Release 5.3.7 (Not yet released) ------------- * Changes minimum supported macOS version to 10.11 El Capitan. Release 5.3.6 ------------- * Fixes smart spawning. A regression in 5.3.5 (due to a refactoring) made it so that Passenger only used the direct spawning method. This issue was mostly noticeable in the form of increased process spawning times between 5.3.4 and 5.3.5. * Fixes Passenger Core and application processes staying on the Watchdog's OOM score (unkillable). Closes GH-2105. * Fixes "mach_vm_map failed" warnings on macOS >= High Sierra. These warnings were harmless, but annoying. Closes GH-2101. * Fixes `passenger-config compile-agent` compilation with optimizations. The optimization flags were not properly passed to the compiler. * Fixes a crash that could occur when HTTP clients send a chunked transfer-encoding body containing a chunk larger than 429496729 bytes. * Improves detection of the system Apache's include headers on macOS High Sierra and later. * Fixes RVM gemset detection on RVM 1.29. * No longer supplies precompiled Ruby extensions for Ruby 1.9.3 and 2.0.0. When running Ruby 1.9.3 and 2.0.0, Passenger will attempt to compile from source instead. Release 5.3.5 ------------- * Fixes Ubuntu 18.04 package installation problems due to Nginx version mismatch. Closes GH-2122. * Improves usability of crash reports. Crash reports are no longer dumped in one big chunk to stderr. Instead, they are now dumped into multiple files, making it easy to inspect relevant reports. * Fixes some crashes that only occur with log level 7. * Downloads binaries from the newly-introduced Github mirror. This improves the reliability of binary downloads. * Updated various library versions used in precompiled binaries (used for e.g. gem installs): - OpenSSL: 1.0.2p (was: 1.0.2o) - libcurl: 7.61.1 (was: 7.60.0) Release 5.3.4 ------------------------------- * Fixes a crash during startup on FreeBSD 11.2 and recent OpenBSD versions due to C++11 compatibility issues in the code. Closes GH-2097. * Updates Boost to version 1.67.0. * [Apache] Fixes the handling of HTTP requests with chunked bodies in combination with `PassengerBufferUploads off`. Closes GH-2102. Release 5.3.3 ------------- * [Apache, Nginx] Fixes the passenger-install-*-module scripts. (Regression in 5.3.2) Closes GH-2093. * [Nginx] Fixed nginx module building on CentOS 6. Closes GH-2081. Thanks to defanator for contributing this. Release 5.3.2 ------------- This release contains many security updates. Users are advised to upgrade as soon as possible. See our blog for more information on the vulnerabilities. * [Nginx] Fixes CVE-2018-12029, a local privilege escalation vulnerability in the Nginx module that occurs when `passenger_instance_registry_dir` is configured to a directory with insufficiently strict permissions. * Fixes CVE-2018-12026, 12027, and 12028. These are local denial of service, local information disclosure and local privilege escalation vulnerabilities that could be exploited by malicious applications or malicious users on the system. * Updated various library versions used in precompiled binaries (used for e.g. gem installs): - OpenSSL (Linux only): 1.0.2o (was: 1.0.2k; on macOS it was already 1.0.2o) - GeoIP: 1.6.12 (was: 1.6.11) - libcurl: 7.60.0 (was: 7.56.1) * Fixes Meteor support in non-bundled mode (regression from 5.3.0). Closes GH-2082. * Fixes the fact that the error page (which is shown when an app fails to spawn) sometimes contains unsufficient analysis details about the app. * [Apache] Fixes PassengerMaxInstancesPerApp not being respected (regression from config refactor in 5.2.0). Closes GH-2059. * [Enterprise, Apache] Fixes PassengerMaxInstances not being respected (regression from config refactor in 5.2.0). * [Enterprise] Fixes passenger-irb being unable to connect to an app process (regression from 5.3.0). Closes GH-2087. Release 5.3.1 ------------- * Fixes a regression from 5.3.0: a crash that occurs if the user that an application should run under, does not have a shell configured. Closes GH-2078. * Fixes a regression from 5.3.0: setting supplementary group IDs during user switching. Closes GH-2077. Release 5.3.0 ------------- * Adds Ubuntu 18.04 "Bionic" packages. * Removes packages for Debian 7 "Wheezy" (EOL May 2018). * Vastly improves spawning error page: quick overview of where the problem is, and the option to drill down in extensive troubleshooting information. * Fuse Panel support: fixes a crash that occurs when you shut down Passenger right after it fails to connect to Fuse Panel. * [Nginx] Updates the preferred Nginx version to 1.14.0 (from 1.12.2). * [Apache] Updates the recommended package for apache dev headers on debian >= 9.4. Closes GH-2048. * [Enterprise] Fix licensing proxy warning to refer to licensing_proxy_url instead of licensing_proxy. * [Enterprise] Add new `PassengerAppLogFile` (Apache) / `passenger_app_log_file` (Nginx) config option to specify a file for app-specific logs. Closes GH-1279. Release 5.2.3 ------------- * Fuse Panel support: fixes a few bugs with handling small log files and with apps that don't output any messages. * Python app support: fixes a Python 3 compatibility issue w.r.t. writing data over the socket. * macOS support: fixes a crash in the `passenger-config compile-nginx-engine` command which only occurs on macOS >= 10.13. This crash was caused by a missing `require` call in our code, and affects users who compile Passenger from source, e.g. users of the Passenger Enterprise Homebrew formula. * Fixes a small memory corruption issue (dangling pointer) in the ApplicationPool subsystem. * Improves support for the $TMPDIR environment variable by removing leftover hardcoded references to /tmp. Closes GH-2052. * Updated PCRE version to 8.42 (was: 8.41) across the board. Release 5.2.2 ------------- * Adds an option for dumping the web server config manifest to a given file: `PassengerDumpConfigManifest` (Apache) / `passenger_dump_config_manifest` (Nginx). This option is mostly useful for Passenger developers. * [Nginx] Fixes support for configurations that have two `passenger_base_uri` options in a single virtual host, without corresponding `passenger_app_group_name` and `passenger_app_root` directives. Closes GH-2043. * [Enterprise] Improved support for RAM-based pricing on Heroku (now using officially recommended memory limit reporting via CGROUP). * (added in CHANGELOG after release) Four new options to connect to the new Fuse Panel: admin_panel_url, admin_panel_auth_type, admin_panel_username, admin_panel_password * (added in CHANGELOG after release) Updated OpenSSL version used in precompiled binaries (used for e.g. gem installs) to 1.0.2o (was: 1.0.2m). Release 5.2.1 ------------- * Fixes a regression from 5.1.11 that prevented Passenger from compiling on FreeBSD in some cases. Closes GH-2031. * Fixes a bounds issue in printing an error message that could occur in some cases when spawning a child process fails. Issue was present from 5.1.11. * Fixes a regression from 5.2.0 which prevented setting the max pool idle time to 0. Closes GH-2020. * Warns if using an incompatible compiler on macOS < 10.13. Closes GH-2017. * No longer uses Security Framework on macOS 10.13+. This will prevent further keychain warnings from appropriately compiled Passengers. * Fixes warning on macOS about /proc/self access (excluded some code that was intended only for Linux). * `passenger-install-nginx-module` now downloads the preferred Nginx version via https. Thanks to smiba for pointing this out. * [Apache] Fixes a regression from 5.2.0 that caused a crash on startup when no top-level ServerName is set. Closes GH-2029. * [Enterprise] Adds support for using RAM-based pricing on Heroku. Release 5.2.0 ------------- * [Apache] Breaking change: to avoid configuration ambiguity, options that act on a per-process level (rather than per-request level) can no longer be used in .htaccess. See the Passenger Library -> configuration -> intro for more info (https://www.phusionpassenger.com/library/config/apache/intro.html#global-per-application-and-per-request-options). * [Apache] Breaking change: the option PassengerResolveSymlinksInDocumentRoot has been removed (old Passenger 2 compatibility option, see PassengerAppRoot for new method). * [Apache] Option handling has been refactored to avoid silent conflicts and errors: warnings are now generated for global config options in (they conflict between VHosts) and per-application options in , and (silently failed before). * [Apache] Fixes compilation issues on some systems with macOS 10.13 High Sierra (in addition to the fixes from 5.1.11). * [Enterprise] Fixes two unnecessary warnings about failure to contact the licensing server, one occurring since version 5.1.8 ("3 days out of contact"), the other since 5.1.11 + Apache ("failure to contact"). * [Nginx] Fixes the default for the `passenger_app_group_name` to start with the `passenger_app_root` rather than the document root (the end remains the same: `passenger_app_env`). * [Standalone] Adds command line support for `start_timeout` in Passenger Standalone (also removes unnecessary warning when using it in `Passengerfile.json`). * [Standalone, Nginx] Waits for Nginx to exit before cleaning up temp dir (started happening more since the switch to Nginx graceful shutdown in 5.1.6). Closes GH-1970. * Deprecated options for Union Station. * Ruby 2.5 compatibility: handle case where an exception's backtrace may be nil. Closes GH-2011. * Adds JSON mime type for static file serving. Closes GH-2018. * Removes packages for Ubuntu 17.04 "Zesty" (EOL 13-jan-2018). Release 5.1.12 -------------- * Changes the Debian/Ubuntu install script to completely restart Apache upon upgrade. This prevents issues due to a "half upgraded" state (old Passenger Apache module + new Passenger core). Closes GH-2000. * Adds Ubuntu 17.10 "Artful" packages. * Fixes a case in which -- when Passenger is configured with user switching turned off -- it is unable to open the web server log file and aborts during startup. This regression was introduced in 5.1.8. Closes GH-1990. * [Nginx] The preferred Nginx version is now 1.12.2 * [Nginx] The preferred PCRE version is now 8.41 (previously 8.39). * [Standalone] Adds support for using `start_timeout` in Passengerfile.json. * [Enterprise] Uses libuv to detect total system RAM, allows for compilation on pre-10.11 macOS. * [Enterprise] Added a max request queue time option, to limit time requests spend in the request queue. Closes GH-1688. * Updated libcurl version used in precompiled binaries (used for e.g. gem installs) to 7.56.1 (was: 7.54.1). * Updated OpenSSL version used in precompiled binaries (used for e.g. gem installs) to 1.0.2m (was: 1.0.2l). * Updated PCRE version used in precompiled binaries (used for e.g. gem installs) to 8.41 (was: 8.40). * Updated Ruby versions used in precompiled binaries (used for e.g. gem installs) to include 2.1.10, 2.2.8, 2.3.5, and 2.4.2 (removed: 2.1.9, 2.2.7, 2.3.4, and 2.4.1). Release 5.1.11 -------------- * [Apache] Fixes a race condition (segfault) on startup, which primarily affected macOS hosts (regression in 5.1.8 due to the logging improvements). Closes GH-1973. * [Apache] Fixes compilation on macOS 10.13 High Sierra. * [Nginx] It is now allowed to specify `passenger_enabled` in the `http` context as well. * [Nginx] Namespaced Jsoncpp under the Passenger namespace to avoid collisions with Google Pagespeed's copy when linked into Nginx. * [Standalone] Enables HTTP/2 support in the Nginx template. Support is only active if SSL is used, to avoid potential issues with HTTP/2 on HTTP ports. Closes GH-1945. * [Enterprise, Standalone] Adds a new feature that is especially useful on Heroku: deferred port binding. When `--defer-port-binding` is set, Passenger does not listen on the given port until the application has finished spawning. If the application starts slowly then this mechanism can prevent the Heroku request timeout from killing the dyno (the boot timeout still applies). * [Enterprise, Standalone] Fixes duplicate warnings when Passengerfile.json contains errors. * [Standalone] `passenger start` now accepts the `--start-timeout` configuration option. * Adds support for Bundler 2.0's new `gems.rb` and `gems.locked`. Learn more about these in [Gemfile's new clothes](https://depfu.com/blog/2017/09/06/gemfiles-new-clothes). Closes GH-1982. * Removes Debian packages for Ubuntu 12.04 Precise. * Fixes compilation warnings on macOS + Clang 9.0. * Introduces a new check that logs a vulnerability warning if Passenger is run with root permissions while the directory permissions of (parts of) its root dir allow modifications by non-root users. * Fixes an arbitrary file read vulnerability (if Passenger is running as root and the attacker has access to a user account that hosts an application). Release 5.1.10 -------------- * This was an Enterprise-only hotfix release (no changes in Passenger Open Source). Release 5.1.9 ------------- * This was an Enterprise-only hotfix release (no changes in Passenger Open Source). Release 5.1.8 ------------- * Introduces a shorter and more informative log format. The new format significantly shortens the thread ID, and includes the message's log level (critical, error, warning, notice, etc) so that users can more easily filter out uninteresting messages. * [Nginx] The Phusion Nginx APT package is upgraded to Nginx version 1.12.1 (previously pinned at 1.10.3 while waiting for a compatible lua module release). * [Standalone] Automatically uses Nginx to serves static asset URLs that conform to the [webpacker](https://github.com/rails/webpacker) gem's format. Closes GH-1966. * [Standalone] If configured to listen on a Unix domain socket, properly cleans up this socket on Nginx shutdown. Fixes a regression from 5.1.6. Closes GH-1969. * [Standalone] Fixes the `--max-requests` option when using the builtin engine. Fixes a regression from 5.1.4. * [Enterprise] Fixes a potential use-after-free bug when reporting usage data to the Phusion licensing server. This bug only occurs when Passenger Enterprise is running inside a container. Release 5.1.7 ------------- * Fixes compilation problems on some systems. * Upgrades the JSON parser (json-cpp) to version 1.8.1. This makes parsing slightly faster, adds various security checks and fixes some JSON generation issues. * [Enterprise] Fixes an SSL certificate issue in the license usage data reporter, which only occurs when Passenger Enterprise installed from gem or tarball. The license usage data reporter now searches for the correct system CA path. * [Enterprise] Fixes a potential use-after-free bug when reporting usage data to the Phusion licensing server, and improves reliability of usage data recording. Release 5.1.6 ------------- * Fixes a typo that causes a looping crash when long security update information is sent by the server. In practice we will keep the messages shorter to avoid triggering this until there has been ample time to upgrade. * Fixes unnecessary process respawn if it was detached and min_instances is set to 0. Closes GH-1735. * Introduces APT packages for Debian 9 "Stretch", with Passenger built as dynamic module. Closes GH-1960. * Changes APT packages for Ubuntu 17.04 "Zesty" from static to dynamic module. * [Standalone] Now uses graceful shutdown for the Nginx engine under the hood (requested as part of GH-1598). Thanks to PikachuEXE for contributing this. * [Standalone] Fixes a memory corruption issue in the builtin engine. The issue was introduced in 5.1.5 (settings handling refactoring). * [Standalone] Cleanup the temp dir before aborting when startup cannot continue, e.g. when Passenger is already running. Closes GH-1953. * Fixes WSGI crash with Python 3 and non-ASCII characters in headers or the URL. Closes GH-1935. Thanks to n4nn31355 for the assistance. * [Nginx] The preferred Nginx version is now 1.12.1 (previously 1.10.3), except for the Phusion Nginx APT package, which is pinned at 1.10.3 until an 1.12.x compatible lua module becomes available. * [Nginx] Fixes CVE-2017-7529, an integer overflow vulnerability in the Nginx range filter module. This is accomplished by upgrading to Nginx 1.12.1, or applying the patch (Phusion Nginx APT package). * Updated libcurl version used in precompiled binaries (used for e.g. gem installs) to 7.54.1 (was: 7.54.0). * Updated OpenSSL version used in precompiled binaries (used for e.g. gem installs) to 1.0.2l (was: 1.0.2k). * Updated GeoIP version used in precompiled binaries (used for e.g. gem installs) to 1.6.11 (was: 1.6.9). * Updated PCRE version used in precompiled binaries (used for e.g. gem installs) to 8.40 (was: 8.39). * Adds support for building with MacPorts' OpenSSL. Closes GH-1959. Release 5.1.5 ------------- * Updated Boost to version 1.64.0, which fixed a compilation issue on certain Gentoo based setups. Closes GH-1942. * Improved the error message shown when an app fails to start in time. * [Apache] Remove option to configure PassengerAppGroupName from .htaccess because, assuming AllowOverride Options is set, malicious users (having an account on the same server) can sometimes collide app group names of other users and capture their traffic. * Major internal refactoring of settings handling, to prepare for supporting settings changes without restart. Release 5.1.4 ------------- * Updated zlib version used in building precompiled binaries (used for e.g. gem installs) to 1.2.11 (was: 1.2.8). * Updated openssl version used in building precompiled binaries (used for e.g. gem installs) to 1.0.2k (was: 1.0.2j). * Updated curl version used in building precompiled binaries (used for e.g. gem installs) to 7.54.0 (was: 7.51.0). * Added support for rbenv when building precompiled binaries (passenger_binary_build_automation submodule). * Fixes issue when building precompiled binaries (used for e.g. gem installs) found in release 5.1.3. * Added Ruby 2.4.1 precompiled native extension. Release 5.1.3 ------------- * [Standalone] Fixes `install-standalone-runtime` command after regression in 5.1.2. * Removes unnecessary logging of "No Error" from macOS Security