forked from phusion/passenger
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
1914 lines (1551 loc) · 90 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Release 5.0.0 beta 3
--------------------
* Fixed more cookie handling issues. Closes GH-1310.
* Fixed various WebSocket issues. Closes GH-1306.
* Fixed some crashes caused by race conditions. Closes GH-1326.
* Fixed issues with handling POST data. Closes GH-1331.
* Fixed some issues on Heroku. Closes GH-1329.
* Nginx versions earlier than 1.6 are no longer supported.
* Introduced a new configuration option, `passenger_response_buffer_high_watermark` (Nginx) and `PassengerResponseBufferHighWatermark` (Apache), for configuring the behavior of the response buffering system. Closes GH-1300.
* Improved state introspection.
Release 5.0.0 beta 2
--------------------
* Fixed handling of multiple Set-Cookie headers. Closes GH-1296.
* `passenger-config system-metrics` now works properly if the agent is installed in ~/.passenger. Closes GH-1304.
* Documentation enhancements by Igor Vuk. Closes GH-1318.
* Fixed some crasher bugs.
* [Standalone] User switching is now correctly disabled.
* [Standalone] Fixed the `--thread-count` parameter.
* [Apache] IPs set by mod_remoteip are now respected. Closes GH-1284.
* [Apache] Fixed support for gzipped chunked responses. Closes GH-1309.
Release 5.0.0 beta 1
--------------------
Version 5.0.0 beta 1 contains major changes. It's mostly compatible with version 4, but there are a few minor breakages, which are described below. Major changes and notable breakages are:
* Performance has been much improved. This is thanks to months of optimization work. You can learn more at www.rubyraptor.org.
* We've published a [server optimization guide](https://www.phusionpassenger.com/documentation/ServerOptimizationGuide.html) for those who are interested in tuning Phusion Passenger.
* Support for Rails 1.2 - 2.2 has been removed, for performance reasons. Rails 2.3 is still supported.
* Phusion Passenger now supports integrated HTTP caching, which we call turbocaching. If your app sets the right HTTP headers then Phusion Passenger can tremendously accelerate your app. It is enabled by default, but you can disable it with `--disable-turbocaching` (Standalone), `PassengerTurbocaching off` (Apache), or 'passenger_turbocaching off' (Nginx).
* Touching restart.txt will no longer restart your app immediately. This is because, for performance reasons, the stat throttle rate now defaults to 10. You can still get back the old behavior by setting `PassengerStatThrottleRate 0` (Apache) or `passenger_stat_throttle_rate 0` (Nginx), but this is not encouraged. Instead, we encourage you to use the `passenger-config restart-app` tool to initiate restarts, which has immediate effect.
* Websockets are now properly disconnected on application restarts.
* The Phusion Passneger log levels have been completely revamped. If you were setting a log level before (e.g. through `passenger_log_level`), please read the latest documentation to learn about the new log levels.
* If you use out-of-band garbage collection, beware that the `X-Passenger-Request-OOB-Work` header has now been renamed to `!~Request-OOB-Work`.
* When using Rack's full socket hijacking, you must now output an HTTP status line.
* [Nginx] The `passenger_set_cgi_param` option has been removed and replaced by `passenger_set_header` and `passenger_env_var`.
* [Nginx] `passenger_show_version_in_header` is now only valid in the `http` context.
* [Apache] The `PassengerStatThrottleRate` option is now global.
Minor changes:
* The minimum required Nginx version is now 1.6.0.
* The instance directory is now touched every hour instead of every 6 hours. This should hopefully prevent more problems with /tmp cleaner daemons.
* Applications are not grouped not only on the application root path, but also on the environment. For example, this allows you to run the same app in both production and staging mode, with only a single directory, without further configuration. Closes GH-664.
* The `passenger_temp_dir` option (Nginx) and the `PassengerTempDir` option (Apache) have been replaced by two config options. On Nginx they are `passenger_instance_registry_dir` and `passenger_data_buffer_dir`. On Apache they are `PassengerInstanceRegistryDir` and `PassengerDataBufferDir`. On Apache, `PassengerUploadBufferDir` has been replaced by `PassengerDataBufferDir`.
* Command line tools no longer respect the `PASSENGER_TEMP_DIR` environment variable. Use `PASSENGER_INSTANCE_REGISTRY_DIR` instead.
* `passenger-status --show=requests` has been deprecated in favor of `passenger-status --show=connections`.
* Using the SIGUSR1 signal to restart a Ruby app without dropping connections, is no longer supported. Instead, use `passenger-config detach-process`.
* Introduced the `passenger-config reopen-logs` command, which instructs all Phusion Passenger agent processes to reopen their log files. You should call this after having rotated the web server logs.
* [Standalone] The Phusion Passenger Standalone config template has changed. Users are encouraged to update it.
* [Standalone] `passenger-standalone.json` has been renamed to `Passengerfile.json`.
* [Standalone] `passenger-standalone.json`/`Passengerfile.json` no longer overrides command line options. Instead, command line options now have the highest priority.
Release 4.0.57
--------------
* Fixed a native extension compatibility problem with Ruby 2.2. Closes [ruby-core:67152](https://bugs.ruby-lang.org/issues/10656).
* Fixed compatibility with Nginx 1.7.9. Closes GH-1335.
Release 4.0.56
--------------
* Fixed a file descriptor leak that manifests when an error page is shown. Contributed by Paul Bonaud, closes GH-1325.
* Improved Node.js request load balancing. Closes GH-1322. Thanks to Charles Vallières for the analysis.
Release 4.0.55
--------------
* Supports Ruby 2.2. Closes GH-1314.
* Fixed Linux OS name detection.
