All Versions
144
Latest Version
Avg Release Cycle
33 days
Latest Release
560 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v6.0.0 Changes
October 14, 2022๐ฅ Breaking Changes
- Dropping Ruby 2.2 and 2.3 support (now 2.4+) ([#2919])
- Remote_addr functionality has changed ([#2652], [#2653])
- No longer supporting Java 1.7 or below (JRuby 9.1 was the last release to support this) ([#2849])
- Remove nakayoshi GC ([#2933], [#2925])
- wait_for_less_busy_worker is now default on ([#2940])
- Prefix all environment variables with
PUMA_
([#2924], [#2853]) - Removed some constants ([#2957], [#2958], [#2959], [#2960])
- The following classes are now part of Puma's private API:
Client
,Cluster::Worker
,Cluster::Worker
,HandleRequest
. ([#2988]) - Configuration constants like
DefaultRackup
removed ([#2928]) - Extracted
LogWriter
fromEvents
([#2798])
๐ Features
- Increase throughput on large (100kb+) response bodies by 3-10x ([#2896], [#2892])
- Increase throughput on file responses ([#2923])
- Add support for streaming bodies in Rack. ([#2740])
- Allow OpenSSL session reuse via a 'reuse' ssl_bind method or bind string query parameter ([#2845])
- Allow
run_hooks
to pass a hash to blocks for use later ([#2917], [#2915]) - Allow using
preload_app!
withfork_worker
([#2907]) - Support request_body_wait metric with higher precision ([#2953])
- Allow header values to be arrays (Rack 3) ([#2936], [#2931])
- Export Puma/Ruby versions in /stats ([#2875])
- Allow configuring request uri max length & request path max length ([#2840])
- Add a couple of public accessors ([#2774])
- Log entire backtrace when worker start fails ([#2891])
- [jruby] Enable TLSv1.3 support ([#2886])
- [jruby] support setting TLS protocols + rename ssl_cipher_list ([#2899])
- [jruby] Support a truststore option ([#2849], [#2904], [#2884])
๐ Bugfixes
- Load the configuration before passing it to the binder ([#2897])
- Do not raise error raised on HTTP methods we don't recognize or support, like CONNECT ([#2932], [#1441])
- Fixed a memory leak when creating a new SSL listener ([#2956])
๐จ Refactor
- log_writer.rb - add internal_write method ([#2888])
- Extract prune_bundler code into it's own class. ([#2797])
- Refactor Launcher#run to increase readability (no logic change) ([#2795])
- Ruby 3.2 will have native IO#wait_* methods, don't require io/wait ([#2903])
- Various internal API refactorings ([#2942], [#2921], [#2922], [#2955])
-
v5.6.5 Changes
August 23, 2022๐ Feature
- Puma::ControlCLI - allow refork command to be sent as a request ([#2868], [#2866])
๐ Bugfixes
- NullIO#closed should return false ([#2883])
- [jruby] Fix TLS verification hang ([#2890], [#2729])
- extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ([#2885], [#2839])
- MiniSSL - detect SSL_CTX_set_dh_auto ([#2864], [#2863])
- Fix rack.after_reply exceptions breaking connections ([#2861], [#2856])
- Escape SSL cert and filenames ([#2855])
- Fail hard if SSL certs or keys are invalid ([#2848])
- Fail hard if SSL certs or keys cannot be read by user ([#2847])
- Fix build with Opaque DH in LibreSSL 3.5. ([#2838])
- Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) ([#2817])
- Fix Puma::StateFile#load incompatibility ([#2810])
-
v5.6.4 Changes
March 30, 2022- ๐ Security
- Close several HTTP Request Smuggling exploits (CVE-2022-24790)
- ๐ Security
-
v5.6.2 Changes
February 11, 2022- ๐ Bugfix/Security
- Response body will always be
close
d. (GHSA-rmj8-8hhh-gv5h, related to [#2809])
- Response body will always be
- ๐ Bugfix/Security
-
v5.6.1 Changes
January 26, 2022- ๐ Bugfixes
- Reverted a commit which appeared to be causing occasional blank header values ([#2809])
- ๐ Bugfixes
-
v5.6.0 Changes
January 25, 2022๐ Features
- Support
localhost
integration inssl_bind
([#2764], [#2708]) - Allow backlog parameter to be set with ssl_bind DSL ([#2780])
- Remove yaml (psych) requirement in StateFile ([#2784])
- Allow culling of oldest workers, previously was only youngest ([#2773], [#2794])
- Add worker_check_interval configuration option ([#2759])
- Always send lowlevel_error response to client ([#2731], [#2341])
- Support for cert_pem and key_pem with ssl_bind DSL ([#2728])
- Support
๐ Bugfixes
- Keep thread names under 15 characters, prevents breakage on some OSes ([#2733])
- Fix two 'old-style-definition' compile warning ([#2807], [#2806])
- Log environment correctly using option value ([#2799])
- Fix warning from Ruby master (will be 3.2.0) ([#2785])
- extconf.rb - fix openssl with old Windows builds ([#2757])
- server.rb - rescue handling (
Errno::EBADF
) for@notify.close
([#2745])
๐จ Refactor
- server.rb - refactor code using @options[:remote_address] ([#2742])
- [jruby] a couple refactorings - avoid copy-ing bytes ([#2730])
-
v5.5.2 Changes
October 12, 2021- ๐ Bugfixes
- Allow UTF-8 in HTTP header values
- ๐ Bugfixes
-
v5.5.1 Changes
October 12, 2021๐ Feature (added as mistake - we don't normally do this on bugfix releases, sorry!)
- Allow setting APP_ENV in preference to RACK_ENV or RAILS_ENV ([#2702])
๐ Security
- Do not allow LF as a line ending in a header (CVE-2021-41136)
-
v5.5.0 Changes
September 19, 2021๐ Features
- Automatic SSL certificate provisioning for localhost, via localhost gem ([#2610], [#2257])
- add support for the PROXY protocol (v1 only) ([#2654], [#2651])
- Add a semantic CLI option for no config file ([#2689])
๐ Bugfixes
- More elaborate exception handling - lets some dead pumas die. ([#2700], [#2699])
- allow multiple after_worker_fork hooks ([#2690])
- Preserve BUNDLE_APP_CONFIG on worker fork ([#2688], [#2687])
๐ Performance
- Fix performance of server-side SSL connection close. ([#2675])
-
v5.4.0 Changes
July 28, 2021๐ Features
- Better/expanded names for threadpool threads ([#2657])
- Allow pkg_config for OpenSSL ([#2648], [#1412])
- Add
rack_url_scheme
to Puma::DSL, allows setting ofrack.url_scheme
header ([#2586], [#2569])
๐ Bugfixes
Binder#parse
- allow for symlinked unix path, add create_activated_fds debug ENV ([#2643], [#2638])- Fix deprecation warning: minissl.c - Use Random.bytes if available ([#2642])
- Client certificates: set session id context while creating SSLContext ([#2633])
- Fix deadlock issue in thread pool ([#2656])
๐จ Refactor
- Replace
IO.select
withIO#wait_*
when checking a single IO ([#2666])
- Replace