Update Checker. * Adds support for compiling against the built-in Apache installation supplied with macOS 10.12 Sierra. Previous versions of Passenger failed because macOS Sierra's Apache installation is incomplete and does not supply the apr-config tool. We now work around this by using hardcoded default values for macOS. * Don't output colorized text during dependency check when output isn't a TTY, unless forced. Closes GH-1902. * [Nginx] The preferred Nginx version is now 1.10.3 (previously 1.10.2). * Adds Ubuntu 17.04 "Zesty" packages. * [Enterprise] Fixes `send-cloud-usage` command when Passenger is installed from gem. * [Enterprise] Improves robustness of machine properties reporting for pay-as-you-go cloud-license holders. * [Enterprise] Adds support for reporting available RAM, and CONTAINER_HOST_IDENTIFIER envvar, to support RAM-based pricing model. * Added additional debug level logging for troubleshooting issues with bash scripts. Closes GH-1928. * Revert private keychain use in the Security Update Checker when run as root on macOS, in order to avoid changing the default System Keychain. Closes GH-1922. Remove Cert and Key from keychain separately, to avoid errors when clearing the client certificate. * Fix missing openssl check in `passenger-install-apache2-module` dependency checker. Closes GH-1934. Release 5.1.2 ------------- * Improve curl check for passenger-install- scripts to catch (very old) curl versions that won't compile against 5.1+. * Fixes remaining false positives (logging) from the new Meteor cluster warning system. Closes GH-1905. * Create a private keychain on macOS when the system keychain is defaulted to, this avoids a permissions issue with the system keychain when performing the Security Update Check. This is necessary because the system keychain is the default keychain of daemon users and root on macOS. * Improve `passenger-memory-stats` to include JRuby processes that fail to rename as expected. Closes GH-1878. * [Standalone] Don't download or compile Nginx when using the builtin engine. Closes GH-1910. * [Standalone] Fixes `--nginx-tarball` option of `passenger start` and `passenger-config install-standalone-runtime` (wasn't working). Also verifies that `--nginx-version` is explicitly specified as it should be. Release 5.1.1 ------------- * The precompiled version of the PassengerAgent binary (used for e.g. gem installs) now configures (statically linked) libcurl with system keystore, so that the new security update check can successfully validate certs. * Fixes some false positives (logging) from the new Node and Meteor cluster warning system. Logging is less repetitive and has extra debug info. Closes GH-1905. * Updates the upload-progress module in the Nginx Debian package. The module version that we linked against in 5.1.0 was 0.9.2, but due to a bug in that version the module didn't work. * The security update check now reports whether libcurl + SSL backend are statically linked to Passenger, in which case the check also needs to warn about relevant OpenSSL vulnerabilities in the linked library. * Increases the allowed line lengths emitted by apps at startup. * Adds support for the unary 'not' operator in the Union Station filter language. * [Enterprise] Add missing flying-passenger integration mode to security update check. * Fixes support for Rails 5.0.1 Action Cable. Specifically, we now support the `options` argument in the `write_nonblock` method in hijacked Rack IO sockets. * [Apache] Introduces a small delay to prevent running the Security Update Checker twice at startup. Release 5.1.0 -------------- * Upgrades union_station_hooks_core to version 2.1.2. * [Enterprise] When running a Rails app in multithreaded mode, Passenger Enterprise automatically tags Rails logs with the current thread number. This makes it possible to distinguish logs generated by different threads. * Fixes permissions issue on Linux when setting OOM score after lowering privileges. Closes GH-1858. * [Standalone] Allows raw json envvars in Passengerfile.json. Closes GH-1837. * [Standalone] Make the `max_requests` option available on the command line as well. * Fixes unaligned memory access in base64 decoder on platforms that have strict aliasing requirements (non x86/x86_64). Closes GH-1646. * Introduces daily Passenger security update check to warn (error log) if there are newer Passenger versions with important security fixes (describing what was discovered, what is affected, which version has the fix). * Fixes compilation on Linux when a non-glibc C library is in use. Closes GH-1870. * `passenger-install-nginx-module` and the standalone compiler now add the http v2, realip and addition module flags for Nginx (just like the APT/RPM/autobuilder already had). Closes GH-1788. * [Apache] Fixes PassengerShowVersionInHeader option. Thanks to Sebastian Welther for contributing this. * Passenger now reports when you try to use Node.js or Meteor clustering, and tries to continue with just a nonfunctional shim in place, so that if your code uses the clustering APIs your app may still work. * Updates libev config.sub and config.guess to support newer platforms such as the IBM power 8. * Fixes an issue where passenger-config couldn't restart an app if the TMPDIR variable was set to /tmp * `passenger-install-apache-module` now suggests the correct apache package on Ubuntu Xenial. Closes GH-1884. * [Standalone] The TempDirToucher will now spend most of its time with reduced privileges, except when it's actively touching files. This allows it to be killed when Passenger is quit in most circumstances. Closes GH-1678. * Fixes a file overwrite vulnerability (CVE-2016-10345) caused by a predictable temporary file being written by `passenger-install-nginx-module`. Thanks to Jeremy Evans for reporting this. * [Standalone] Fixes starting Passenger as a non-extant user. Closes GH-1849. * Improved look of the error pages for failing to spawn an application (development & production mode), and Error ID is now also shown in production mode. * [Standalone] Enable ipv6 support by default in builtin nginx. Closes GH-1873. * [Nginx] Updates to APT package builder (Debian & Ubuntu) with fix for www-data to root privilege escalation via log file handling (CVE-2016-1247/USN-3114-1). * [Nginx] Updates to RPM package builder (CentOS & RHEL) with fix for 1.10.x system nginx package overriding the nginx from the Passenger repo. Closes GH-1895. * [Nginx] The preferred Nginx version is now 1.10.2 (previously 1.10.1). * RPM pkg builder fix for breaking SELinux change in RHEL 7.3. * RPM pkg builder fix for RHEL6/CentOS6 incompatibility and replacement in Passenger. * Adds Ubuntu 16.10 "Yakkety" packages. Release 5.0.30 -------------- * Changes mbuf block size from 512 to 4096 bytes to better fit modern requests and significantly speed up disk buffering. * [Nginx] Fixes PCRE checksum after the preferred version update in 5.0.29 (contributed by: clemensg). * [Apache] Fixes buffer limit crash on large file upload (when core disk buffer can't keep up with client for some time), and limits per-client buffer memory usage to 130 KB. Closes GH-1620. * Fixes potential hang when an UnseekableSocket gets serialized to json. Closes GH-1838. Release 5.0.29 -------------- * Fixes the FreeBSD build breaking due to the `-ldl` flag introduced by the LVE integration patch (5.0.28). Closes GH-1805. * Fixes per-application interpreter override (ruby, node, python) being ignored in mass deployment mode. Closes GH-1818. * Fixes incomplete refactor from 5.0.27 that could, under specific conditions, lead to a Passenger crash. Closes GH-1794. * [Apache] Remove unused code that caused a crash in configurations with thousands of VirtualHost entries. Closes GH-1676. * [Nginx] Fixes use of invalid logfile name (memory already released) in backup log redirection code. Possibly related to GH-1774. * [Nginx] The preferred Nginx version is now 1.10.1 (previously 1.10.0). * [Nginx] The preferred PCRE version is now 8.39 (previously 8.34). * [Standalone] Passenger Standalone now supports /dev/stdout and /dev/stderr as log file path (via `--log-file` or Passengerfile.json). This is especially useful in Docker containers. In previous versions logging to those paths did not work, resulting in nothing getting logged at all. * Adds Ubuntu 16.04 "Xenial" packages, deprecates Ubuntu 15.10 “Wily” packages (in accordance with LTS support policy). Release 5.0.28 -------------- * Finalizes the fix (5.0.26) for the `rails server` command integration to prevent "missing on_event" errors. Closes GH-1768. * Fixes missing -fPIC in Nginx dynamic module compilation (5.0.26) on Linux (rewrite of a patch by Andrei Belov). Closes GH-1793. * Fixes memory leak that could occur whenever more than 1024 concurrent requests are handled (more likely since the higher concurrency support options from 5.0.24). Closes GH-1797. * Integrates with CloudLinux LVE and CageFS (security checks and a new option PassengerLveMinUid). Thanks to Oleksiy Shchukin from CloudLinux Inc. for contributing this. * Fixes the Nginx build when the PCRE library is not available (such as when compiling with `--without-http_rewrite_module`). Closes GH-1796. * Extends `passenger-memory-stats` filter to show the instance dir toucher too (as well as the core in valgrind debug runs). * Changes the default for friendly error pages to "off" unless the environment is set to "development", rather than "on" unless "staging" or "production". Closes GH-1782. * [Nginx] The preferred Nginx version is now 1.10.0 (previously 1.8.1). Release 5.0.27 -------------- * Fixes encoding issue for Ruby apps that resulted in a 0-byte response body. This occurred when the Ruby native support lib was not used and the app outputted an encoding that doesn't mix with UTF-8 (like UTF-16). Closes GH-1763. * Fixes Passenger Core and application processes staying on the Watchdogs OOM score (unkillable) when user switching is set to off. Closes GH-1631. * Supports Debian GNU/kFreeBSD build. Based on contribution by stevenc99. * Switches a number of places in the Passenger Core over to using the monotonic clock instead of the wallclock for robustness against clock time-stepping. * Slightly improves out-of-memory detection in some subroutines. * Fixes incomplete libuv upgrade: some build files were not autoregenerated during the upgrade from 1.5.0 to 1.8.0 in the previous release. * Warnings about 502 responses that are caused by applications aborting their output while the client is no longer connected (e.g. due to half-close event, reported since 5.0.26) are now reduced to debug level. * Fixes automatic compilation of Ruby's native_support library in case Passenger was installed through Debian or RPM packages. Closes GH-1778. * Fixes memory leak when buffering large request/response bodies to disk (which happens as soon as the 100 KB memory buffer is full). * Fixes crash if an application spawn fails and a non-UTF8 character appears in the spawn output. Closes GH-1601. * Updates the `rails server` command integration (from 5.0.25) to prevent "missing on_event" errors. Closes GH-1768. Update: not all required code made it to the release, the final fix is delivered in 5.0.28. * [Union Station] Fixes a crash that occurs if all of the following conditions are met: 1) Union Station support is enabled, 2) the client sent at least one header containing the empty string, 3) the application responds with a 4xx or 5xx status. Closes GH-1776. Release 5.0.26 -------------- * `passenger-status --show=server` now reports the speed at which new requests are accepted. * `passenger-status --show=server` now reports `last_data_send_time` and `last_data_receive_time` which can be used to troubleshoot long-running requests (for example, to see if a websocket heartbeat is stuck). * Passenger now reports TCP half-closing events to Node.js and Meteor applications, which allows them to detect request body and WebSocket closes without having to send data to the client. * Fixes outputting Content-Length and Transfer-Encoding headers on HEAD requests for Ruby apps. These headers were omitted in previous versions on HEAD requests. * Bumps the default socket backlog size from 1024 to 2048. * Upgrades libuv to version 1.8.0. * When using our RPM packages, system SELinux policy upgrades no longer break the Passenger SELinux policy. Closes GH-1663. * [Apache] Fixes compilation against Apache installations which include `-pie` in CFLAGS. Closes GH-1756. * [Nginx, Standalone] Bumps default Nginx worker_connections from 1024 to 4096 (effectively 2048 because of internal reverse proxy) * [Nginx, Standalone] Introduces the option `core_file_descriptor_ulimit` and `app_file_descriptor_ulimit`, for setting the file descriptor ulimits of the Passenger core and the application, respectively. * [Nginx] Passenger can now be [compiled as an Nginx dynamic module](https://www.phusionpassenger.com/library/install/nginx/install_as_nginx_module.html#dynamic-module). Thanks to Ruslan Ermilov from NGINX Inc for contributing this. * [Standalone] Prints a warning when an unsupported configuration option in Passengerfile.json is set. * [Standalone] Fixes "address already in use" errors when using the builtin engine. * [Enterprise] The rolling restart feature now waits until the old process is completely gone (drained its request queue, process exited) before proceeding with rolling restarting the next process. This results in friendlier resource usage during rolling restart. * [Union Station] Fixes custom logging time arguments getting overwritten by current time for Ruby apps (so some sub-blocks like "framework request processing" appeared shorter than they were). This could happen since the switch to monotonic clock in 5.0.22. Release 5.0.25 -------------- * Integrates into the `rails server` command. Please learn more at [the Passenger + Rails integration documentation](https://www.phusionpassenger.com/library/dev/ruby/rails_integration.html). * Adds explicit support for Action Cable. Please learn more at the [Passenger Library](https://www.phusionpassenger.com/library/dev/ruby/rails_integration.html#action_cable). * Removes packages for Ubuntu 15.04 Vivid and Debian 6. Ubuntu 15.04 and Debian 6 are still supported, we just don't supply packages for them anymore. If you are an Ubuntu 15.04 or Debian 6 user and you want to use Passenger >= 5.0.25, then please upgrade your distribution, or install Passenger from RubyGems/tarball. * Fixes a potential crash due to memory corruption in code for `passenger-config reopen-logs`. * Fixes a potential crash in the large (inbound/outbound) file buffering code. * Fixes a crash that occurs when using Nginx + HTTPS + Sub-requests. Closes GH-1724. * Fixes a crash that occurs when using Nginx + syslog and a logfile for Passenger. Also fixes edge cases where the Nginx logpath would override the Passenger logpath. Closes GH-1514 (again). * [Union Station] Fixes a potential crash due to a wrong limit on snprintf (introduced in 5.0.24 by GH-1633). Closes GH-1744. * [Union Station] Fixes Union Station Node.js request introspection to allow for application.use method chaining. Closes GH-1745. * [Union Station] Fixes information about sinks sometimes missing from `passenger-status --show=union_station`. * [Union Station] When one or more Union Station gateways are suffering from technical difficulties, the Union Station support code now tries more quickly to reestablish the connection. * [Standalone] Don't reject the value 0 (meaning no limit) for `--max-request-queue-size`. Closes GH-1743. * [Standalone] Makes the `--address` option work more reliably if the passed hostname may resolve to multiple addresses. For example, if you pass `--address localhost` then previous versions could fail because Passenger thinks it's an IPv6 address (::1) while Nginx thinks it's an IPv4 address (127.0.0.1). Hostname resolution is now done in a consistent manner. * [Standalone] Adds the `--unlimited-concurrency-path` configuration option. * [Standalone] Adds IPv6 support to the builtin engine. Release 5.0.24 -------------- * Fixes a crash when the new `force_max_concurrent_requests_per_process` option (5.0.22) was used for non-Node.js apps (e.g. Ruby). Closes GH-1720. * Fixes Solaris compilation. This was a regression due to the patch for GH-1643 in 5.0.22. Closes GH-1694, GH-1701. * Logs for [Union Station](https://www.unionstationapp.com) provide more information about request queueing. Closes GH-1633. * Also log HTTP headers to Union Station for HTTP 4xx responses (extends the header logging for HTTP 5xx that was added in 5.0.22) * Fixes cases where compilation failure of (optional) native utils was not reported. * On Ruby, no longer traps SIGEXIT. This fixes erroneously setting `$ERROR_INFO` in `at_exit` callbacks. Closes GH-1730. * Fixes a wrong loop exit condition that could cause a deadlock with 100% CPU usage by Passenger core. Closes GH-1709, GH-1732. * Adds `socket_backlog` option to configure the Passenger Core socket backlog. For use with e.g. "Resource temporarily unavailable while connecting to upstream" errors. Closes GH-1726. * [Nginx] The preferred Nginx version is now 1.8.1 (previously 1.8.0). * [Standalone] Fixes the default value of the `load_shell_envvars` option. It's supposed to be disabled by default, but due to a typo it was enabled by default. Release 5.0.23 -------------- * Fixes the request acceptor error handling timeout. When an error occurs while Passenger is accepting a request (for example, when Passenger has run out of file descriptors), Passenger is supposed to wait for 3 seconds before trying again. Because of a typo, Passenger actually waited 3 milliseconds. * [Enterprise] Fixed a regression in the Passenger Standalone Nginx config template that breaks the Mass Deployment feature. * The mime type for serving static XHTML files is updated. We no longer use the mobile profile, so it is recognized by desktop browsers. Closes GH-1695. * Improves error messages about Ruby native support to indicate the optional nature. Passenger is able to operate even without the native support