Release 4.0.54
--------------
* Contains a licensing-related hot fix for Enterprise customers.
Release 4.0.53
--------------
* Upgraded the preferred Nginx version to 1.6.2.
* Improved RVM gemset autodetection.
* Fixed some Ruby 2.2 compatibility issues.
Release 4.0.52
--------------
* Fixed a null termination bug when autodetecting application types.
* Node.js apps can now also trigger the inverse port binding mechanism by passing `'/passenger'` as argument. This was introduced in order to be able to support the Hapi.js framework. Please read http://stackoverflow.com/questions/20645231/phusion-passenger-error-http-server-listen-was-called-more-than-once/20645549 for more information regarding Hapi.js support.
* It is now possible to abort Node.js WebSocket connections upon application restart. Please refer to https://github.com/phusion/passenger/wiki/Phusion-Passenger:-Node.js-tutorial#restarting_apps_that_serve_long_running_connections for more information. Closes GH-1200.
* Passenger Standalone no longer automatically resolves symlinks in its paths.
* `passenger-config system-metrics` no longer crashes when the system clock is set to a time in the past. Closes GH-1276.
* `passenger-status`, `passenger-memory-stats`, `passenger-install-apache2-module` and `passenger-install-nginx-module` no longer output ANSI color codes by default when STDOUT is not a TTY. Closes GH-487.
* `passenger-install-nginx-module --auto` is now all that's necessary to make it fully non-interactive. It is no longer necessary to provide all the answers through command line parameters. Closes GH-852.
* Minor contribution by Alessandro Lenzen.
Release 4.0.50
--------------
* Fixed a potential heap corruption bug.
* Added Union Station support for Rails 4.1.
Release 4.0.49
--------------
* Upgraded the preferred Nginx version to 1.6.1.
* Fixed a crash that may be triggered by the `passenger_max_requests` feature.
* Introduced the `spawn_failed` hook, which is called when an application
process fails to spawn. You could use this hook to setup an error
notification system. Closes GH-1252.
* Fonts, RSS and XML are now gzip-compressed by default in Phusion Passenger
Standalone. Thanks to Jacob Elder. Closes GH-1254.
* Fixed some user and group information lookup issues. Closes GH-1253.
* Fixed some request handling crashes. Closes GH-1250.
* Fixed some compilation problems on Gentoo. Closes GH-1261.
* Fixed some compilation problems on Solaris. Closes GH-1260.
Release 4.0.48
--------------
* Fixed a race condition while determining what user an application should
be executed as. This bug could lead to applications being run as the wrong
user. Closes GH-1241.
* [Standalone] Improved autodetection of Rails asset pipeline files. This
prevents Standalone from incorrectly setting caching headers on non-asset
pipeline files. Closes GH-1225.
* Fixed compilation problems on CentOS 5. Thanks to J. Smith. Closes GH-1247.
* Fixed compilation problems on OpenBSD.
* Fixed compatibility with Ruby 1.8.5.
Release 4.0.47
--------------
* [Enterprise] Fixed a bug in Flying Passenger's `--max-preloader-idle-time`
option.
Release 4.0.46
--------------
* Further improved Node.js and Socket.io compatibility.
* Sticky session cookies have been made more reliable.
* Fixed WebSocket upgrade issues on Firefox. Closes GH-1232.
* The Python application loader now inserts the application root into `sys.path`.
The fact that this was not done previously caused a lot of confusion amongst
Python users, who wondered why their `passenger_wsgi.py` could not import any
modules from the same directory.
* Fixed a compatibility problem with Django, which could cause Django apps to
freeze indefinitely. Closes GH-1215.
* Logging of application spawning errors has been much improved. Full details
about the error, such as environment variables, are saved to a private log file.
In the past, these details were only viewable in the browser. This change also
fixes a bug on Phusion Passenger Enterprise, where enabling Deployment Error
Resistance causes error messages to get lost. Closes GH-1021 and GH-1175.
* Fixed a regression in Node.js support. When a Node.js app is deployed on
a HTTPS host, the `X-Forwarded-Proto` header wasn't set in 4.0.45.
Closes GH-1231.
* Passenger Standalone no longer, by default, loads shell startup files before
loading the application. This is because Passenger Standalone is often invoked
from the shell anyway. Indeed, loading shell startup files again can interfere
with any environment variables already set in the invoking shell. You can
still tell Passenger Standalone to load shell startup files by passing
`--load-shell-envvars`. Passenger for Apache and Passenger for Nginx still
load shell startup files by default.
* Passenger Standalone now works properly when the HOME environment variable
isn't set. Closes GH-713.
* Passenger Standalone's `package-runtime` command has been removed. It has
been broken for a while and has nowadays been obsolete by our automatic
[binary generation system](https://github.com/phusion/passenger_autobuilder).
Closes GH-1133.
* The `passenger_startup_file` option now also works on Python apps. Closes GH-1233.
* If you are a [Union Station](https://www.unionstationapp.com) customer, then
Phusion Passenger will now also log application spawning errors to Union Station.
This data isn't shown in the Union Station interface yet, but it will be
implemented in the future.
* Fixed compilation problems on OmniOS and OpenIndiana. Closes GH-1212.
* Fixed compilation problems when Nginx is configured with OpenResty.
Thanks to Yichun Zhang. Closes GH-1226.
* Fixed Nginx HTTP POST failures on ARM platforms. Thanks to nocelic for the fix.
Closes GH-1151.
* Documentation contributions by Tim Bishop and Tugdual de Kerviler.
* Minor Nginx bug fix by Feng Gu. Closes GH-1235.
