Puma v5.6.5 Release Notes

Release Date: 2022-08-23 // about 1 month ago
    • ๐Ÿ”‹ Feature

      • Puma::ControlCLI - allow refork command to be sent as a request ([#2868], [#2866])
    • ๐Ÿ›  Bugfixes

      • NullIO#closed should return false ([#2883])
      • [jruby] Fix TLS verification hang ([#2890], [#2729])
      • extconf.rb - don't use pkg_config('openssl') if '--with-openssl-dir' is used ([#2885], [#2839])
      • MiniSSL - detect SSL_CTX_set_dh_auto ([#2864], [#2863])
      • Fix rack.after_reply exceptions breaking connections ([#2861], [#2856])
      • Escape SSL cert and filenames ([#2855])
      • Fail hard if SSL certs or keys are invalid ([#2848])
      • Fail hard if SSL certs or keys cannot be read by user ([#2847])
      • Fix build with Opaque DH in LibreSSL 3.5. ([#2838])
      • Pre-existing socket file removed when TERM is issued after USR2 (if puma is running in cluster mode) ([#2817])
      • Fix Puma::StateFile#load incompatibility ([#2810])

Previous changes from v5.6.4

    • ๐Ÿ”’ Security
      • Close several HTTP Request Smuggling exploits (CVE-2022-24790)