extension, but that wasn't clear enough to some users, causing them to think of the old messages as errors. * [Standalone, Nginx] When using the new `abort_websockets_on_process_shutdown` configuration option, Passenger waited for the app to close without signaling it that shutdown was in progress. Node.js apps now get a SIGINT. Closes GH-1702. * With friendly error pages off Passenger would still show a trace (referencing only Passenger code) for unusual spawn errors. This has been changed to a generic error message. Closes GH-1704. Release 5.0.22 -------------- * Fixes a header collision vulnerability (CVE-2015-7519, medium severity). Note that this fix involves filtering request headers containing underscores. Please see our blog for detailed vulnerability description and advisory. Thanks to the SUSE security team for reporting this issue. * [Apache] Fixes compatibility with Apache 2.4.17's mod_autoindex. Fix contributed by Eric Covener. Closes GH-1642. * [Standalone] Passenger Standalone now [accepts configuration options from environment variables](https://www.phusionpassenger.com/library/config/standalone/intro.html). This makes using Passenger Standalone significantly easier on Heroku or on systems that follow the 12-factor principle. Closes GH-1661. * [Standalone] The Nginx configuration template has been cleaned up. It is now significantly easier to edit the Nginx configuration template without breaking compatibility with future versions. * [Standalone] The `passenger start` command now performs a sanity check on the internally generated Nginx configuration file and advises you accordingly when there is a problem. * [Standalone] The `passenger status` and `passenger stop` commands now respect Passengerfile.json. Closes GH-1593. * [Standalone] Passenger Standalone on Solaris now properly tails the application log file. * [Standalone] Fixes a problem with Passenger Standalone's builtin engine exiting at startup when run on Solaris. * [Standalone] `passenger start` now accepts the `--envvar` command line option for passing environment variables to the application. * [Standalone] `passenger start` now accepts the `--memory-limit` configuration option. * [Standalone] `passenger start` now accepts the `--max-request-queue-size` configuration option. * [Standalone] `passenger start` now accepts the `--debug-nginx-config` configuration option. This option allows you to view the Nginx configuration file that Passenger Standalone generates internally. * [Standalone, Nginx] Introduces a new configuration option: `abort_websockets_on_process_shutdown`. By default, when Passenger shuts down or restarts an application process, it will abort associated Websocket connections. This option allows you to disable that behavior. Closes GH-1686. * Introduces a new configuration option: `force_max_concurrent_requests_per_process`. This option is mostly useful for making dynamic process scaling work in Node.js and Meteor apps. * Various administration tools, such as `passenger-status`, no longer raise an flock EBADF error on Solaris. Closes GH-1643. * The `passenger-config reopen-logs` command, when used in combination with Passenger Standalone and the Nginx engine, now also instructs Nginx to reopen its log files. Closes GH-1674. * Fixes Passenger erroneously adding a `Content-Length` or `Transfer-Encoding` header to Ruby HTTP 204 No Content responses. Closes GH-1595. * Fixes Union Station logging of Rack response body actions. * The `passenger-config restart-app` command, when given `--ignore-app-not-running`, now properly exits with a zero status when one or more applications are running, but none of them belonging to the invoking user. Closes GH-1655. * The `passenger-config validate-install` command no longer prints false warnings about duplicate Passenger installs on systems that use RBenv. Closes GH-1627. * Fixes race conditions in the automatic building of the Ruby native support extension. Closes GH-1570. * [Enterprise] Fixes compatibility with byebug 7.0. Closes GH-1662. * Support Union Station logging for Node.js applications, with Express/MongoDB automatically supported. * The Ruby Union Station hooks no longer abort with a fatal error when the application does not call the Union Station initializer method during startup. The error is now only logged. * In case of an error response (HTTP 5xx), Union Station logging will also contain request headers. * The Union Station hooks are now more resilient against environment variable problems. Release 5.0.21 -------------- * Properly handles Ruby applications that output the `Content-Length` and `Transfer-Encoding` headers in non-standard casing, e.g. `Content-length`. Closes GH-1517. * Fixes Ruby application loading incompatibilities caused by the use of absolute paths. Closes GH-1596. * Fixes OpenSSL detection problems on OS X 10.11 El Capitan. OS X 10.11 no longer includes OpenSSL headers, so Passenger will suggest and use OpenSSL from Homebrew. Closes GH-1630. * Introduces the [secure HTTP headers](https://www.phusionpassenger.com/library/indepth/meteor/secure_http_headers.html) feature for Node.js and Meteor apps. This mechanism allows Passenger to send per-request information to the application, while guaranteeing that this information is not spoofed by the client. * Per-request Apache environment variables are now passed to Node.js and Meteor apps through the [`!~Passenger-Envvars`](https://www.phusionpassenger.com/library/indepth/nodejs/apache_per_request_envvars.html) secure header. * Fixes some unintentional caching of request-specific environment variables. Closes GH-1479. * For Node.js applications, Passenger now calls `process.emit('message', 'shutdown')` whenever Passenger shuts down an application process. This is the same hook as used by PM2, allowing applications which use the PM2 graceful shutdown mechanism to be run on Passenger without changes. * [Enterprise] Fixes a bug in passenger-irb where printing strings larger than 64 KB would cause it to crash. * [Enterprise] Fixes the `passenger-config restart-app` command so that it performs a non-rolling-restart unless `--rolling-restart` is given as command line option, as per the documentation. Previously, `passenger-config restart-app` without `--rolling-restart` would perform a rolling restart if rolling restarts are configured in the configuration file, but this contradicted documented behavior. Closes GH-1634. Release 5.0.20 -------------- * Fixes memory management bugs in Union Station support. * Improves the error handling in Union Station support. * `passenger-config validate-install` now properly handles CR characters in Apache configuration files. Release 5.0.19 -------------- * Fixes an encoding crash in `passenger-memory-stats` on OS X in case one or more processes are running on the system with names containing UTF-8 characters. Closes GH-1603. * [Ruby] Fixes handling of HTTP 205 responses, which would cause client connections to freeze. * Improves Union Station data collection: more Rack I/O events are now logged. The time taken to write out and to close the Rack response body are now logged. * Improves Union Station data sending: errors are now logged more clearly, and DNS errors are now handled more robustly. * Improves Union Station troubleshooting: errors can now be diagnosed by running `passenger-status --show=union_station`. * Refactors the Union Station Ruby hook code. They have been extracted to external gems. However, they are still bundled with Passenger for ease of use. Release 5.0.18 -------------- * Fixes more memory corruption issues in the palloc subsystem. * Fixes memory corruption issues in the Passenger core that may occur if the application sets many response headers. The issue was caused by an off-by-one bug. Release 5.0.17 -------------- * Adds packages for Ubuntu 15.10 "Wily", even though Ubuntu 15.10 hasn't been released yet. * Fixes some memory corruption issues in the palloc subsystem. Closes GH-1587. * Fixes the Node.js `PhusionPassenger.on('exit')` event. This event worked if you restart the app or detach an application process, but not if you stop Passenger. * Fixes support for `passenger_pre_start` URLs that contain very long authentication strings. This was caused by the fact that our Base64 encoder generated unexpected newlines. * [Standalone] Improves application prestarting. Application prestarting is now available in combination with the 'builtin' engine, and now works when SSL is used. Release 5.0.16 -------------- * Allows independent configuration of Union Station gateway address, port and certificate. Closes GH-1543. * Supports seek() such that body.rewind works when using Rack middleware that uses Zlib::GzipReader (e.g. for compressed requests). Closes GH-1553. * [Apache] Improves detection of Apache configuration file problems. Closes GH-1577. * [Enterprise] Fixes installation of the Passenger Enterprise Apache module on Debian Testing. * Fixes logging of HTTP response code for Union Station. This regression was introduced by Passenger 5. Closes GH-1581. * Adds a new subcommand `passenger-config about support-binaries-dir`. * Fixes a regression in the Node.js loader with regard to custom startup files. This bug was introduced in 5.0.14. Closes GH-1557 (again). * Fixes a crash when a Ruby application is accessed through a sub-URI and a root virtual host at the same time. Release 5.0.15 -------------- * Support SHA256 digests for the Rails asset pipeline, as used by Sprockets 3.x. * Support for JRuby 9.0.0.0. Closes GH-1562. * Fixes some bugs in Union Station support, which causes some data (such as controller information and exceptions) to not be logged. * The old Users Guides have been deprecated in favor of the [Passenger Library](https://www.phusionpassenger.com/library/). The Users Guides now redirect to appropriate sections in the Passenger Library. Release 5.0.14 -------------- * [Standalone] Relative path handling has been improved. In previous versions, relative paths were not handled in a consistent manner. Relative paths are now handled consistently according to the following rules: - If a relative path is given via a command line option, then it is relative to the current working directory. - If a relative path is given via Passengerfile.json, then it is relative to Passengerfile.json. Closes GH-1557. * [Standalone] The `--disable-turbocaching` now works with the Nginx engine. Release 5.0.13 -------------- * The `passenger-config restart-app` command now supports the option `--ignore-passenger-not-running`. If this option is given, the command will exit normally instead of exiting with an error, if Passenger is not running. This option is useful in deployments involving Passenger Standalone. In an initial deployment, Passenger Standalone may not yet be running. Passing this option allows you to ignore that issue. * SELinux policy issues in the RPMs have been fixed. * [Apache] `passenger-config reopen-logs` didn't work on Apache unless you explicitly set `PassengerLogFile`. This has now been fixed. * [Standalone] Due to some internal refactorings, the Passenger Standalone Nginx configuration template has changed. If you used a custom Nginx configuration template, please merge our latest changes into it. Release 5.0.12 -------------- * [Enterprise] Fixed passenger-irb. It was broken in 5.0.10 because of the change that made using admin commands without sudo possible. Release 5.0.11 -------------- * In 5.0.10, admin tools such as `passenger-status` and `passenger-config restart-app` display an authorization error if they are run without sudo, while at the same time Passenger isn't serving any applications. Since this is confusing, they have now been modified to display a more appropriate error message. * Fixes a bug in the RPMs that prevent admin tools such as `passenger-status` and `passenger-config restart-app` from working when they are invoked without root privileges. * Fixes a bug on OS X that prevent admin tools such as `passenger-status` and `passenger-config restart-app` from detecting Passenger instance directories when they are invoked without root privileges. Closes GH-1535. * Fixes a bug that causes Passenger not to work if the HOME environment variable is not set. * Fixes compatibility with non-Rails Ruby apps that require the actionview gem. Closes GH-1547. * Fixes some non-fatal "permission denied" error that may occasionally occur if user switching is turned off. Closes GH-1541. * Relative values for the `pid_file` and `log_file` options in Passengerfile.json are now supported. * If Passengerfile.json contains a syntax error, Passenger Standalone now correctly prints an error message instead of crashing. * Sending a SIGABRT signal to a Ruby process now properly makes it terminate. * The `passenger-config restart-app` command now accepts `.` as parameter, which it will interpreter as "restart the app in the current working directory". Closes GH-1386. * [Apache] Setting `PassengerLogLevel` no longer redirects Apache's own stderr to that log file. Closes GH-1373. * [Standalone] Passenger Standalone's Nginx engine now includes the RealIP module. Closes GH-1389. * [Standalone] The `--max-preloader-idle-time` option has been added. Release 5.0.10 -------------- * It is now possible to run `passenger-status`, `passenger-config restart-app` and other admin commands without using sudo. When run without sudo, these admin commands will allow you to operate on apps and processes that are owned by the user that invoked the admin command. Closes GH-1392. * Fixes a crash introduces in 5.0.9 due to not properly initializing a variable. Closes GH-1530. * The `passenger-config reopen-logs` command now works by instructing the Watchdog process to reopen the log file, while instructing the other Passenger processes to re-inherit the log file from the Watchdog instead of trying to reopen the log file on their own. This makes log file reopening more robust. Closes GH-1452. * `passenger-config restart-app` no longer leaves the terminal in a state with black background. Closes GH-1526. * `passenger-config admin-command` has been renamed to `passenger-config api-call` in order to avoid confusion with any potential admin interfaces that we will introduce in the future. * If Union Station support is enabled, process and system metrics weren't being sent correctly to Union Station. This has been fixed. * [Enterprise] Fixes the fact that the Passenger Enterprise RPM didn't correctly set SELinux permissions on its own files. * [Apache] passenger-install-apache2-module no longer aborts with an error if the Apache configuration file contains errors. Closes GH-1525. * [Apache] Fixes a typo that would cause passenger-install-apache2-module to crash on Red Hat and CentOS systems on which the SELinux command line tools are not installed. Closes GH-1527. Release 5.0.9 ------------- * The casing of original headers as generated by the application are now preserved, instead of being downcased. This fixes compatibility issues with broken HTTP clients. Closes GH-1436. * Internal refactoring: we've replaced libeio with libuv. This makes some of our code simpler. Closes GH-1428. * When the passenger-status tool tries to cleanup a stale instance directory, it will no longer abort with an error when it fails to do that. It will now merely print a warning. Fixes [StackOverflow question 30354732](http://stackoverflow.com/questions/30354732/cap-aborted-capistrano-aborts-rails-deploy-while-attempting-to-chown-tmp-p/30357100#30357100). * Fixes compilation problems on Solaris. * The Ruby handler has been made more robust. Previously, it was possible for applications to corrupt connections by returning incorrect Rack responses. This may cause connections to get stuck. The Rack handler has been hardened to ensure that connections will never get corrupted or stuck. Closes GH-1512. * The Ruby handler now closes the Rack response body even when the socket connection is hijacked by the application. The Rack specification is unclear about what to do in this case, and different Ruby app servers do different things. We have found that by closing the body object anyway, we maximize compatibility with existing Rack middlewares and apps, such as Rack::Lock. Background information about this issue can be found at https://github.com/ngauthier/tubesock/issues/10#issuecomment-72539461. * Fixes a crash that could occur if some HTTP request headers are present, but have the empty value. Closes GH-1524. * Fixes a permission problem that prevents the web server from communicating with Passenger when user switching is off. Closes GH-1520. * Fixes a few small one-time memory leaks in the Passenger agent. This wraps up the workitems discovered in valgrind runs on earlier versions. * Fixes use of uninitialized metrics. This could happen for a brief moment after spawning. * [Apache] If you pass the `--apxs2-path` parameter to `passenger-install-apache2-module`, and the apxs2 path that you specified is not in PATH, then the installer would think that Apache installation is broken. This has been fixed. * [Apache] A `Connection: close` header that was used for internal communication between Passenger processes was being leaked to the client, which breaks HTTP keep-alive connections. This has been fixed. Closes GH-1516. * [Nginx] The preferred Nginx version is now 1.8.0. It was previously 1.6.3. * [Nginx] Passenger now passes to the application the raw URI as sent by the client, as long as Nginx didn't modify the URI (e.g. as part of rewrite rules). This means that escaped slashes (%2F) in the URI now work correctly and out-of-the-box as long as there are no applicable rewrite rules. * [Nginx] Fixes that crash that would occur if Nginx is configured to log to syslog. And to prevent log messages from disappearing into a black hole, Passenger will now ask you to set `passenger_log_file` if Nginx is configured to log to syslog. Closes GH-1514. * [Standalone] Prevents an existing instance from being shut down if starting a new instance fails. Release 5.0.8 ------------- * We now supply Debian 8 and Ubuntu 15.04 packages. Closes GH-1494 and