Release 4.0.45
--------------
* Major improvements in Node.js and Meteor compatibility. Older Phusion Passenger
versions implemented Node.js support by emulating Node.js' HTTP library.
This approach was found to be unsustainable, so we've abandoned that approach
and replaced it with a much simpler approach that does not involve emulating
the HTTP library.
* Introduced support for sticky sessions. Sticky sessions are useful -- or even
required -- for apps that store state inside process memory. Prominent examples
include SockJS, Socket.io, faye-websocket and Meteor. Sticky sessions are
required to make the aforementioned examples work in multi-process scenarios.
By introducing sticky sessions support, we've much improved WebSocket support
and support for the aforementioned libraries and frameworks.
* Due to user demand, GET requests with request bodies are once again supported.
Support for these kinds of requests was removed in 4.0.42 in an attempt to
increase the strictness and robustness of our request handling code. It has
been determined that GET requests with request bodies can be adequately
supported without degrading robustness in Phusion Passenger. However, GET
requests with both request bodies and WebSocket upgrade headers are
unsupported. Fixes issue #1092.
* [Enterprise] The [Flying Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#flying_passenger)
feature is now also available on Apache.
* Fixed some issues with RVM mixed mode support, issue #1121.
* Fixed Passenger Standalone complaining about not finding PassengerHelperAgent
during startup.
* Fixed various minor issues such as #1190 and #1197.
* The download timeout for passenger-install-nginx-module has been increased.
Patch by 亀田 義裕.
Release 4.0.44
--------------
* The issue tracker has now been moved from Google Code to Github.
Before version 4.0.44 (May 29 2014, commit 3dd0964c9f4), all
issue numbers referred to Google Code. From now on, all issue
numbers will refer to Github Issues.
* Fixed compilation problems on OS X Lion and OS X Mountain Lion.
* On Ruby, fixed `nil` being frozen on accident in some cases.
See issue #1192.
Release 4.0.43
--------------
* Introduced a new command `passenger-config list-instances`, which prints all
running Phusion Passenger instances.
* Introduced a new command `passenger-config system-metrics, which displays
metrics about the system such as the total CPU and memory usage.
* Fixed some compilation problems caused by the compiler capability autodetector.
* System metrics such as total CPU usage and memory usage, are now sent to
[Union Station](https://www.unionstationapp.com) in preparation for future
features.
Release 4.0.42
--------------
* [Nginx] Upgraded the preferred Nginx version to 1.6.0.
* [Nginx] Fixed compatibility with Nginx 1.7.0.
* [Standalone] The MIME type for .woff files has been changed to application/font-woff.
Fixes issue #1071.
* There are now APT packages for Ubuntu 14.04. At the same time, packages for
Ubuntu 13.10 have been abandoned.
* Introduced a new command, `passenger-config build-native-support`, for ensuring
that the native_support library for the current Ruby interpreter is built. This
is useful in system provisioning scripts.
* For security reasons, friendly error pages (those black/purple pages that shows
the error message, backtrace and environment variable dump when an application
fails to start) are now disabled by default when the application environment is
set to 'staging' or 'production'. Fixes issue #1063.
* Fixed some compilation warnings on Ubuntu 14.04.
* Fixed some compatibility problems with Rake 10.2.0 and later.
See [Rake issue 274](https://github.com/jimweirich/rake/issues/274).
* Improved error handling in [Union Station](https://www.unionstationapp.com) support.
* Data is now sent to Union Station on a more frequent basis, in order to make new
data show up more quickly.
* Information about the code revision is now sent to Union Station, which will be
used in the upcoming deployment tracking feature in Union Station 2.
Release 4.0.41
--------------
* Fixed some issues with printing UTF-8 log files on Heroku.
* Added a new flag `--ignore-app-not-running` to `passenger-config restart-app`.
When this flag is given, `passenger-config restart-app` will exit successfully
when the specified application is not running, instead of exiting with
an error.
* Our precompiled Passenger Standalone binaries have been upgraded to use
OpenSSL 1.0.1g, which fixes [the OpenSSL Heartbleed vulnerability](http://heartbleed.com/).
Users who are using Passenger Standalone with SSL enabled are vulnerable,
and should upgrade immediately. Users who do not use Passenger Standalone,
users who use Passenger Standalone without SSL, or users who use Passenger
Standalone with SSL behind another SSL-enabled reverse proxy, are not
vulnerable.
Release 4.0.40
--------------
* Upgraded preferred Nginx version to 1.4.7. This Nginx version fixes
a buffer overflow. Users are strongly urged to upgrade Nginx as soon
as possible.
Release 4.0.39
--------------
* Fixed a crash that could happen if the client disconnects while a chunked
response is being sent. Fixes issue #1062.
* In Phusion Passenger Standalone, it is now possible to customize the Nginx
configuration file on Heroku. It is now also possible to permanently apply
changes to the Nginx configuration file, surviving upgrades. Please refer
to the "Advanced configuration" section of the Phusion Passenger Standalone
manual for more information.
* The programming language selection menu in passenger-install-apache2-module
and passenger-install-nginx-module only works on terminals that support
UTF-8 and that have a UTF-8 capable font. To cater to users who cannot meet
these requirements (e.g. PuTTY users using any of the default Windows fonts),
it is now possible to switch the menu to a plain text mode by pressing '!'.
Fixes issue #1066.
* Fixed printing UTF-8 characters in log files in Phusion Passenger Standalone.
* It is now possible to dump live backtraces of Python apps through the
'SIGABRT' signal.
* Fixed closing of file descriptors on OS X 10.9.
* Fixed compilation problems with Apple Clang 503.0.38 on OS X.
* Fixed compilation of native_support on Rubinius.
