      • Log environment correctly using option value ([#2799])
      • Fix warning from Ruby master (will be 3.2.0) ([#2785])
      • extconf.rb - fix openssl with old Windows builds ([#2757])
      • server.rb - rescue handling (Errno::EBADF) for @notify.close ([#2745])
    • ๐Ÿ”จ Refactor

      • server.rb - refactor code using @options[:remote_address] ([#2742])
      • [jruby] a couple refactorings - avoid copy-ing bytes ([#2730])
  • v5.5.2 Changes

    October 12, 2021
    • ๐Ÿ›  Bugfixes
      • Allow UTF-8 in HTTP header values
  • v5.5.1 Changes

    October 12, 2021
    • ๐Ÿ”‹ Feature (added as mistake - we don't normally do this on bugfix releases, sorry!)

      • Allow setting APP_ENV in preference to RACK_ENV or RAILS_ENV ([#2702])
    • ๐Ÿ”’ Security

      • Do not allow LF as a line ending in a header (CVE-2021-41136)
  • v5.5.0 Changes

    September 19, 2021
    • ๐Ÿ”‹ Features

      • Automatic SSL certificate provisioning for localhost, via localhost gem ([#2610], [#2257])
      • add support for the PROXY protocol (v1 only) ([#2654], [#2651])
      • Add a semantic CLI option for no config file ([#2689])
    • ๐Ÿ›  Bugfixes

      • More elaborate exception handling - lets some dead pumas die. ([#2700], [#2699])
      • allow multiple after_worker_fork hooks ([#2690])
      • Preserve BUNDLE_APP_CONFIG on worker fork ([#2688], [#2687])
    • ๐ŸŽ Performance

      • Fix performance of server-side SSL connection close. ([#2675])
  • v5.4.0 Changes

    July 28, 2021
    • ๐Ÿ”‹ Features

      • Better/expanded names for threadpool threads ([#2657])
      • Allow pkg_config for OpenSSL ([#2648], [#1412])
      • Add rack_url_scheme to Puma::DSL, allows setting of rack.url_scheme header ([#2586], [#2569])
    • ๐Ÿ›  Bugfixes

      • Binder#parse - allow for symlinked unix path, add create_activated_fds debug ENV ([#2643], [#2638])
      • Fix deprecation warning: minissl.c - Use Random.bytes if available ([#2642])
      • Client certificates: set session id context while creating SSLContext ([#2633])
      • Fix deadlock issue in thread pool ([#2656])
    • ๐Ÿ”จ Refactor

      • Replace IO.select with IO#wait_* when checking a single IO ([#2666])
  • v5.3.2 Changes

    May 21, 2021
    • ๐Ÿ›  Bugfixes
      • Gracefully handle Rack not accepting CLI options ([#2630], [#2626])
      • Fix sigterm misbehavior ([#2629])
      • Improvements to keepalive-connection shedding ([#2628])