GH-1400. * We now supply Red Hat 6, Red Hat 7, CentOS 6 and CentOS 7 packages. * We no longer supply Ubuntu 10.04 packages because Ubuntu 10.04 is no longer supported by Canonical. * Fixes a Passenger crash (SIGSEGV) that occurs occasionally when out-of-band garbage collection is enabled. Closes GH-1469. * Fixes a Passenger crash (SIGSEGV) that occurs occasionally with redirects to relative URLs. Closes GH-1513. * Fixes cases when Passenger shuts down more processes than is allowed by the `min_instances` limit. Closes GH-1500. * Fixes "Bad Gateway" errors that would occur when an application sets the X-Sendfile or X-Accel-Redirect header, together with a non-empty response body. Closes GH-1498. * Fixes the fact that Passenger agent processes don't lower their privilege when user switching is turned off. * Fixes autodetection of Apache on Gentoo. Closes GH-1510. * Fixes compilation problems on Solaris. Closes GH-1508. * [Standalone] Adds the `--pool-idle-time` command line parameter. * [Standalone] Adds the `--auto` command line parameter for running non-interactively. This supresses prompts. Closes GH-1511. Release 5.0.7 ------------- * Supports changed way of specifying settings for (non-bundled) Meteor apps. Closes GH-1403. * Fixes an integer-to-string conversion bug in the code responsible for buffering chunked request bodies. This bug could cause the PassengerAgent to crash due to an exception. Thanks to Marcus Rückert of SUSE for reporting this. * Request-specific environment variables are no longer cached. This fixes a number of issues, such as Shibboleth not working properly and conflicts between HTTPS and non-HTTPS virtual hosts. Closes GH-1472. * Fixes a memory corruption bug that would be triggered when using `passenger_base_uri`. The memory corruption bug resided in the code for resolving symlinks. Closes GH-1388. * Re-introduced signal catchers during shutdown, to allow clean shutdown in Foreman. Closes GH-1454. * `passenger-status --show=xml` no longer outputs the non-XML header by default. This fixes a regression as reported in a comment in GH-1136. * Passenger now prefers to load Rack and Bundler from RubyGems instead of from `vendor_ruby`. This solves some issues with Rack and Bundler on Debian systems. Closes GH-1480 and GH-1478. * The turbocache no longer caches responses that contain the `X-Sendfile` or the `X-Accel-Redirect` header. * The preferred Nginx version has been upgraded to 1.6.3. * The logging agent no longer aborts with an error if one of the Passenger root directory's parent directories is not world-executable. Closes GH-1487. * [Standalone] It is now possible to configure the Ruby, Node.js and Python executable to use in Passenger Standalone through the command line options --ruby, --nodejs and --python. Closes GH-1442. * [Standalone] Running `passenger start --engine=builtin --daemonize` would fail with a timeout error. This has been fixed. * [Standalone] Running `passenger start --nginx-version=XXX` would crash. This has been fixed. Closes GH-1490. * [Apache] Fixed some issues with X-Sendfile. Closes GH-1376. * [Apache] If the installer fails to autodetect Apache while the installer is running as a normal user, it will now ask you to give it root privileges. Closes GH-1289. * [Apache] The installer now validates your Apache configuration file to check for common problems. The validator can also be accessed separately by running `passenger-config validate-install --validate-apache2`. * [Nginx] Introduces the `passenger_read_timeout` option for rare cases when server needs more than the default 10 minute timeout. Contributed by pkmiec. Closes [GH-PR-34](https://github.com/phusion/passenger/pull/34). * [Nginx] The Nginx module now looks for index.html if the path ends in / so that it works intuitively, without needing to use try_files. * Fixes wrong memory address display in crash dumps. Thanks to thoughtpolice for pointing it out. * Fixes an ugly backtrace that would be shown if an invalid request is made to an application process using the private HTTP interface. Contributed by jbergler. Closes GH-1311. * Various documentation improvements. Closes [GH-PR-1332](https://github.com/phusion/passenger/pull/1332), [GH-PR-1354](https://github.com/phusion/passenger/pull/1354), [GH-PR-1216](https://github.com/phusion/passenger/pull/1216), [GH-PR-1385](https://github.com/phusion/passenger/pull/1385), [GH-PR-1302](https://github.com/phusion/passenger/pull/1302). Release 5.0.6 ------------- * The turbocache no longer caches responses for which the Cache-Control header contains "no-cache". Please note that "no-cache" does not mean "do not cache this response". Instead, it means "any caching servers may only serve the cached response after validating it". Since the turbocache does not support validation, we've chosen to skip caching instead. Coincidentally, this change "fixes" problems with applications that erroneously use "no-cache" as a flag for "do not cache this response". What these applications should actually use is "no-store". We recommend the developers of such applications to change their caching headers in this manner, because even if Passenger doesn't unintentionally cache the response, any intermediate proxies that visitors are behind may still cache the response. * Fixes a number of memory leaks. Memory was leaked upon processing a request with multiple headers, upon processing a response with multiple headers, and upon processing a response with Set-Cookie headers. Every time such a request or response was processed, 512 bytes of memory was leaked due to improperly dereferencing relevant memory buffers. Closes GH-1455. * Fixes various bugs related to Union Station data collection. Union Station is our upcoming application analytics and performance monitoring SaaS platform. It is opt-in: no data is collected unless you turn the feature on. * Fixes a Union Station-related file descriptor leak. Closes GH-1439. * Fixes some bugs w.r.t. use of uninitialized memory. * More informative error message if a support binary is not found, including a resolution hint. Closes GH-1395. * [Apache] `SetEnv` variables are now passed as Rack/CGI/request variables. This was also the case in Passenger 4, but not in Passenger 5.0.0-5.0.5. We've restored the old behavior because the behavior in 5.0.0-5.0.5 breaks certain Apache modules such as Shibboleth. Closes GH-1446. * [Standalone] PID and log files now correctly created if user specifies relative path. Release 5.0.5 ------------- * Fixes various crashes due to use of uninitialized memory. One such crash is documented in GH-1431. * Fixes a connection stall in the Apache module. Closes GH-1425. * Fixes a potential read-past-buffer bug in string-to-integer conversion routines. Thanks to dcb314 for spotting this. Closes GH-1441. * Fixes a compilation problem on Solaris. This problem was caused by the fact that `tm_gmtoff` is not supported on that platform. Closes GH-1435. * There is now an API endpoint for force disconnecting a client: `passenger-config admin-command DELETE /server/.json`. Closes GH-1246. * Fixes some file descriptor leaks. These leaks were caused by the fact that keep-alive connections with application processes were not being closed properly. Closes GH-1439. * In order to more easily debug future file descriptor leaks, we've introduced the `PassengerFileDescriptorLogFile` (Apache) and `passenger_file_descriptor_log_file` (Nginx) config options. This allows Passenger to log all file descriptor open/close activity to a specific log file. * The `PassengerDebugLogFile` (Apache) and `passenger_debug_log_file` (Nginx) configuration options have been renamed to `PassengerLogFile` and `passenger_log_file`, respectively. The old name is support supported for backward compatibility reasons. * [Enterprise] Fixes a bug in Flying Passenger's `--instance-registry-dir` command line parameter. This command line parameter didn't do anything. * [Enterprise] The Flying Passenger daemon no longer supports the `--max-preloader-idle-time` config option. This is because the config option never worked. The correct way to set the max preloader idle time is through the Nginx config option, but this was wrongly documented, so the documentation has been fixed. Release 5.0.4 ------------- * Fixes a compilation problem introduced in 5.0.3. Release 5.0.3 ------------- * [Standalone] When using the builtin engine, `passenger start` may crash during startup due to an initialization race condition. This has been fixed. * [Enterprise] Fixes a bug in passenger-irb. Running passenger-irb without a PID parameter worked, but running it with a PID parameter didn't. * Fixes an integer overflow that resulted in a file descriptor leak and stalled client connections. Closes GH-1412. * Truncates Passenger source code paths in logs (to 3 chars) to reduce redundant info. Closes GH-1383. * Fixes invalid JSON output for non-finite double values (e.g. from the HTTP JSON API). Closes GH-1408. * All hooks now set the `PASSENGER_HOOK_NAME` environment variable. This variable is set to the name of the hook that is being called. * The Ruby handler no longer tries to call #force_encoding on response body strings, which fixes an incompatibility with apps/libraries that return frozen body strings. Closes GH-1414. * If the Ruby handler crashes while processing a Rack response body, it will now no longer stall the connection. * Fixes env.SERVER_PORT containing 80 instead of 443 when using https on default port. Closes GH-1421. * We now handle errors in the `poll()` system call better. This might fix some crashes during shutdown which manifest on FreeBSD. Release 5.0.2 ------------- * Fixes a connection freeze that could occur when processing large responses. This would manifest itself under the error message "This website is under heavy load" or "Request queue is full, returning an error". Closes GH-1404. * Debian and Ubuntu packages have been reintroduced. * When `passenger-config restart-app` is run interactively, if Passenger is not serving any applications, then the command now prints an error message instead of showing a menu with only a "Cancel" option. * Fixes a compilation problem on FreeBSD 10 (contributed by: clemensg). Closes GH-1401. * [Standalone] Fixes a crash that would occur if you use the `--ctl` parameter. * [Enterprise] The `--max-request-time` option has been added to Passenger Standalone. * [Enterprise] The `max_request_time_reached` hook has been introduced. This hook allows you to run diagnostics on a process that that took too long to respond to a request. Release 5.0.1 ------------- * The `passenger-config restart-app` command is now more user friendly. When run in a terminal, it will show an interactive menu, allowing you to select the app to restart. Closes GH-1387. * Fixed a crash bug in the handling of sticky session cookies. * Log failed program in error message, not its command line (contributed by: paisleyrob). Closes GH-1397. * [Nginx] Fixes cases in which Passenger overrides the Nginx handler function even when it shouldn't, for example when Passenger is disabled. Closes GH-1393. * [Enterprise] The `sticky_sessions` and `envvars` options in Passengerfile.json is now also supported in mass deployment mode. Release 5.0.0 release candidate 2 --------------------------------- * Fixes an installation problem with the Ruby gem due to incorrect Makefile generation. Closes GH-1382. * More helpful message when request queue is full. Closes GH-1375. Release 5.0.0 release candidate 1 --------------------------------- * Fixed Date headers not being formatted in the GMT timezone. Closes GH-1367. * Fixed Passengerfile.json/passenger-standalone.json not being properly loaded in Passenger Standalone. * Fixed support for sticky sessions. * Fixed an infinite loop if the ApplicationPool garbage collector fails due to an exception. Closes GH-1360. * Fixed Passenger Standalone exiting prematurely when the HelperAgent crashes. Exiting prematurely is not supposed to happen because the watchdog will restart the HelperAgent. Closes GH-1339. * Fixed a crash that occurs when using a non-standard startup file value. Closes GH-1378. * When dumping system metrics during error page generation, the `passenger-config` command is now invoked under the same Ruby interpreter as the app, instead of the one in PATH. Closes GH-1381. * When a Ruby process crashes due to an uncaught exception, this fact is now properly logged. * Specifying 0 for the `max_pool_size` config option no longer results in a crash. Closes GH-1334. * The timeouts when downloading Passenger Standalone binaries and source files are now customizable. Closes GH-1295. * The `envvars` option is now supported in Passengerfile.json, for passing environment variables to the application. Closes GH-1377. * Introduced `hook_queue_full_error` for request queue overflows. Closes GH-1358. * [Ruby] Fixed handling of "transfer-encoding chunked" response bodies which contain zero-sized chunks. * [Nginx] It is no longer necessary to re-specify `passenger_enabled` in `location` contexts. Closes GH-1338. * [Enterprise] Fixed a bug in mass deployment reloading. * [Enterprise] Fixed a bug in mass deployment daemonization. * [Enterprise] Fixed passenger-irb. Closes GH-1350. * [Enterprise] The mass deployment mode now supports the `app_type` and `startup_file` configuration options in Passengerfile.json/passenger-standalone.json. Closes GH-1366. Release 5.0.0 beta 3 -------------------- * The turbocache has received major updates and fixes based on excellent feedback Chris Heald and the community. First, several bugs w.r.t. the handling of caching headers have been fixed. Second, the turbocache has become slightly more conservative for security reasons. In previous versions, default cacheable responses (as defined by RFC 7234) were cached unless caching headers tell us not to. Now, default cacheable responses are only cached if caching headers explicitly tell us to. This change was introduced because there are many applications that set incorrect caching headers on private responses. This new behavior is currently not configurable, but there are plans to make it configurable in 5.0.0 release candidate 1. * Introduced a new configuration option, `passenger_response_buffer_high_watermark` (Nginx) and `PassengerResponseBufferHighWatermark` (Apache), for configuring the behavior of the response buffering system. Closes GH-1300. * Fixed more cookie handling issues. Closes GH-1310. * Fixed various WebSocket issues. Closes GH-1306. * Fixed some crashes caused by race conditions. Closes GH-1326. * Fixed issues with handling POST data. Closes GH-1331. * Fixed some issues on Heroku. Closes GH-1329. * Fixed some integer overflows. Fix contributed by Go Maeda. Closes GH-1357. * Fixed the `passenger-status --show=union_station` command. Closes GH-1336. * Nginx versions earlier than 1.6 are no longer supported. * Improved state introspection. Release 5.0.0 beta 2 -------------------- * Fixed handling of multiple Set-Cookie headers. Closes GH-1296. * `passenger-config system-metrics` now works properly if the agent is installed in ~/.passenger. Closes GH-1304. * Documentation enhancements by Igor Vuk. Closes GH-1318. * Fixed some crasher bugs. * [Standalone] User switching is now correctly disabled. * [Standalone] Fixed the `--thread-count` parameter. * [Apache] IPs set by mod_remoteip are now respected. Closes GH-1284. * [Apache] Fixed support for gzipped chunked responses. Closes GH-1309. Release 5.0.0 beta 1 -------------------- Version 5.0.0 beta 1 contains major changes. It's mostly compatible with version 4, but there are a few minor breakages, which are described below. Major changes and notable breakages are: * Performance has been much improved. This is thanks to months of optimization work. You can learn more at www.rubyraptor.org. * We've published a [server optimization guide](https://www.phusionpassenger.com/documentation/ServerOptimizationGuide.html) for those who are interested in tuning Phusion Passenger. * Support for Rails 1.2 - 2.2 has been removed, for performance reasons. Rails 2.3 is still supported. * Phusion Passenger now supports integrated HTTP caching, which we call turbocaching. If your app sets the right HTTP headers then Phusion Passenger can tremendously accelerate your app. It is enabled by default, but you can disable it with `--disable-turbocaching` (Standalone), `PassengerTurbocaching off` (Apache), or 'passenger_turbocaching off' (Nginx). * Touching restart.txt will no longer restart your app immediately. This is because, for performance reasons, the stat throttle rate now defaults to 10. You can still get back the old behavior by setting `PassengerStatThrottleRate 0` (Apache) or `passenger_stat_throttle_rate 0` (Nginx), but this is not encouraged. Instead, we encourage you to use the `passenger-config restart-app` tool to initiate restarts, which has immediate effect. * Websockets are now properly disconnected on application restarts. * The Phusion Passneger log levels have been completely revamped. If you were setting a log level before (e.g. through `passenger_log_level`), please read the latest documentation to learn about the new log levels. * If you use out-of-band garbage collection, beware that the `X-Passenger-Request-OOB-Work` header has now been renamed to `!