Release 4.0.38
--------------
* Added support for the new Ruby 2.1.0 out-of-band garbage collector.
This can much improve garbage collection performance, and drastically
reduce request times.
* Fixed a symlink-related security vulnerability.
Urgency: low
Scope: local exploit
Summary: writing files to arbitrary directory by hijacking temp directories
Affected versions: 4.0.37
Fixed versions: 4.0.38
CVE-2014-1832
Description:
This issue is related to CVE-2014-1831 (the security issue as mentioned in
the 4.0.37 release notes). The previous fix was incomplete, and still has a
(albeit smaller) small attack time window in between two filesystem
checks. This attack window is now gone.
* Passenger Standalone is now compatible with IPv6.
* Fixed some compilation problems on Solaris. See issue #1047.
* passenger-install-apache2-module and passenger-install-nginx-module
now automatically run in `--auto` mode if stdin is not a TTY. Fixes
issue #1030.
* Fixed an issue with non-bundled Meteor apps not correctly running in
production mode.
* The `PassengerPreStart` option is now compatible with IPv6 server sockets.
* When running Python WSGI apps, `wsgi.run_once` is now set to False.
This should improve the performance of certain apps and frameworks.
* When handling HTTP requests with chunked transfer encoding, the
'Transfer-Encoding' header is no longer passed to the application.
This is because the web server already buffers and dechunks the
request body.
* Fixed a possible hang in Phusion Passenger for Nginx when Nginx
is instructed to reload or reopen log files. Thanks to Feng Gu,
[pull request #97](https://github.com/phusion/passenger/pull/97).
* The preferred Nginx version has been upgraded to 1.4.6.
* Fixed a problem with running passenger-install-apache2-module and
passenger-install-nginx-module on JRuby. They were not able to accept
any terminal input after displaying the programming language menu.
Release 4.0.37
--------------
* Improved Node.js compatibility. Calling on() on the request object
now returns the request object itself. This fixes some issues with
Express, Connect and Formidable. Furthermore, some WebSocket-related
issues have been fixed.
* Improved Meteor support. Meteor application processes are now shut down
quicker. Previously, they linger around for 5 seconds while waiting for
all connections to terminate, but that didn't work well because WebSocket
connections were kept open indefinitely. Also, some WebSocket-related
issues have been fixed.
* Introduced a new tool `passenger-config detach-process` for gracefully
detaching an application process from the process pool. Has a similar
effect to killing the application process directly with `kill <PID>`,
but killing directly may cause the HTTP client to see an error, while
using this command guarantees that clients see no errors.
* Fixed a crash that occurs when an application fails to spawn, but the HTTP
client disconnects before the error page is generated. Fixes issue #1028.
* Fixed a symlink-related security vulnerability.
Urgency: low
Scope: local exploit
Summary: writing files to arbitrary directory by hijacking temp directories
Affected versions: 4.0.5 and later
Fixed versions: 4.0.37
CVE-2014-1831
Description:
Phusion Passenger creates a "server instance directory" in /tmp during startup,
which is a temporary directory that Phusion Passenger uses to store working files.
This directory is deleted after Phusion Passenger exits. For various technical
reasons, this directory must have a semi-predictable filename. If a local attacker
can predict this filename, and precreates a symlink with the same filename that
points to an arbitrary directory with mode 755, owner root and group root, then
the attacker will succeed in making Phusion Passenger write files and create
subdirectories inside that target directory. The following files/subdirectories
are created:
* control_process.pid
* generation-X, where X is a number.
If you happen to have a file inside the target directory called `control_process.pid`,
then that file's contents are overwritten.
These files and directories are deleted during Phusion Passenger exit. The target
directory itself is not deleted, nor are any other contents inside the target
directory, although the symlink is.
Thanks go to Jakub Wilk for discovering this issue.
Release 4.0.36
--------------
* [Enterprise] Fixed some Mass Deployment bugs.
* [Enterprise] Fixed a bug that causes an application group to be put into
Deployment Error Resistance Mode if rolling restarting fails while
deployment error resistance is off. Deployment Error Resistance Mode is
now only activated if it's explicitly turned on.
* Passenger Standalone now gzips JSON responses.
* Fixed some cases in which Passenger Standalone does not to properly cleanup
its temporary files.
Release 4.0.35
--------------
* Fixed some unit tests.
Release 4.0.34
--------------
* The Node.js loader code now sets the `isApplicationLoader` attribute on the
bootstrapping module. This provides a way for apps and frameworks that check
for `module.parent` to check whether the current file is loaded by Phusion
Passenger, or by other software that work in a similar way.
This change has been introduced to solve a compatibility issue with CompoundJS.
CompoundJS users should modify their server.js, and change the following:
if (!module.parent) {
to:
if (!module.parent || module.parent.isApplicationLoader) {
* Improved support for Meteor in development mode. Terminating Phusion Passenger
now leaves less garbage Meteor processes behind.
* It is now possible to disable the usage of the Ruby native extension by setting
the environment variable `PASSENGER_USE_RUBY_NATIVE_SUPPORT=0`.
* Fixed incorrect detection of the Apache MPM on Ubuntu 13.10.
* When using RVM, if you set PassengerRuby/passenger_ruby to the raw Ruby binary
instead of the wrapper script, Phusion Passenger will now print an error.
* Added support for RVM >= 1.25 wrapper scripts.
* Fixed loading passenger_native_support on Ruby 1.9.2.
* The Union Station analytics code now works even without native_support.
* Fixed `passenger-install-apache2-module` and `passenger-install-nginx-module` in
Homebrew.
* Binaries are now downloaded from an Amazon S3 mirror if the main binary server
is unavailable.
* And finally, although this isn't really a change in 4.0.34, it should be noted.
In version 4.0.33 we changed the way Phusion Passenger's own Ruby source files
are loaded, in order to fix some Debian and RPM packaging issues. The following
doesn't work anymore:
require 'phusion_passenger/foo'
Instead, it should become:
PhusionPassenger.require_passenger_lib 'foo'
However, we overlooked the fact that this change breaks Ruby apps which use
our Out-of-Band GC feature, because such apps had to call
`require 'phusion_passenger/rack/out_of_band_gc'`. Unfortunately we're not able
to maintain compatibility without reintroducing the Debian and RPM packaging
issues. Users should modify the following:
require 'phusion_passenger/rack/out_of_band_gc'
to:
if PhusionPassenger.respond_to?(:require_passenger_lib)
# Phusion Passenger >= 4.0.33
PhusionPassenger.require_passenger_lib 'rack/out_of_band_gc'
else
# Phusion Passenger < 4.0.33
require 'phusion_passenger/rack/out_of_band_gc'
end
Release 4.0.33
--------------
* Fixed a compatibility problem in passenger-install-apache2-module with Ruby 1.8.
The language selection menu didn't work properly.
Release 4.0.32
--------------
* Fixed compatibility problems with old Ruby versions that didn't include RubyGems.
Release 4.0.31
--------------
* Introduced a new tool: `passenger-config restart-app`. With this command you
can initiate an application restart without touching restart.txt.
Unlike touching restart.txt, this tool initiates the restart immediately
instead of on the next request.
* Fixed some problems in process spawning and request handling.
* Fixed some problems with the handling of HTTP chunked transfer encoding
bodies. These problems only occurred in Ruby.
* Fixed the HelperAgent, upon shutdown, not correctly waiting 5 seconds until
all clients have disconnected. Fixes issue #884.
* Fixed compilation problems on FreeBSD.
* Fixed some C++ strict aliasing problems.
* Fixed some problems with spawning applications that print messages without
newline during startup. Fixes issue #1039.
* Fixed potential hangs on JRuby when Ctrl-C is used to shutdown the server.
Fixes issue #1035.
* When Phusion Passenger is installed through the Debian package,
passenger-install-apache2-module now checks whether the Apache
module package (libapache2-mod-passenger) is properly installed,
and installs it using apt-get if it's not installed. Fixes
issue #1031.
* The `passenger-status --show=xml` command no longer prints the non-XML
preamble, such as the version number and the time. Fixes issue #1037.
* The Ruby native extension check whether it's loaded against the right Ruby
version, to prevent problems when people upgrade Ruby without recompiling
their native extensions.
* Various other minor Debian packaging improvements.
Release 4.0.30
--------------
* Fixed wrong autogeneration of HTTP Date header. If the web app does
not supply a Date header, then Passenger will add one. Unfortunately
due to the use of the wrong format string, December 30 2013 is
formatted as December 30 2014. As a result, cookies that expire before
2014 would expire on December 30 2013 and December 31 2013. Details can
be found at [Github pull request 93](https://github.com/phusion/passenger/pull/93).
This issue only affects Phusion Passenger for Nginx and Phusion Passenger
Standalone, and does not affect Phusion Passenger for Apache.
You can work around this problem in your application by setting a
Date header. For example, in Rails you can do:
before_filter { response.date = Time.now.utc }
Many thanks to Jeff Michael Dean (zilkey) and many others for bringing this to our attention and for providing workarounds and feedback.
Release 4.0.29
--------------
* Fixed a compilation problem on OS X Mavericks.
Release 4.0.28
--------------
* Introduced a workaround for a GCC 4.6 bug. This bug could cause Phusion
Passsenger to crash during startup. Affected operating systems include
Ubuntu 12.04 and Amazon Linux 2013.09.01, though not every machine with
this OS installed exhibits the problem. See issue #902.
* Improved Node.js support: the Sails framework is now supported.
* Improved Node.js support: the streams2 API is now supported.
* Introduced support for hooks, allowing users to easily extend Phusion
Passenger's behavior.
* Fixed a bug in the `passenger start -R` option. It was broken because of a
change introduced in 4.0.25.
* Fixed a bug in PassengerMaxInstancesPerApp. Fixes issue #1016.
* Fixed compilation problems on Solaris.
* Fixed an encoding problem in the Apache autodetection code. Fixes
issue #1026.
* The Debian packages no longer depend on libruby.
* Application stdout and stderr are now printed without normal
Phusion Passenger debugging information, making them easier to read.
Release 4.0.27
--------------
* [Apache] Fixed a bug in the Apache module which could lock up the Apache
process or thread. This is a regression introduced in version 4.0.24.
* Node.js application processes now have friendly process titles.
Release 4.0.26
--------------
* Introduced the `PassengerBufferUpload` option for Apache. This option allows one
to disable upload buffering, e.g. in order to be able to track upload progress.
* [Nginx] The `HTTPS` variable is now set correctly for HTTPS connections, even
without setting `ssl on`. Fixes issue #401.
* [Standalone] It is now possible to listen on both a normal HTTP and an HTTPS port.
* [Enterprise] The `passenger-status` tool now displays rolling restart status.
Release 4.0.25
--------------
* The `PassengerAppEnv`/`passenger_app_env`/`--environment` option now also sets NODE_ENV,
so that Node.js frameworks like Connect can properly respond to the environment.
* Fixed a bug in our Debian/Ubuntu packages causing `passenger-install-nginx-module`
not to be able to compile Nginx.
* Arbitrary Node.js application structures are now supported.
* [Nginx] Introduced the `passenger_restart_dir` option.
* [Nginx] Upgraded preferred Nginx version to 1.4.4 because of CVE-2013-4547.