~Request-OOB-Work`. * When using Rack's full socket hijacking, you must now output an HTTP status line. * [Nginx] The `passenger_set_cgi_param` option has been removed and replaced by `passenger_set_header` and `passenger_env_var`. * [Nginx] `passenger_show_version_in_header` is now only valid in the `http` context. * [Apache] The `PassengerStatThrottleRate` option is now global. Minor changes: * The minimum required Nginx version is now 1.6.0. * The instance directory is now touched every hour instead of every 6 hours. This should hopefully prevent more problems with /tmp cleaner daemons. * Applications are not grouped not only on the application root path, but also on the environment. For example, this allows you to run the same app in both production and staging mode, with only a single directory, without further configuration. Closes GH-664. * The `passenger_temp_dir` option (Nginx) and the `PassengerTempDir` option (Apache) have been replaced by two config options. On Nginx they are `passenger_instance_registry_dir` and `passenger_data_buffer_dir`. On Apache they are `PassengerInstanceRegistryDir` and `PassengerDataBufferDir`. On Apache, `PassengerUploadBufferDir` has been replaced by `PassengerDataBufferDir`. * Command line tools no longer respect the `PASSENGER_TEMP_DIR` environment variable. Use `PASSENGER_INSTANCE_REGISTRY_DIR` instead. * `passenger-status --show=requests` has been deprecated in favor of `passenger-status --show=connections`. * Using the SIGUSR1 signal to restart a Ruby app without dropping connections, is no longer supported. Instead, use `passenger-config detach-process`. * Introduced the `passenger-config reopen-logs` command, which instructs all Phusion Passenger agent processes to reopen their log files. You should call this after having rotated the web server logs. * [Standalone] The Phusion Passenger Standalone config template has changed. Users are encouraged to update it. * [Standalone] `passenger-standalone.json` has been renamed to `Passengerfile.json`. * [Standalone] `passenger-standalone.json`/`Passengerfile.json` no longer overrides command line options. Instead, command line options now have the highest priority. Release 4.0.60 -------------- Note that 4.0.60 is a source-only maintenance release. There will not be any binaries, Debian or RPM packages for this release. * Adds OS X El Capitan support. * Updates preferred Nginx version from 1.6.2 to 1.6.3. * Fixes a header collision vulnerability (CVE-2015-7519, medium severity). Please see our blog for detailed vulnerability description and advisory. Thanks to the SUSE security team for reporting this issue. * Fixes the password protection of internal Phusion Passenger processes. For security reasons, Phusion Passenger limits access to internal processes, by using Unix file permissions and randomly generated passwords that only authorized internal processes know. It turns out that this password wasn't set correctly, which has now been fixed. There was no security vulnerability, because the file permissions already provide sufficient security. The password only serves as an extra layer of security just in case there is a problem with the former. This issue is not at all related to any application-level security or application-level passwords. Any database passwords, keys, or secrets used and generated by applications have got nothing to do with the nature of this issue. This issue only relates to some randomly generated passwords that Passenger uses internally, for its internal operations. Release 4.0.59 -------------- * [Enterprise] Fixed support for free-style Node.js apps. Release 4.0.58 -------------- * [Enterprise] Fixed a bug in the Debian packages which caused Flying Passenger to break when used with non-system Rubies. * The Debian packages no longer require Ruby 1.9. Closes GH-1353. Release 4.0.57 -------------- * Fixed a native extension compatibility problem with Ruby 2.2. Closes [ruby-core:67152](https://bugs.ruby-lang.org/issues/10656). * Fixed compatibility with Nginx 1.7.9. Closes GH-1335. Release 4.0.56 -------------- * Fixed a file descriptor leak that manifests when an error page is shown. Contributed by Paul Bonaud, closes GH-1325. * Improved Node.js request load balancing. Closes GH-1322. Thanks to Charles Vallières for the analysis. Release 4.0.55 -------------- * Supports Ruby 2.2. Closes GH-1314. * Fixed Linux OS name detection. Release 4.0.54 -------------- * Contains a licensing-related hot fix for Enterprise customers. Release 4.0.53 -------------- * Upgraded the preferred Nginx version to 1.6.2. * Improved RVM gemset autodetection. * Fixed some Ruby 2.2 compatibility issues. Release 4.0.52 -------------- * Fixed a null termination bug when autodetecting application types. * Node.js apps can now also trigger the inverse port binding mechanism by passing `'/passenger'` as argument. This was introduced in order to be able to support the Hapi.js framework. Please read http://stackoverflow.com/questions/20645231/phusion-passenger-error-http-server-listen-was-called-more-than-once/20645549 for more information regarding Hapi.js support. * It is now possible to abort Node.js WebSocket connections upon application restart. Please refer to https://github.com/phusion/passenger/wiki/Phusion-Passenger:-Node.js-tutorial#restarting_apps_that_serve_long_running_connections for more information. Closes GH-1200. * Passenger Standalone no longer automatically resolves symlinks in its paths. * `passenger-config system-metrics` no longer crashes when the system clock is set to a time in the past. Closes GH-1276. * `passenger-status`, `passenger-memory-stats`, `passenger-install-apache2-module` and `passenger-install-nginx-module` no longer output ANSI color codes by default when STDOUT is not a TTY. Closes GH-487. * `passenger-install-nginx-module --auto` is now all that's necessary to make it fully non-interactive. It is no longer necessary to provide all the answers through command line parameters. Closes GH-852. * Minor contribution by Alessandro Lenzen. Release 4.0.50 -------------- * Fixed a potential heap corruption bug. * Added Union Station support for Rails 4.1. Release 4.0.49 -------------- * Upgraded the preferred Nginx version to 1.6.1. * Fixed a crash that may be triggered by the `passenger_max_requests` feature. * Introduced the `spawn_failed` hook, which is called when an application process fails to spawn. You could use this hook to setup an error notification system. Closes GH-1252. * Fonts, RSS and XML are now gzip-compressed by default in Phusion Passenger Standalone. Thanks to Jacob Elder. Closes GH-1254. * Fixed some user and group information lookup issues. Closes GH-1253. * Fixed some request handling crashes. Closes GH-1250. * Fixed some compilation problems on Gentoo. Closes GH-1261. * Fixed some compilation problems on Solaris. Closes GH-1260. Release 4.0.48 -------------- * Fixed a race condition while determining what user an application should be executed as. This bug could lead to applications being run as the wrong user. Closes GH-1241. * [Standalone] Improved autodetection of Rails asset pipeline files. This prevents Standalone from incorrectly setting caching headers on non-asset pipeline files. Closes GH-1225. * Fixed compilation problems on CentOS 5. Thanks to J. Smith. Closes GH-1247. * Fixed compilation problems on OpenBSD. * Fixed compatibility with Ruby 1.8.5. Release 4.0.47 -------------- * [Enterprise] Fixed a bug in Flying Passenger's `--max-preloader-idle-time` option. Release 4.0.46 -------------- * Further improved Node.js and Socket.io compatibility. * Sticky session cookies have been made more reliable. * Fixed WebSocket upgrade issues on Firefox. Closes GH-1232. * The Python application loader now inserts the application root into `sys.path`. The fact that this was not done previously caused a lot of confusion amongst Python users, who wondered why their `passenger_wsgi.py` could not import any modules from the same directory. * Fixed a compatibility problem with Django, which could cause Django apps to freeze indefinitely. Closes GH-1215. * Logging of application spawning errors has been much improved. Full details about the error, such as environment variables, are saved to a private log file. In the past, these details were only viewable in the browser. This change also fixes a bug on Phusion Passenger Enterprise, where enabling Deployment Error Resistance causes error messages to get lost. Closes GH-1021 and GH-1175. * Fixed a regression in Node.js support. When a Node.js app is deployed on a HTTPS host, the `X-Forwarded-Proto` header wasn't set in 4.0.45. Closes GH-1231. * Passenger Standalone no longer, by default, loads shell startup files before loading the application. This is because Passenger Standalone is often invoked from the shell anyway. Indeed, loading shell startup files again can interfere with any environment variables already set in the invoking shell. You can still tell Passenger Standalone to load shell startup files by passing `--load-shell-envvars`. Passenger for Apache and Passenger for Nginx still load shell startup files by default. * Passenger Standalone now works properly when the HOME environment variable isn't set. Closes GH-713. * Passenger Standalone's `package-runtime` command has been removed. It has been broken for a while and has nowadays been obsolete by our automatic [binary generation system](https://github.com/phusion/passenger_autobuilder). Closes GH-1133. * The `passenger_startup_file` option now also works on Python apps. Closes GH-1233. * If you are a [Union Station](https://www.unionstationapp.com) customer, then Phusion Passenger will now also log application spawning errors to Union Station. This data isn't shown in the Union Station interface yet, but it will be implemented in the future. * Fixed compilation problems on OmniOS and OpenIndiana. Closes GH-1212. * Fixed compilation problems when Nginx is configured with OpenResty. Thanks to Yichun Zhang. Closes GH-1226. * Fixed Nginx HTTP POST failures on ARM platforms. Thanks to nocelic for the fix. Closes GH-1151. * Documentation contributions by Tim Bishop and Tugdual de Kerviler. * Minor Nginx bug fix by Feng Gu. Closes GH-1235. Release 4.0.45 -------------- * Major improvements in Node.js and Meteor compatibility. Older Phusion Passenger versions implemented Node.js support by emulating Node.js' HTTP library. This approach was found to be unsustainable, so we've abandoned that approach and replaced it with a much simpler approach that does not involve emulating the HTTP library. * Introduced support for sticky sessions. Sticky sessions are useful -- or even required -- for apps that store state inside process memory. Prominent examples include SockJS, Socket.io, faye-websocket and Meteor. Sticky sessions are required to make the aforementioned examples work in multi-process scenarios. By introducing sticky sessions support, we've much improved WebSocket support and support for the aforementioned libraries and frameworks. * Due to user demand, GET requests with request bodies are once again supported. Support for these kinds of requests was removed in 4.0.42 in an attempt to increase the strictness and robustness of our request handling code. It has been determined that GET requests with request bodies can be adequately supported without degrading robustness in Phusion Passenger. However, GET requests with both request bodies and WebSocket upgrade headers are unsupported. Fixes issue #1092. * [Enterprise] The [Flying Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#flying_passenger) feature is now also available on Apache. * Fixed some issues with RVM mixed mode support, issue #1121. * Fixed Passenger Standalone complaining about not finding PassengerHelperAgent during startup. * Fixed various minor issues such as #1190 and #1197. * The download timeout for passenger-install-nginx-module has been increased. Patch by 亀田 義裕. Release 4.0.44 -------------- * The issue tracker has now been moved from Google Code to Github. Before version 4.0.44 (May 29 2014, commit 3dd0964c9f4), all issue numbers referred to Google Code. From now on, all issue numbers will refer to Github Issues. * Fixed compilation problems on OS X Lion and OS X Mountain Lion. * On Ruby, fixed `nil` being frozen on accident in some cases. See issue #1192. Release 4.0.43 -------------- * Introduced a new command `passenger-config list-instances`, which prints all running Phusion Passenger instances. * Introduced a new command `passenger-config system-metrics, which displays metrics about the system such as the total CPU and memory usage. * Fixed some compilation problems caused by the compiler capability autodetector. * System metrics such as total CPU usage and memory usage, are now sent to [Union Station](https://www.unionstationapp.com) in preparation for future features. Release 4.0.42 -------------- * [Nginx] Upgraded the preferred Nginx version to 1.6.0. * [Nginx] Fixed compatibility with Nginx 1.7.0. * [Standalone] The MIME type for .woff files has been changed to application/font-woff. Fixes issue #1071. * There are now APT packages for Ubuntu 14.04. At the same time, packages for Ubuntu 13.10 have been abandoned. * Introduced a new command, `passenger-config build-native-support`, for ensuring that the native_support library for the current Ruby interpreter is built. This is useful in system provisioning scripts. * For security reasons, friendly error pages (those black/purple pages that shows the error message, backtrace and environment variable dump when an application fails to start) are now disabled by default when the application environment is set to 'staging' or 'production'. Fixes issue #1063. * Fixed some compilation warnings on Ubuntu 14.04. * Fixed some compatibility problems with Rake 10.2.0 and later. See [Rake issue 274](https://github.com/jimweirich/rake/issues/274). * Improved error handling in [Union Station](https://www.unionstationapp.com) support. * Data is now sent to Union Station on a more frequent basis, in order to make new data show up more quickly. * Information about the code revision is now sent to Union Station, which will be used in the upcoming deployment tracking feature in Union Station 2. Release 4.0.41 -------------- * Fixed some issues with printing UTF-8 log files on Heroku. * Added a new flag `--ignore-app-not-running` to `passenger-config restart-app`. When this flag is given, `passenger-config restart-app` will exit successfully when the specified application is not running, instead of exiting with an error. * Our precompiled Passenger Standalone binaries have been upgraded to use OpenSSL 1.0.1g, which fixes [the OpenSSL Heartbleed vulnerability](http://heartbleed.com/). Users who are using Passenger Standalone with SSL enabled are vulnerable, and should upgrade immediately. Users who do not use Passenger Standalone, users who use Passenger Standalone without SSL, or users who use Passenger Standalone with SSL behind another SSL-enabled reverse proxy, are not vulnerable. Release 4.0.40 -------------- * Upgraded preferred Nginx version to 1.4.7. This Nginx version fixes a buffer overflow. Users are strongly urged to upgrade Nginx as soon as possible. Release 4.0.39 -------------- * Fixed a crash that could happen if the client disconnects while a chunked response is being sent. Fixes issue #1062. * In Phusion Passenger Standalone, it is now possible to customize the Nginx configuration file on Heroku. It is now also possible to permanently apply changes to the Nginx configuration file, surviving upgrades. Please refer to the "Advanced configuration" section of the Phusion Passenger Standalone manual for more information. * The programming language selection menu in passenger-install-apache2-module and passenger-install-nginx-module only works on terminals that support UTF-8 and that have a UTF-8 capable font. To cater to users who cannot meet these requirements (e.g. PuTTY users using any of the default Windows fonts), it is now possible to switch the menu to a plain text mode by pressing '!'. Fixes issue #1066. * Fixed printing UTF-8 characters in log files in Phusion Passenger Standalone. * It is now possible to dump live backtraces of Python apps through the 'SIGABRT' signal. * Fixed closing of file descriptors on OS X 10.9. * Fixed compilation problems with Apple Clang 503.0.38 on OS X. * Fixed compilation of native_support on Rubinius. Release 4.0.38 -------------- * Added support for the new Ruby 2.1.0 out-of-band garbage collector. This can much improve garbage collection performance, and drastically reduce request times. * Fixed a symlink-related security vulnerability. Urgency: low Scope: local exploit Summary: writing files to arbitrary directory by hijacking temp directories Affected versions: 4.0.37 Fixed versions: 4.0.38 CVE-2014-1832 Description: This issue is related to CVE-2014-1831 (the security issue as mentioned in the 4.0.37 release notes). The previous fix was incomplete, and still has a (albeit smaller) small attack time window in between two filesystem checks. This attack window is now gone. * Passenger Standalone is now compatible with IPv6. * Fixed some compilation problems on Solaris. See issue #1047. * passenger-install-apache2-module and passenger-install-nginx-module now automatically run in `--auto` mode if stdin is not a TTY. Fixes issue #1030. * Fixed an issue with non-bundled Meteor apps not correctly running in production mode. * The `PassengerPreStart` option is now compatible with IPv6 server sockets. * When running Python WSGI apps, `wsgi.run_once` is now set to False. This should improve the performance of certain apps and frameworks. * When handling HTTP requests with chunked transfer encoding, the 'Transfer-Encoding' header is no longer passed to the application. This is because the web server already buffers and dechunks the request body. * Fixed a possible hang in Phusion Passenger for Nginx when Nginx is instructed to reload or reopen log files. Thanks to Feng Gu, [pull request #97](https://github.com/phusion/passenger/pull/97). * The preferred Nginx version has been upgraded to 1.4.6. * Fixed a problem with running passenger-install-apache2-module and passenger-install-nginx-module on JRuby. They were not able to accept any terminal input after displaying the programming language menu. Release 4.0.37 -------------- * Improved Node.js compatibility. Calling on() on the request object now returns the request object itself. This fixes some issues with Express, Connect and Formidable. Furthermore, some WebSocket-related issues have been fixed. * Improved Meteor support. Meteor application processes are now shut down quicker. Previously, they linger around for 5 seconds while waiting for all connections to terminate, but that didn't work well because WebSocket connections were kept open indefinitely. Also, some