Release 4.0.24
--------------
* Introduced the `PassengerNodejs` (Apache) and `passenger_nodejs` (Nginx)
configuration options.
* [Apache] Introduced the `PassengerErrorOverride` option, so that HTTP error
responses generated by applications can be intercepted by Apache and customized
using the `ErrorDocument` directive.
* [Standalone] It is now possible to specify some configuration options in
a configuration file `passenger-standalone.json`. When Passenger Standalone
is used in Mass Deployment mode, this configuration file can be used to customize
settings on a per-application basis.
* [Enterprise] Fixed a potential crash when a rolling restart is triggered
while a process is already shutting down.
* [Enterprise] Fixed Mass Deployment support for Node.js and Meteor.
Release 4.0.23
--------------
* Fixed compilation problems on GCC 4.8.2 (e.g. Arch Linux 2013-10-27).
* Fixed a compatibility problem with Solaris /usr/ccs/bin/make: issue #999.
* Support for the Meteor Javascript framework has been open sourced.
Release 4.0.22
--------------
* [Enterprised] Fixed compilation problems on OS X Mavericks.
Release 4.0.21
--------------
* [Nginx] Upgraded the preferred Nginx version to 1.4.3.
* Node.js support has been open sourced.
* Prelimenary OS X Mavericks support.
* Work around an Apache packaging bug in CentOS 5.
* Various user friendliness improvements in the documentation and the
installers.
* Fixed a bug in the always_restart.txt support. Phusion Passenger was
looking for it in the wrong directory.
* Many Solaris and Sun Studio compatibility fixes. Special thanks to
"mark" for his extensive assistance.
* [Standalone] The --temp-dir command line option has been introduced.
Release 4.0.20
--------------
* Fixed a bug in Phusion Passenger Standalone's daemon mode. When in daemon
mode, the Nginx temporary directory was deleted prematurely, causing some
POST requests to fail. This was a regression that was introduced in 4.0.15
as part of an optimization.
* Fixed compilation problems on Solaris 10 with Sun Studio 12.3.
* Improved detection of RVM problems.
* It is now possible to log the request method to Union Station.
* Introduced a new option, `PassengerLoadShellEnvvars` (Apache) and
`passenger_load_shell_envvars` (Nginx). This allows enabling or disabling
the loading of bashrc before spawning the application.
* [Enterprise] Fixed a packaging problem which caused the flying-passenger
executable not to be properly included in the bin path.
* [Enterprise] Fixed a race condition which sometimes causes the Flying
Passenger socket to be deleted after a restart. Fixes issue #939.
* [Enterprise] The `byebug` gem is now supported for debugging on Ruby 2.0.
The byebug gem requires a patch before this works:
https://github.com/deivid-rodriguez/byebug/pull/29
Release 4.0.19
--------------
* Fixed a problem with response buffering. Application processes are now
properly marked available for request processing immediately after they're
done sending the response, instead of after having sent the entire response
to the client.
* The "processed" counter in `passenger-status` is now bumped after the process
has handled a request, not at the beginning.
* [Enterprise] Fixed an off-by-one bug in the `passenger_max_processes` setting.
Release 4.0.18
--------------
* The Enterprise variant of Phusion Passenger Standalone now supports
customizing the concurrency model and thread count from the command line.
* On Nginx, the Enterprise license is now only checked if Phusion Passenger
is enabled in Nginx. This allows you to deploy Nginx binaries, that have
Phusion Passenger Enterprise compiled in, to servers that are not
actually running Phusion Passenger Enterprise.
* Fixed a performance bug in the Union Station support code. In certain cases
where a lot of data must be sent to Union Station, the code is now over
100 times faster.
* `passenger-status --show=union_station` now displays all clients that
are connected to the LoggingAgent.
* Added a workaround for Heroku so that exited processes are properly detected
as such.
* When using Phusion Passenger Standalone with Foreman, pressing Ctrl-C
in Foreman no longer results in runaway Nginx processes.
* Fixed backtraces in the Apache module.
Release 4.0.17
--------------
* Fixed compilation problems on GCC 4.8 systems, such as Arch Linux 2013.04.
Fixes issue #941.
* Fixed some deprecation warnings when compiling the Ruby native extension
on Ruby 2.0.0.
* Fixed some Union Station-related stability issues.
Release 4.0.16
--------------
* Allow Phusion Passenger to work properly on systems where the user's GID
does not have a proper entry in /etc/group, such as Heroku.
Release 4.0.15
--------------
* Out-of-band work has been much improved. The number of processes which
may perform out-of-band work concurrently has been limited to 1.
Furthermore, processes which are performing out-of-band work are now
included in the max pool size constraint calculation. However, this
means that in order to use out-of-band work, you need to have at least
2 application processes running. Out-of-band work will never be triggered
if you just have 1 process. Partially fixes issue #892.
* Phusion Passenger now displays an error message to clients if too many
requests are queued up. By default, "too many" is 100. You may customize
this with `PassengerMaxRequestQueueSize` (Apache) or
`passenger_max_request_queue_size` (Nginx).
* A new configuration option, `PassengerStartTimeout` (Apache) and
`passenger_start_timeout` (Nginx), has been added. This option allows you
to specify a timeout for application startup. The startup timeout has exited
since version 4.0.0, but before version 4.0.15 it was hardcoded at a value
of 90 seconds. Now it is customizable. Fixes issue #936.
* [Enterprise] The `PassengerMaxRequestTime`/`passenger_max_request_time`
feature is now available for Python and Node.js as well, and is no longer
limited to just Ruby. Fixes issue #938.