WebSocket-related issues have been fixed. * Introduced a new tool `passenger-config detach-process` for gracefully detaching an application process from the process pool. Has a similar effect to killing the application process directly with `kill `, but killing directly may cause the HTTP client to see an error, while using this command guarantees that clients see no errors. * Fixed a crash that occurs when an application fails to spawn, but the HTTP client disconnects before the error page is generated. Fixes issue #1028. * Fixed a symlink-related security vulnerability. Urgency: low Scope: local exploit Summary: writing files to arbitrary directory by hijacking temp directories Affected versions: 4.0.5 and later Fixed versions: 4.0.37 CVE-2014-1831 Description: Phusion Passenger creates a "server instance directory" in /tmp during startup, which is a temporary directory that Phusion Passenger uses to store working files. This directory is deleted after Phusion Passenger exits. For various technical reasons, this directory must have a semi-predictable filename. If a local attacker can predict this filename, and precreates a symlink with the same filename that points to an arbitrary directory with mode 755, owner root and group root, then the attacker will succeed in making Phusion Passenger write files and create subdirectories inside that target directory. The following files/subdirectories are created: * control_process.pid * generation-X, where X is a number. If you happen to have a file inside the target directory called `control_process.pid`, then that file's contents are overwritten. These files and directories are deleted during Phusion Passenger exit. The target directory itself is not deleted, nor are any other contents inside the target directory, although the symlink is. Thanks go to Jakub Wilk for discovering this issue. Release 4.0.36 -------------- * [Enterprise] Fixed some Mass Deployment bugs. * [Enterprise] Fixed a bug that causes an application group to be put into Deployment Error Resistance Mode if rolling restarting fails while deployment error resistance is off. Deployment Error Resistance Mode is now only activated if it's explicitly turned on. * Passenger Standalone now gzips JSON responses. * Fixed some cases in which Passenger Standalone does not to properly cleanup its temporary files. Release 4.0.35 -------------- * Fixed some unit tests. Release 4.0.34 -------------- * The Node.js loader code now sets the `isApplicationLoader` attribute on the bootstrapping module. This provides a way for apps and frameworks that check for `module.parent` to check whether the current file is loaded by Phusion Passenger, or by other software that work in a similar way. This change has been introduced to solve a compatibility issue with CompoundJS. CompoundJS users should modify their server.js, and change the following: if (!module.parent) { to: if (!module.parent || module.parent.isApplicationLoader) { * Improved support for Meteor in development mode. Terminating Phusion Passenger now leaves less garbage Meteor processes behind. * It is now possible to disable the usage of the Ruby native extension by setting the environment variable `PASSENGER_USE_RUBY_NATIVE_SUPPORT=0`. * Fixed incorrect detection of the Apache MPM on Ubuntu 13.10. * When using RVM, if you set PassengerRuby/passenger_ruby to the raw Ruby binary instead of the wrapper script, Phusion Passenger will now print an error. * Added support for RVM >= 1.25 wrapper scripts. * Fixed loading passenger_native_support on Ruby 1.9.2. * The Union Station analytics code now works even without native_support. * Fixed `passenger-install-apache2-module` and `passenger-install-nginx-module` in Homebrew. * Binaries are now downloaded from an Amazon S3 mirror if the main binary server is unavailable. * And finally, although this isn't really a change in 4.0.34, it should be noted. In version 4.0.33 we changed the way Phusion Passenger's own Ruby source files are loaded, in order to fix some Debian and RPM packaging issues. The following doesn't work anymore: require 'phusion_passenger/foo' Instead, it should become: PhusionPassenger.require_passenger_lib 'foo' However, we overlooked the fact that this change breaks Ruby apps which use our Out-of-Band GC feature, because such apps had to call `require 'phusion_passenger/rack/out_of_band_gc'`. Unfortunately we're not able to maintain compatibility without reintroducing the Debian and RPM packaging issues. Users should modify the following: require 'phusion_passenger/rack/out_of_band_gc' to: if PhusionPassenger.respond_to?(:require_passenger_lib) # Phusion Passenger >= 4.0.33 PhusionPassenger.require_passenger_lib 'rack/out_of_band_gc' else # Phusion Passenger < 4.0.33 require 'phusion_passenger/rack/out_of_band_gc' end Release 4.0.33 -------------- * Fixed a compatibility problem in passenger-install-apache2-module with Ruby 1.8. The language selection menu didn't work properly. Release 4.0.32 -------------- * Fixed compatibility problems with old Ruby versions that didn't include RubyGems. Release 4.0.31 -------------- * Introduced a new tool: `passenger-config restart-app`. With this command you can initiate an application restart without touching restart.txt. Unlike touching restart.txt, this tool initiates the restart immediately instead of on the next request. * Fixed some problems in process spawning and request handling. * Fixed some problems with the handling of HTTP chunked transfer encoding bodies. These problems only occurred in Ruby. * Fixed the HelperAgent, upon shutdown, not correctly waiting 5 seconds until all clients have disconnected. Fixes issue #884. * Fixed compilation problems on FreeBSD. * Fixed some C++ strict aliasing problems. * Fixed some problems with spawning applications that print messages without newline during startup. Fixes issue #1039. * Fixed potential hangs on JRuby when Ctrl-C is used to shutdown the server. Fixes issue #1035. * When Phusion Passenger is installed through the Debian package, passenger-install-apache2-module now checks whether the Apache module package (libapache2-mod-passenger) is properly installed, and installs it using apt-get if it's not installed. Fixes issue #1031. * The `passenger-status --show=xml` command no longer prints the non-XML preamble, such as the version number and the time. Fixes issue #1037. * The Ruby native extension check whether it's loaded against the right Ruby version, to prevent problems when people upgrade Ruby without recompiling their native extensions. * Various other minor Debian packaging improvements. Release 4.0.30 -------------- * Fixed wrong autogeneration of HTTP Date header. If the web app does not supply a Date header, then Passenger will add one. Unfortunately due to the use of the wrong format string, December 30 2013 is formatted as December 30 2014. As a result, cookies that expire before 2014 would expire on December 30 2013 and December 31 2013. Details can be found at [Github pull request 93](https://github.com/phusion/passenger/pull/93). This issue only affects Phusion Passenger for Nginx and Phusion Passenger Standalone, and does not affect Phusion Passenger for Apache. You can work around this problem in your application by setting a Date header. For example, in Rails you can do: before_filter { response.date = Time.now.utc } Many thanks to Jeff Michael Dean (zilkey) and many others for bringing this to our attention and for providing workarounds and feedback. Release 4.0.29 -------------- * Fixed a compilation problem on OS X Mavericks. Release 4.0.28 -------------- * Introduced a workaround for a GCC 4.6 bug. This bug could cause Phusion Passsenger to crash during startup. Affected operating systems include Ubuntu 12.04 and Amazon Linux 2013.09.01, though not every machine with this OS installed exhibits the problem. See issue #902. * Improved Node.js support: the Sails framework is now supported. * Improved Node.js support: the streams2 API is now supported. * Introduced support for hooks, allowing users to easily extend Phusion Passenger's behavior. * Fixed a bug in the `passenger start -R` option. It was broken because of a change introduced in 4.0.25. * Fixed a bug in PassengerMaxInstancesPerApp. Fixes issue #1016. * Fixed compilation problems on Solaris. * Fixed an encoding problem in the Apache autodetection code. Fixes issue #1026. * The Debian packages no longer depend on libruby. * Application stdout and stderr are now printed without normal Phusion Passenger debugging information, making them easier to read. Release 4.0.27 -------------- * [Apache] Fixed a bug in the Apache module which could lock up the Apache process or thread. This is a regression introduced in version 4.0.24. * Node.js application processes now have friendly process titles. Release 4.0.26 -------------- * Introduced the `PassengerBufferUpload` option for Apache. This option allows one to disable upload buffering, e.g. in order to be able to track upload progress. * [Nginx] The `HTTPS` variable is now set correctly for HTTPS connections, even without setting `ssl on`. Fixes issue #401. * [Standalone] It is now possible to listen on both a normal HTTP and an HTTPS port. * [Enterprise] The `passenger-status` tool now displays rolling restart status. Release 4.0.25 -------------- * The `PassengerAppEnv`/`passenger_app_env`/`--environment` option now also sets NODE_ENV, so that Node.js frameworks like Connect can properly respond to the environment. * Fixed a bug in our Debian/Ubuntu packages causing `passenger-install-nginx-module` not to be able to compile Nginx. * Arbitrary Node.js application structures are now supported. * [Nginx] Introduced the `passenger_restart_dir` option. * [Nginx] Upgraded preferred Nginx version to 1.4.4 because of CVE-2013-4547. Release 4.0.24 -------------- * Introduced the `PassengerNodejs` (Apache) and `passenger_nodejs` (Nginx) configuration options. * [Apache] Introduced the `PassengerErrorOverride` option, so that HTTP error responses generated by applications can be intercepted by Apache and customized using the `ErrorDocument` directive. * [Standalone] It is now possible to specify some configuration options in a configuration file `passenger-standalone.json`. When Passenger Standalone is used in Mass Deployment mode, this configuration file can be used to customize settings on a per-application basis. * [Enterprise] Fixed a potential crash when a rolling restart is triggered while a process is already shutting down. * [Enterprise] Fixed Mass Deployment support for Node.js and Meteor. Release 4.0.23 -------------- * Fixed compilation problems on GCC 4.8.2 (e.g. Arch Linux 2013-10-27). * Fixed a compatibility problem with Solaris /usr/ccs/bin/make: issue #999. * Support for the Meteor Javascript framework has been open sourced. Release 4.0.22 -------------- * [Enterprised] Fixed compilation problems on OS X Mavericks. Release 4.0.21 -------------- * [Nginx] Upgraded the preferred Nginx version to 1.4.3. * Node.js support has been open sourced. * Prelimenary OS X Mavericks support. * Work around an Apache packaging bug in CentOS 5. * Various user friendliness improvements in the documentation and the installers. * Fixed a bug in the always_restart.txt support. Phusion Passenger was looking for it in the wrong directory. * Many Solaris and Sun Studio compatibility fixes. Special thanks to "mark" for his extensive assistance. * [Standalone] The --temp-dir command line option has been introduced. Release 4.0.20 -------------- * Fixed a bug in Phusion Passenger Standalone's daemon mode. When in daemon mode, the Nginx temporary directory was deleted prematurely, causing some POST requests to fail. This was a regression that was introduced in 4.0.15 as part of an optimization. * Fixed compilation problems on Solaris 10 with Sun Studio 12.3. * Improved detection of RVM problems. * It is now possible to log the request method to Union Station. * Introduced a new option, `PassengerLoadShellEnvvars` (Apache) and `passenger_load_shell_envvars` (Nginx). This allows enabling or disabling the loading of bashrc before spawning the application. * [Enterprise] Fixed a packaging problem which caused the flying-passenger executable not to be properly included in the bin path. * [Enterprise] Fixed a race condition which sometimes causes the Flying Passenger socket to be deleted after a restart. Fixes issue #939. * [Enterprise] The `byebug` gem is now supported for debugging on Ruby 2.0. The byebug gem requires a patch before this works: https://github.com/deivid-rodriguez/byebug/pull/29 Release 4.0.19 -------------- * Fixed a problem with response buffering. Application processes are now properly marked available for request processing immediately after they're done sending the response, instead of after having sent the entire response to the client. * The "processed" counter in `passenger-status` is now bumped after the process has handled a request, not at the beginning. * [Enterprise] Fixed an off-by-one bug in the `passenger_max_processes` setting. Release 4.0.18 -------------- * The Enterprise variant of Phusion Passenger Standalone now supports customizing the concurrency model and thread count from the command line. * On Nginx, the Enterprise license is now only checked if Phusion Passenger is enabled in Nginx. This allows you to deploy Nginx binaries, that have Phusion Passenger Enterprise compiled in, to servers that are not actually running Phusion Passenger Enterprise. * Fixed a performance bug in the Union Station support code. In certain cases where a lot of data must be sent to Union Station, the code is now over 100 times faster. * `passenger-status --show=union_station` now displays all clients that are connected to the LoggingAgent. * Added a workaround for Heroku so that exited processes are properly detected as such. * When using Phusion Passenger Standalone with Foreman, pressing Ctrl-C in Foreman no longer results in runaway Nginx processes. * Fixed backtraces in the Apache module. Release 4.0.17 -------------- * Fixed compilation problems on GCC 4.8 systems, such as Arch Linux 2013.04. Fixes issue #941. * Fixed some deprecation warnings when compiling the Ruby native extension on Ruby 2.0.0. * Fixed some Union Station-related stability issues. Release 4.0.16 -------------- * Allow Phusion Passenger to work properly on systems where the user's GID does not have a proper entry in /etc/group, such as Heroku. Release 4.0.15 -------------- * Out-of-band work has been much improved. The number of processes which may perform out-of-band work concurrently has been limited to 1. Furthermore, processes which are performing out-of-band work are now included in the max pool size constraint calculation. However, this means that in order to use out-of-band work, you need to have at least 2 application processes running. Out-of-band work will never be triggered if you just have 1 process. Partially fixes issue #892. * Phusion Passenger now displays an error message to clients if too many requests are queued up. By default, "too many" is 100. You may customize this with `PassengerMaxRequestQueueSize` (Apache) or `passenger_max_request_queue_size` (Nginx). * A new configuration option, `PassengerStartTimeout` (Apache) and `passenger_start_timeout` (Nginx), has been added. This option allows you to specify a timeout for application startup. The startup timeout has exited since version 4.0.0, but before version 4.0.15 it was hardcoded at a value of 90 seconds. Now it is customizable. Fixes issue #936. * [Enterprise] The `PassengerMaxRequestTime`/`passenger_max_request_time` feature is now available for Python and Node.js as well, and is no longer limited to just Ruby. Fixes issue #938. * [Nginx] Introduced a configuration option `passenger_intercept_errors`, which decides if Nginx will intercept responses with HTTP status codes of 400 and higher. Its effect is similar to `proxy_intercept_errors`. * [Standalone] Memory usage optimization: when `passenger start` is run with `--daemonize`, the frontend exits after starting the Nginx core. This saves ~20 MB of memory per `passenger start` instance. * [Standalone] Phusion Passenger Standalone is now also packaged in the Debian packages. * [Standalone] Fix a problem with the `passenger stop` command on Ruby 1.8.7. The 'thread' library was not properly required, causing a crash. * [Standalone] There is now builtin support for SSL. * Fix a crash when multiple `passenger_pass_header` directives are set. Fixes issue #934. * Permissions on the server instance directory are now explicitly set with chmod, so that permissions are correct on systems with a non-default umask. Fixes issue #928. * Fix permission problems when running `passenger start` with `--user`. * `passenger-config --detect-apache2` now correctly detects the eror log filename on Amazon Linux. Fixes issue #933. * An environment variable `PASSENGER_THREAD_LOCAL_STORAGE` has been added to the build system for forcefully disabling the use of thread-local storage within the Phusion Passenger codebase. This flag useful on systems that have broken support for thread-local storage, despite passing our build system's check for proper thread-local storage support. At the time of writing, one user has reported that Ubuntu 12.04 32-bit has broken thread-local storage report although neither the reporter nor us were able to reproduce the problem on any other systems running Ubuntu 12.04 32-bit. Note that this flag has no effect on non-Phusion Passenger code. Fixes issue #937. * It is now possible to preprocess events before they are sent to Union Station. This is useful for removing confidential data as demonstrated in this example `config/initializers/passenger.rb` file: if defined?(PhusionPassenger) event_preprocessor = lambda do |e| e.payload[:sql].gsub!("secret","PASSWORD") if e.payload[:sql] end PhusionPassenger.install_framework_extensions!