* [Nginx] Introduced a configuration option `passenger_intercept_errors`,
which decides if Nginx will intercept responses with HTTP status codes of
400 and higher. Its effect is similar to `proxy_intercept_errors`.
* [Standalone] Memory usage optimization: when `passenger start` is run with
`--daemonize`, the frontend exits after starting the Nginx core. This saves
~20 MB of memory per `passenger start` instance.
* [Standalone] Phusion Passenger Standalone is now also packaged in the
Debian packages.
* [Standalone] Fix a problem with the `passenger stop` command on Ruby 1.8.7.
The 'thread' library was not properly required, causing a crash.
* [Standalone] There is now builtin support for SSL.
* Fix a crash when multiple `passenger_pass_header` directives are set.
Fixes issue #934.
* Permissions on the server instance directory are now explicitly set
with chmod, so that permissions are correct on systems with a non-default
umask. Fixes issue #928.
* Fix permission problems when running `passenger start` with `--user`.
* `passenger-config --detect-apache2` now correctly detects the eror log
filename on Amazon Linux. Fixes issue #933.
* An environment variable `PASSENGER_THREAD_LOCAL_STORAGE` has been added
to the build system for forcefully disabling the use of thread-local
storage within the Phusion Passenger codebase. This flag useful on systems
that have broken support for thread-local storage, despite passing our build
system's check for proper thread-local storage support. At the time of
writing, one user has reported that Ubuntu 12.04 32-bit has broken
thread-local storage report although neither the reporter nor us were able
to reproduce the problem on any other systems running Ubuntu 12.04 32-bit.
Note that this flag has no effect on non-Phusion Passenger code. Fixes
issue #937.
* It is now possible to preprocess events before they are sent to Union
Station. This is useful for removing confidential data as demonstrated in
this example `config/initializers/passenger.rb` file:
if defined?(PhusionPassenger)
event_preprocessor = lambda do |e|
e.payload[:sql].gsub!("secret","PASSWORD") if e.payload[:sql]
end
PhusionPassenger.install_framework_extensions!(:event_preprocessor => event_preprocessor)
end
Release 4.0.14
--------------
* Fixed a bug in Passenger Standalone's source compiler, for the specific
case when the downloaded Nginx binary doesn't work, and compilation
of the Nginx binary did not succeed the first time (e.g. because of
missing dependencies).
* Precompiled Ruby native extensions are now automatically downloaded.
Release 4.0.13
--------------
* Updated preferred Nginx version to 1.4.2.
* Worked around the fact that FreeBSD 9.1 has a broken C++ runtime. Patch
contributed by David Keller.
* Autogenerated HTTP Date headers are now in UTC instead of local time.
This could cause cookies to have the wrong expiration time. Fixes issue #913.
* Fixed compatibility problems with Ruby 1.8.6 (issue #924).
* Introduced a tool, `passenger-config --detect-apache2`, which autodetects
all Apache installations on the system along with their parameters (which
apachectl command to run, which log file to read, which config file to edit).
The tool advises users about how to use that specific Apache installation.
Useful if the user has multiple Apache installations but don't know about
it, or when the user doesn't know how to work with multiple Apache
installations.
* Added an API for better Rack socket hijacking support.
* Added a hidden configuration option for customizing the application start
timeout. A proper configuration option will be introduced in the future.
* Added autodetection support for Amazon Linux.
* Fixed process metrics collection on some operating systems. Some systems'
'ps' command expect no space between -p and the list of PIDs.
Release 4.0.10
--------------
* Fixed a crash in PassengerWatchdog which occurs on some OS X systems.
* Fixed exception reporting to Union Station.
* Improved documentation.
Release 4.0.9
-------------
* [Enterprise] Fixed a problem with passenger-irb.
Release 4.0.8
-------------
* Fixed a problem with graceful web server restarts. When you gracefully
restart the web server, it would cause Phusion Passenger internal sockets
to be deleted, thus causing Phusion Passenger to go down. This problem
was introduced in 4.0.6 during the attempt to fix issue #910.
* The PassengerRestartDir/passenger_restart_dir now accepts relative
filenames again, just like in Phusion Passenger 3.x. Patch
contributed by Ryan Schwartz.
* Documentation updates contributed by Gokulnath Manakkattil.
* [Enterprise] Fixed a license key checking issue on some operating systems,
such as CentOS 6.
Release 4.0.7
-------------
* There was a regression in 4.0.6 that sometimes prevents
PassengerLoggingAgent from starting up. Unfortunately this slipped
our release testing. This regression has been fixed and we've updated
our test suite to check for these kinds of regressions.
Release 4.0.6
-------------
* Fixed a potential 100% CPU lock up in the crash handler, which only occurs
on OS X. Fixes issue #908.
* Fixed a crash in request handling, when certain events are trigger after
the client has already disconnected. Fixes issue #889.
* Phusion Passenger will no longer crash when the Phusion Passenger
native_support Ruby extension cannot be compiled, e.g. because the Ruby
development headers are not installed or because the current user has no
permission to save the native extension file. Fixes issue #890.
* Fixed OS X 10.9 support. Fixes issue #906.
* Removed dependency on bash, so that Phusion Passenger works out of the box
on BSD platforms without installing/configuring bash. Fixes issue #911.
* Fix 'PassengerPoolIdleTime 0' not being respected correctly. Issue #904.
* Admin tools improvement: it is now possible to see all currently running
requests by invoking `passenger-status --show=requests`.
* A new feature called Flying Passenger allows you to decouple the life time
of Phusion Passenger from the web server, so that both can be restarted
indepedently from each other. Please refer to
http://blog.phusion.nl/2013/07/03/technology-preview-introducing-flying-passenger/
for an introduction.