(:event_preprocessor => event_preprocessor) end Release 4.0.14 -------------- * Fixed a bug in Passenger Standalone's source compiler, for the specific case when the downloaded Nginx binary doesn't work, and compilation of the Nginx binary did not succeed the first time (e.g. because of missing dependencies). * Precompiled Ruby native extensions are now automatically downloaded. Release 4.0.13 -------------- * Updated preferred Nginx version to 1.4.2. * Worked around the fact that FreeBSD 9.1 has a broken C++ runtime. Patch contributed by David Keller. * Autogenerated HTTP Date headers are now in UTC instead of local time. This could cause cookies to have the wrong expiration time. Fixes issue #913. * Fixed compatibility problems with Ruby 1.8.6 (issue #924). * Introduced a tool, `passenger-config --detect-apache2`, which autodetects all Apache installations on the system along with their parameters (which apachectl command to run, which log file to read, which config file to edit). The tool advises users about how to use that specific Apache installation. Useful if the user has multiple Apache installations but don't know about it, or when the user doesn't know how to work with multiple Apache installations. * Added an API for better Rack socket hijacking support. * Added a hidden configuration option for customizing the application start timeout. A proper configuration option will be introduced in the future. * Added autodetection support for Amazon Linux. * Fixed process metrics collection on some operating systems. Some systems' 'ps' command expect no space between -p and the list of PIDs. Release 4.0.10 -------------- * Fixed a crash in PassengerWatchdog which occurs on some OS X systems. * Fixed exception reporting to Union Station. * Improved documentation. Release 4.0.9 ------------- * [Enterprise] Fixed a problem with passenger-irb. Release 4.0.8 ------------- * Fixed a problem with graceful web server restarts. When you gracefully restart the web server, it would cause Phusion Passenger internal sockets to be deleted, thus causing Phusion Passenger to go down. This problem was introduced in 4.0.6 during the attempt to fix issue #910. * The PassengerRestartDir/passenger_restart_dir now accepts relative filenames again, just like in Phusion Passenger 3.x. Patch contributed by Ryan Schwartz. * Documentation updates contributed by Gokulnath Manakkattil. * [Enterprise] Fixed a license key checking issue on some operating systems, such as CentOS 6. Release 4.0.7 ------------- * There was a regression in 4.0.6 that sometimes prevents PassengerLoggingAgent from starting up. Unfortunately this slipped our release testing. This regression has been fixed and we've updated our test suite to check for these kinds of regressions. Release 4.0.6 ------------- * Fixed a potential 100% CPU lock up in the crash handler, which only occurs on OS X. Fixes issue #908. * Fixed a crash in request handling, when certain events are trigger after the client has already disconnected. Fixes issue #889. * Phusion Passenger will no longer crash when the Phusion Passenger native_support Ruby extension cannot be compiled, e.g. because the Ruby development headers are not installed or because the current user has no permission to save the native extension file. Fixes issue #890. * Fixed OS X 10.9 support. Fixes issue #906. * Removed dependency on bash, so that Phusion Passenger works out of the box on BSD platforms without installing/configuring bash. Fixes issue #911. * Fix 'PassengerPoolIdleTime 0' not being respected correctly. Issue #904. * Admin tools improvement: it is now possible to see all currently running requests by invoking `passenger-status --show=requests`. * A new feature called Flying Passenger allows you to decouple the life time of Phusion Passenger from the web server, so that both can be restarted indepedently from each other. Please refer to http://blog.phusion.nl/2013/07/03/technology-preview-introducing-flying-passenger/ for an introduction. * [Apache] Fixed compatibility with Apache pipe logging. Previously this would cause Phusion Passenger to lock up with 100% CPU during Apache restart. * [Nginx] The Nginx configure script now checks whether 'ruby' is in $PATH. Previously, if 'ruby' is not in $PATH, then the compilation process fails with an obscure error. * [Nginx] passenger-install-nginx-module now works properly even when Phusion Passenger is installed through the Debian packages. Before, the installer would tell you to install Phusion Passenger through the gem or tarball instead. * [Enterprise] Added pretty printing helpers to the Live IRB Console. * Fixed permissions on a subdirectory in the server instance directory. The server instance directory is a temporary directory that Phusion Passenger uses to store working files, and is deleted after Phusion Passenger exits. A subdirectory inside it is world-writable (but not world-readable) and is used for storing Unix domain sockets created by different apps, which may run as different users. These sockets had long random filenames to prevent them from being guessed. However because of a typo, this subdirectory was created with the setuid bit, when it should have sticky bit (to prevent existing files from being deleted or renamed by a user that doesn't own the file). This has now been fixed. * If the server instance directory already exists, it will now be removed first in order get correct directory permissions. If the directory still exists after removal, Phusion Passenger aborts to avoid writing to a directory with unexpected permissions. Fixes issue #910. * The installer now checks whether the system has enough virtual memory, and prints a helpful warning if it doesn't. * Linux/AArch64 compatibility fixes. Patch contributed by Dirk Mueller. * Improved documentation. Release 4.0.5 ------------- * [Standalone] Fixed a regression that prevented Passenger Standalone from starting. Fixes issue #899. * Fixed security vulnerability CVE-2013-2119. Urgency: low Scope: local exploit Summary: denial of service and arbitrary code execution by hijacking temp files Affected versions: all versions Fixed versions: 3.0.21 and 4.0.5 Description: Phusion Passenger's code did not always create temporary files and directories in a secure manner. Temporary files and directories were sometimes created with a predictable filename. A local attacker can pre-create temporary files, resulting in a denial of service. In addition, this vulnerability allows a local attacker to run arbitrary code as another user, by hijacking temporary files. By pre-creating certain temporary files with certain permissions, attackers can prevent Passenger Standalone from starting (denial of service). By pre-creating certain temporary files with certain other permissions, attackers can trick `passenger start` and the build system (which is invoked by `passenger-install-apache2-module`/`passenger-install-nginx-module`) to run arbitrary code. The user that the code is run as, is equal to the user that ran `passenger start` or the build system. Attacks of this nature have to be timed exactly right. The attacker must overwrite the file contents right after Phusion Passenger has created the file contents, but right before the file is used. In the context of `passenger start`, the vulnerable window begins right after Passenger Standalone has created the Nginx config file, and ends when Nginx has read the config file. Once Nginx has started and initialized, the system is no longer vulnerable. `passenger stop` and other Passenger Standalone commands besides `start` are not vulnerable. In the context of the build system, the vulnerable window begins when `passenger-install-apache2-module`/`passenger-install-nginx-module` prints its first dependency checking message, and ends when it prints the first compiler command. Only the `passenger start` command, the `passenger-install-apache2-module` command and the `passenger-install-nginx-module` commands are vulnerable. Phusion Passenger for Apache and Phusion Passenger for Nginx (once they are installed) are not vulnerable. Fixed versions: 3.0.21 and 4.0.5 have been released to address this issue. Workaround: You can use this workaround if you are unable to upgrade. Before invoking any Phusion Passenger command, set the `TMPDIR` environment variable to a directory that is not world-writable. Special care must be taken when you use sudo: sudo resets all environment variables, so you should either invoke sudo with `-E`, or you must set the environment variable after gaining root privileges with sudo. Release 4.0.4 ------------- * Fixed autodetection of noexec-mount /tmp directory. Fixes issue #850 and issue #625. * Fixed a WSGI bug. wsgi.input was a file object opened in text mode, but should be opened in binary mode. Fixes issue #881. * Fixed a potential crash in Out-of-Band Work. Fixes issue #894. * Fixed a potential crash in rolling restarting, which only occurs if a process was also being spawned at the same time. Fixes issue #896. * [Apache] The RailsBaseURI and RackBaseURI directives have been unified. For a long time, RailsBaseURI told Phusion Passenger that the given sub-URI belongs to a **Rails 2** application. Attempt to use this directive with Rails 3 or with Rack applications would result in an error. Because this confused users, RailsBaseURI and RackBaseURI have now been unified and can now be used interchangably. Phusion Passenger will automatically detect what kind of application it is. The Nginx version already worked like this. Fixes issue #882. * [Standalone] The Passenger Standalone temp directory and PassengerWatchdog server instance directory have been unified. PassengerWatchdog already automatically updates the timestamps of all files in its server instance directory every 6 hours to prevent /tmp cleaners from deleting the directory. Therefore this unification prevents the Passenger Standalone temp directory to be deleted by /tmp cleaners as well. Fixes issue #654. * [Standalone] types_hash_max_size has been increased from 1024 to 2048. This solves a problem that causes Nginx not to start on some platforms. Contributed by Jan-Willem Koelewijn. Release 4.0.3 ------------- * Better protection is now provided against application processes that are stuck and refuse to shut down cleanly. Since version 4.0.0, Phusion Passenger already forcefully shuts down all processes during web server shutdown. In addition to this, 4.0.3 now also forcefully shuts down processes that take more than 1 minute to shut down, even outside the context of web server shutdowns. This feature does not, however, protect against requests that take too long. Use PassengerMaxRequestTime (Apache) or passenger_max_request_time (Nginx) for that. * Fixed a crash in the HelperAgent which results in frequent process restarts in some traffic patterns. Fixes issue #862. * Fixed a problem that prevents processes from being spawned correctly if the user's bashrc changes working directory. Fixes issue #851. * passenger-status now also displays CPU usage. * The installer now checks for checksums when automatically downloading PCRE and Nginx. Contributed by Joshua Lund. * An error is now printed when trying to daemonize Phusion Passenger Standalone on Ruby implementations that don't support forking. Contributed by Benjamin Fleischer. * Although Phusion Passenger already supported JRuby, *installing* Phusion Passenger with JRuby was not possible. This has been fixed. * Various other minor bug fixes. Release 4.0.2 ------------- * Bumped the preferred Nginx version to 1.4.1 because of a critical Nginx security vulnerability, CVE-2013-2028. Users are advised to upgrade immediately. Release 4.0.1 ------------- * Fixed a crasher bug in the Deployment Error Resistance feature. * Fixed a bug in PassengerDefaultUser and PassengerDefaultGroup. * Fixed a bug which could cause application processes to exit before they've finished their request. * Fixed some small file descriptor leaks. * Bumped the preferred Nginx version to 1.4.0. * Editing the Phusion Passenger Standalone Nginx config template is no longer discouraged. * Improved documentation. Release 4.0.0 release candidate 6 --------------------------------- * WebSocket support on Nginx. Requires Nginx >= 1.3.15. * Improved RVM support. * Performance optimizations. * Various bug fixes. Release 4.0.0 release candidate 5 --------------------------------- * The default config snippet for Apache has changed! It must now contain a `PassengerDefaultRuby` option. The installer has been updated to output this option. The `PassengerRuby` option still exists, but it's only used for configuring different Ruby interpreters in different contexts. Please refer to the manual for more information. * We now provide GPG digital signatures for all file releases by Phusion. More information can be found in the manual. * `passenger-status` now displays process memory usage and time when it was last used. The latter fixes issue #853. * Exceptions in Rack application objects are now caught to prevent application processes from exiting. * The `passenger-config` tool now supports the `--ruby-command` argument, which helps the user with figuring out the correct Ruby command to use in case s/he wants to use multiple Ruby interpreters. The manual has also been updated to mention this tool. * Fixed streaming responses on Apache. * Worked around an OS X Unix domain socket bug. Fixes issue #854. * Out-of-Band Garbage Collection now works properly when the application has disabled garbage collection. Fixes issue #859. * Fixed support for /usr/bin/python on OS X. Fixes issue #855. * Fixed looping-without-sleeping in the ApplicationPool garbage collector if PassengerPoolIdleTime is set to 0. Fixes issue #858. * Fixed some process memory usage measurement bugs. * Fixed process memory usage measurement on NetBSD. Fixes issue #736. * Fixed a file descriptor leak in the Out-of-Band Work feature. Fixes issue #864. * The PassengerPreStart helper script now uses the default Ruby interpreter specified in the web server configuration, and no longer requires a `ruby` command to be in `$PATH`. * Updated preferred PCRE version to 8.32. * Worked around some RVM bugs. * The ngx_http_stub_status_module is now enabled by default. * Performance optimizations. Release 4.0.0 release candidate 4 --------------------------------- * Fixed compilation on systems where /tmp is mounted noexec. * Fixed some memory corruption bugs. * Improved debugging messages. * Phusion Passenger Standalone now sets underscores_in_headers. Fixes issue #708. * Fixed some process spawning compatibility problems, as reported in issue #842. * The Python WSGI loader now correctly shuts down client sockets even when there are child processes that keep the socket open. * A new configuration option PassengerPython (Apache) and passenger_python (Nginx) has been added so that users can customize the Python interpreter on a per-application basis. Fixes issue #852. * The Apache module now supports file uploads larger than 2 GB when on 32-bit systems. Fixes issue #838. * The Nginx version now supports the `passenger_temp_dir` option. * Environment variables set in the Nginx configuration file (through the `env` config option) are now correctly passed to all application processes. Fixes issue #371. * Fixed support for RVM mixed mode installations. Fixes issue #828. * Phusion Passenger now outputs the Date HTTP header in case the application didn't already do that (and was violating the HTTP spec). Fixes issue #485. * Phusion Passenger now checks whether /dev/urandom isn't broken. Fixes issue #516. Release 3.9.5 (4.0.0 release candidate 3) ----------------------------------------- * Fixed Rake autodetection. Release 3.9.4 (4.0.0 release candidate 2) ----------------------------------------- * More bug fixes. * More documentation updates. * Better crash diagnostics. Release 3.9.3 (4.0.0 release candidate 1) ----------------------------------------- * The Nginx version now supports the `passenger_app_root` configuration option. * The Enterprise memory limiting feature has been extended to work with non-Ruby applications as well. * Application processes that have been killed are now automatically detected within 5 seconds. Previously Phusion Passenger needed to send a request to the process before detecting that it's gone. This change means that when you kill a process by sending it a signal, Phusion Passenger will automatically respawn it within 5 seconds (provided that the process limit settings allow respawning). * Phusion Passenger Standalone's HTTP client body limit has been raised from 50 MB to 1 GB. * Python 3 support has been added. * The build system has been made compatible with JRuby and Ruby 2.0. * The installers now print a lot more information about detected system settings so that the user can see whether something has been wrongly detected. * Some performance optimizations. These involve further extending the zero-copy architecture, and the use of hash table maps instead of binary tree maps. * Many potential crasher and freezer bugs have been fixed. * Error diagnostics have been further improved. * Many documentation improvements. Release 3.9.2 (4.0.0 beta 2) ---------------------------- * New feature: JRuby and Rubinius support. * New feature: Out of Band Work. * Sending SIGBART to a Ruby process will now trigger the same behavior as SIGQUIT - that is, it will print a backtrace. This is necessary for proper JRuby support because JRuby cannot catch SIGQUIT. * Rolling restarts and depoyment error resistance are now also available in Phusion Passenger Standalone in the Enterprise version. * System call failure simulation framework. * Improved crash reporting. * Many documentation improvements. * Many bug fixes. Release 3.9.1 (4.0.0 beta 1) ---------------------------- This is the first beta of Phusion Passenger 4. The changes are numerous. * Support for multiple Ruby versions. * The internals now use evented I/O. * Real-time response buffering. * Improved zero-copy architecture. * Rewritten ApplicationPool and process spawning subsystem. * Multithreading within Ruby apps (Phusion Passenger Enterprise only). * Python WSGI support lifted to "beta" status. * More protection against stuck processes. * Automatically picks up environment variables from your bashrc. * Allows setting environment variables directly in Apache. * Automatic asset pipeline support in Standalone. * Deleting restart.txt no longer triggers a restart. * More stable Union Station support. * Many internal robustness improvements. * Better relocatability without wasting space. Release 3.0.21 -------------- * Rebootstrapped the libev configure to fix compilation problems on Solaris 11. * Fixed support for RVM mixed mode installations. Fixes issue #828. * Fixed encoding problems in Phusion Passenger Standalone. * Changed preferred Nginx version to 1.2.9. * Catch exceptions raised by Rack application objects. * Fix for CVE-2013-2119. Details can be found in the announcement for version 4.0.5. * Version 3.0.20 was pulled because its fixes were incomplete. Release 3.0.19 -------------- * Nginx security fix: do not display Nginx version when server_tokens are off. * Fixed compilation problems on some systems. * Fixed some Union Station-related bugs. Release 3.0.18 -------------- * Fixed compilation problems on Fedora 17. * Fixed Union Station compatibility with Rails 3.2. * Phusion Passenger Enterprise Standalone now supports rolling restarts and deployment error resistance. Release 3.0.17 -------------- * Fixed a Ruby 1.9 encoding-related bug in the memory measurer. (Phusion Passenger Enterprise) * Fixed OOM adjustment bugs on Linux. * Fixed compilation problems on Fedora 18 and 19. * Fixed compilation problems on SunOS. * Fixed compilation problems on AIX. Contribution by Perry Smith. * Fixed various compilation warnings. * Upgraded preferred Nginx version to 1.2.3. 