* [Apache] Fixed compatibility with Apache pipe logging. Previously this
would cause Phusion Passenger to lock up with 100% CPU during Apache
restart.
* [Nginx] The Nginx configure script now checks whether 'ruby' is in $PATH.
Previously, if 'ruby' is not in $PATH, then the compilation process fails
with an obscure error.
* [Nginx] passenger-install-nginx-module now works properly even when Phusion
Passenger is installed through the Debian packages. Before, the installer
would tell you to install Phusion Passenger through the gem or tarball
instead.
* [Enterprise] Added pretty printing helpers to the Live IRB Console.
* Fixed permissions on a subdirectory in the server instance directory. The
server instance directory is a temporary directory that Phusion Passenger
uses to store working files, and is deleted after Phusion Passenger exits.
A subdirectory inside it is world-writable (but not world-readable) and is
used for storing Unix domain sockets created by different apps, which may
run as different users. These sockets had long random filenames to prevent
them from being guessed. However because of a typo, this subdirectory was
created with the setuid bit, when it should have sticky bit (to prevent
existing files from being deleted or renamed by a user that doesn't own the
file). This has now been fixed.
* If the server instance directory already exists, it will now be removed
first in order get correct directory permissions. If the directory still
exists after removal, Phusion Passenger aborts to avoid writing to a
directory with unexpected permissions. Fixes issue #910.
* The installer now checks whether the system has enough virtual memory, and
prints a helpful warning if it doesn't.
* Linux/AArch64 compatibility fixes. Patch contributed by Dirk Mueller.
* Improved documentation.
Release 4.0.5
-------------
* [Standalone] Fixed a regression that prevented Passenger Standalone
from starting. Fixes issue #899.
* Fixed security vulnerability CVE-2013-2119.
Urgency: low
Scope: local exploit
Summary: denial of service and arbitrary code execution by hijacking temp files
Affected versions: all versions
Fixed versions: 3.0.21 and 4.0.5
Description:
Phusion Passenger's code did not always create temporary files and directories in a secure manner. Temporary files and directories were sometimes created with a predictable filename. A local attacker can pre-create temporary files, resulting in a denial of service. In addition, this vulnerability allows a local attacker to run arbitrary code as another user, by hijacking temporary files.
By pre-creating certain temporary files with certain permissions, attackers can prevent Passenger Standalone from starting (denial of service).
By pre-creating certain temporary files with certain other permissions, attackers can trick `passenger start` and the build system (which is invoked by `passenger-install-apache2-module`/`passenger-install-nginx-module`) to run arbitrary code. The user that the code is run as, is equal to the user that ran `passenger start` or the build system. Attacks of this nature have to be timed exactly right. The attacker must overwrite the file contents right after Phusion Passenger has created the file contents, but right before the file is used. In the context of `passenger start`, the vulnerable window begins right after Passenger Standalone has created the Nginx config file, and ends when Nginx has read the config file. Once Nginx has started and initialized, the system is no longer vulnerable. `passenger stop` and other Passenger Standalone commands besides `start` are not vulnerable. In the context of the build system, the vulnerable window begins when `passenger-install-apache2-module`/`passenger-install-nginx-module` prints its first dependency checking message, and ends when it prints the first compiler command.
Only the `passenger start` command, the `passenger-install-apache2-module` command and the `passenger-install-nginx-module` commands are vulnerable. Phusion Passenger for Apache and Phusion Passenger for Nginx (once they are installed) are not vulnerable.
Fixed versions:
3.0.21 and 4.0.5 have been released to address this issue.
Workaround:
You can use this workaround if you are unable to upgrade. Before invoking any Phusion Passenger command, set the `TMPDIR` environment variable to a directory that is not world-writable. Special care must be taken when you use sudo: sudo resets all environment variables, so you should either invoke sudo with `-E`, or you must set the environment variable after gaining root privileges with sudo.
Release 4.0.4
-------------
* Fixed autodetection of noexec-mount /tmp directory. Fixes issue #850
and issue #625.
* Fixed a WSGI bug. wsgi.input was a file object opened in text mode,
but should be opened in binary mode. Fixes issue #881.
* Fixed a potential crash in Out-of-Band Work. Fixes issue #894.
* Fixed a potential crash in rolling restarting, which only occurs if a
process was also being spawned at the same time. Fixes issue #896.
* [Apache] The RailsBaseURI and RackBaseURI directives have been unified.
For a long time, RailsBaseURI told Phusion Passenger that the given
sub-URI belongs to a **Rails 2** application. Attempt to use this
directive with Rails 3 or with Rack applications would result in an
error. Because this confused users, RailsBaseURI and RackBaseURI
have now been unified and can now be used interchangably. Phusion
Passenger will automatically detect what kind of application it is.
The Nginx version already worked like this. Fixes issue #882.
* [Standalone] The Passenger Standalone temp directory and
PassengerWatchdog server instance directory have been unified.
PassengerWatchdog already automatically updates the timestamps of
all files in its server instance directory every 6 hours to prevent
/tmp cleaners from deleting the directory. Therefore this
unification prevents the Passenger Standalone temp directory to be
deleted by /tmp cleaners as well. Fixes issue #654.
* [Standalone] types_hash_max_size has been increased from 1024 to
2048. This solves a problem that causes Nginx not to start on some
platforms. Contributed by Jan-Willem Koelewijn.
Release 4.0.3
-------------
* Better protection is now provided against application processes that
are stuck and refuse to shut down cleanly. Since version 4.0.0,
Phusion Passenger already forcefully shuts down all processes during
web server shutdown. In addition to this, 4.0.3 now also forcefully
shuts down processes that take more than 1 minute to shut down, even