3.0.16 was an unofficial hotfix release, and so its announcement had been skipped. Release 3.0.15 -------------- * Updated documentation. * Updated website links. Release 3.0.14 -------------- * [Apache] Fixed a long-standing mod_rewrite-related problem. Some mod_rewrite rules would not work, but it depends on the exact mod_rewrite configuration so it would work for some people but not for others. Issue #563. Thanks a lot to cedricmaion for providing information on the nature of the bug and to peter.nash55 for providing a VM that allowed us to reproduce the problem. * [Nginx] Preferred Nginx version to 1.2.2. The previously preferred version was 1.2.1. * Cleared some confusing terminology in the documentation. * Fixed some Ruby 1.9 encoding problems. Release 3.0.13 -------------- * [Nginx] Preferred Nginx version upgraded to 1.2.1. * Fixed compilation problems on FreeBSD 6.4. Fixes issue #766. * Fixed compilation problems on GCC >= 4.6. * Fixed compilation problems on OpenIndiana and Solaris 11. Fixes issue #742. * Union Station-related bug fixes. * Sending the soft termination signal twice to application processes no longer makes them crash. Patch contributed by Ian Ehlert. Release 3.0.12 -------------- * [Apache] Support Apache 2.4. The event MPM is now also supported. * [Nginx] Preferred Nginx version upgraded to 1.0.15. * [Nginx] Preferred PCRE version upgraded to 8.30. * [Nginx] Fixed compatibility with Nginx < 1.0.10. * [Nginx] Nginx is now installed with http_gzip_static_module by default. * [Nginx] Fixed a memory disclosure security problem. The issue is documented at http://www.nginx.org/en/security_advisories.html and affects more modules than just Phusion Passenger. Users are advised to upgrade as soon as possible. Patch submitted by Gregory Potamianos. * [Nginx] passenger_show_version_in_header now hides the Phusion Passenger version number from the 'Server:' header too. Patch submitted by Gregory Potamianos. * Fixed a /proc deprecation warning on Linux kernel >= 3.0. Release 3.0.11 -------------- * Fixed a compilation problem on platforms without alloca.h, such as FreeBSD 7. * Improved performance and solved some warnings on Xen systems by compiling with `-mno-tls-direct-seg-refs`. Patch contributed by Michał Pokrywka. Release 3.0.10 -------------- * [Nginx] Dropped support for Nginx versions older than 1.0.0 * [Nginx] Fixed support for Nginx 1.1.4+ * [Nginx, Standalone] Upgraded default Nginx version to 1.0.10 The previously default version was 1.0.5. * [Nginx] New option passenger_max_requests This is equivalent to the PassengerMaxRequests option in the Apache version: Phusion Passenger will automatically shutdown a worker process once it has processed the specified number of requests. Contributed by Paul Kmiec. * [Apache] New option PassengerBufferResponse The Apache version did not buffer responses. This could block the Ruby worker process in case of slow clients. We now enable response buffering by default. It can be turned off through this option. Feature contributed by Ryo Onodera. * Fixed remaining Ruby 1.9.3 compatibility problems We already supported Ruby 1.9.3 since 3.0.8, but due to bugs in Ruby 1.9.3's build system Phusion Passenger would fail to detect Ruby 1.9.3 features on some systems. Fixes issue #714. * Fixed a bug in PassengerPreStart A regression was introduced in 3.0.8, causing the prespawn script to connect to the host name instead of to 127.0.0.1. Fix contributed by Andy Allan. * Fixed compatibility with GCC 4.6 Affected systems include Ubuntu 11.10. * Fixed various compilation problems. * Fixed some Ruby 1.9 encoding problems. * Fixed some Ruby 1.9.3 deprecation warnings. Release 3.0.9 ------------- * [Nginx] Fixed a NULL pointer crash that occurs on HTTP/1.0 requests when the Host header isn't given. * Fixed deprecation warnings on RubyGems >= 1.6. * Improved Union Station support stability. Release 3.0.8 ------------- * [Nginx] Upgraded preferred Nginx version to 1.0.5. * [Nginx] Fixed various compilation problems on various platforms. * [Nginx] We now ensure that SERVER_NAME is equal to HTTP_HOST without the port part. This is needed for Rack compliance. By default Nginx sets SERVER_NAME to whatever is specified in the server_name directive, but that's not necessarily the correct value. This fixes, for example, the use of the 'map' statement in config.ru. * [Nginx] Added the options passenger_buffer_size, passenger_buffers and passenger_busy_buffers_size. These options are similar to proxy_module's similarly named options. You can use these to e.g. increase the maximum header size limit. * [Nginx] passenger_pre_start now supports virtual hosts that listen on Unix domain sockets. * [Apache] Fixed the pcre.h compilation problem. * [Standalone] Fixed 'passenger stop'. It didn't work properly because it kept waiting for 'tail' to exit. We now properly terminate 'tail' as well. * Fixed compatibility with Rake 0.9. * Fixed various Ruby 1.9 compatibility issues. * Various documentation improvements. * New Union Station filter language features. It now supports status codes and response times. Please refer to https://engage.unionstationapp.com/help#filtering for more information. Release 3.0.7 ------------- * Fixed a bug passenger-install-apache2-module. It could crash on some systems due to a typo in the code. * Upgraded preferred Nginx version to 1.0.0. * Phusion Passenger Standalone now pre-starts application processes at startup instead of doing that at the first request. * When sending data to Union Station, the HTTP status code is now also logged. * Various Union Station-related stability improvements. * The Linux OOM killer was previously erroneously disabled for all Phusion Passenger processes, including application processes. The intention was to only disable it for the Watchdog. This has been fixed, and the Watchdog is now the only process for which the OOM killer is disabled. * Fixed some compilation problems on OpenBSD. * Due to a typo, the dependency on file-tail was not entirely removed in 3.0.6. This has now been fixed. Release 3.0.6 ------------- * Fixed various compilation problems such as XCode 4 support and OpenBSD support. * Fixed various Union Station-related stability issues. * Fixed an issue with host name detection on certain platforms. * Improved error logging in various parts. * The dependency on the file-tail library has been removed. * During installation, check whether /tmp is mounted with 'noexec'. Phusion Passenger's installer relies on /tmp *not* being mounted with 'noexec'. If it is then the installer will now show a helpful error message instead of bailing out in a confusing manner. Users can now tell the installer to use a different directory for storing temporary files by customizing the $TMPDIR environment variable. * Phusion Passenger Standalone can now run Rackup files that are not named 'config.ru'. The filename can be passed through the command line using the -R option. Release 3.0.5 ------------- * [Apache] Fixed Union Station process statistics collection Union Station users that are using Apache may notice that no process information show up in Union Station. This is because of a bug in Phusion Passenger's Apache version, which has now been fixed. * [Apache] PassengerAnalytics has been renamed to UnionStationSupport This option has been renamed for consistency reasons. * [Nginx] passenger_analytics has been renamed to union_station_support This option has been renamed for consistency reasons. * Fixed Union Station data sending on older libcurl versions Some Union Station users have reported that their data don't show up. Upon investigation this turned out to be a compatibility with older libcurl versions. Affected systems include all RHEL 5 based systems, such as RHEL 5.5 and CentOS 5.5. We've now fixed compatibility with older libcurl versions. * Added support for the Union Station filter language This language can be used to limit the kind of data that's sent to Union Station. Please read https://engage.unionstationapp.com/help#filtering for details. * Fixed a PassengerMaxPoolSize/passenger_max_pool_size violation bug People who host a lot of different applications on Phusion Passenger may notice that it sometimes spawns more processes than is allowed by PassengerMaxPoolSize/passenger_max_pool_size. This has been fixed. Release 3.0.4 ------------- * [Apache] Changed mod_dir workaround hook priority Phusion Passenger temporarily disables mod_dir on all Phusion Passenger-handled requests in order to avoid conflicts. In order to do this it registers some Apache hooks with the APR_HOOK_MIDDLE priority, but it turned out that this breaks some other modules like mod_python. The hook priority has been changed to APR_HOOK_LAST to match mod_dir's hook priorities. Issue reported by Jay Freeman. * Added support for Union Station: http://www.unionstationapp.com/ * Some error messages have been improved. Release 3.0.3 ------------- * [Nginx] Preferred Nginx version upgraded to 0.8.54 The previous preferred version was 0.8.53. * PATH_INFO and REQUEST_URI now contain the original escaped URI Phusion Passenger passes the URI, as reported by Apache/Nginx, to application processes through the PATH_INFO and REQUEST_URI variables. These variables are supposed to contain the original, unescaped URI, e.g. /clubs/%C3%BC. Both Apache and Nginx thought that it would be a good idea to unescape the URI before passing it to modules like Phusion Passenger, thereby causing PATH_INFO and REQUEST_URI to contain the unescaped URI, e.g. /clubs/ü. This causes all sorts of encoding problems. We now manually re-escape the URI when setting PATH_INFO and REQUEST_URI. Issue #404. * The installer no longer detects directories as potential commands Previously the installer would look in $PATH for everything that's executable, including directories. If one has /usr/lib in $PATH and a directory /usr/lib/gcc exists then the installer would recognize /usr/lib/gcc as the compiler. We now explicitly check whether the item is also a file. * PseudoIO now responds to #to_io Phusion Passenger sets STDERR to a PseudoIO object in order to capture anything written to STDERR during application startup. This breaks some libraries which expect STDERR to respond to #to_io. This has now been fixed. Issue #607. * Fixed various other minor bugs See the git commit log for details. Release 3.0.2 ------------- * [Nginx] Fixed compilation problems The Nginx compilation process was broken due to not correctly reverting the working directory of the Nginx configure script. This has been fixed: issue #595. * [Nginx] Fixed crash if passenger_root refers to a nonexistant directory Issue #599. * Fixed compilation problems on NetBSD There was a typo in a NetBSD-specific fcntl() call. It also turns out that NetBSD doesn't support some ISO C99 math functions like llroundl(); this has been worked around by using other functions. Issue #593. * Fixed file descriptor closing issues on FreeBSD Phusion Passenger child processes didn't correct close file descriptors on FreeBSD because it queries /dev/fd to do that. On FreeBSD /dev/fd only returns meaningful results if fdescfs is mounted, which it isn't by default. Issue #597. Release 3.0.1 ------------- * MUCH faster compilation We've applied code aggregation techniques, allowing Phusion Passenger to be compiled much quicker now. For example, compiling the Nginx component (not Nginx itself) on a MacBook Pro now takes only 29 seconds instead of 51 seconds, an improvement of 75%! Compiling the Apache module on a slower Dell Inspiron now takes 39 seconds instead of 1 minute 22 seconds, or 110% faster! * Fixed malfunction after web server restart On Linux systems that have a non-standard filesystem on /tmp, Phusion Passenger could malfunction after restarting the web server because of a bug that's only triggered on certain filesystems. Issue #569. * Boost upgraded to version 1.44.0. We were on 1.42.0. * Much improved startup error messages Phusion Passenger performs many extensive checks during startup to ensure integrity. However the error message in some situation could be vague. These startup error messages have now been improved dramatically, so that if something goes wrong during startup you will now more likely know why. * Curl < 7.12.1 is now supported The previous version fails to compile with Curl versions earlier than 7.12.1. Issue #556. * passenger-make-enterprisey fixed This is the command that people can run after donating. It allows people to slightly modify Phusion Passenger's display name as a joke. In 3.0.0 it was broken because of a typo. This has been fixed. * Removed passenger-stress-test This tool was used during the early life of Phusion Passenger for stress testing websites. Its performance has never been very good and there are much better tools for stress testing, so this tool has now been removed. * [Apache] RailsEnv and RackEnv configuration options are now equivalent In previous versions, RailsEnv only had effect on Rails 1 and Rails 2 apps while RackEnv only had effect on Rack apps. Because Rails 3 apps are considered Rack apps, setting RailsEnv had no effect on Rails 3 apps. Because this is confusing to users, we've now made RailsEnv and RackEnv equivalent. Issue #579. * [Nginx] Fixed compilation problems on systems with unpowerful shells Most notably Solaris. Its default shell does not support some basic constructs that we used in the Nginx configure script. * [Nginx] Upgraded default Nginx version to to 0.8.53 The previous default was 0.8.52. * [Nginx] passenger_enabled now only accepts 'on' or 'off' values Previously it would recognize any value not equal to 'on' as meaning 'off'. This caused confusion among users who thought they could also specify 'true', so we now throw a proper error if the value is unrecognized. Fixes issue #583. Release 3.0.0 ------------- This is a major release with many changes. Please read our blog for details. Release 2.2.15 -------------- * [Apache] Fixed incorrect temp dir cleanup by passenger-status On some systems, running passenger-status could print the following message: *** Cleaning stale folder /tmp/passenger.1234 ...after which Phusion Passenger breaks because that directory is necessary for it to function properly. The cause of this problem has been found and has been fixed. * [Apache] Fixed some upload handling problems Previous versions of Phusion Passenger check whether the size of the received upload data matches the contents of the Content-Length header as received by the client. It turns out that there could be a mismatch e.g. because of mod_deflate input compression, so we can't trust Content-Length anyway and we're being too strict. The check has now been removed. * [Nginx] Fixed compilation issues with Nginx >= 0.7.66 Thanks to Potamianos Gregory for reporting this issue. Issue #500. * [Nginx] Default Nginx version changed to 0.7.67 The previous default version was 0.7.65. * Fixed more Bundler problems Previous versions of Phusion Passenger would preload some popular libraries such as mysql and sqlite3 in order to utilize copy-on-write optimizations better. However this behavior conflicts with Bundler so we've removed it. Release 2.2.14 -------------- * Added support for Rubinius Patch contributed by Evan Phoenix. * Fixed a mistake in the SIGQUIT backtrace message. Patch contributed by Christoffer Sawicki. * [Nginx] Fix a localtime() crash on FreeBSD This was caused by insufficient stack space for threads. Issue #499. Release 2.2.13 -------------- * Fixed some Rails 3 compatibility issues that were recently introduced. * Fixed a typo that causes config/setup_load_paths.rb not to be loaded correctly. Release 2.2.12 -------------- * Improved Bundler support. Previous versions might not be able to correctly load gems bundled by Bundler. We've also documented how our Bundler support works and how to override our support if you need special behavior. Please refer to the Phusion Passenger Users Guide, section "Bundler support". * Worked around some user account handling bugs in Ruby. Issue #192. * Fixed some Ruby 1.9 tempfile.rb compatibility problems. * Fixed some compilation problems on some ARM Linux platforms. * [Apache] Suppress bogus mod_xsendfile-related error messages. When mod_xsendfile is being used, Phusion Passenger might print bogus error messages like "EPIPE" or "Apache stopped forwarding the backend's response" to the log file. These messages are normal, are harmless and can be safely ignored, but they pollute the log file. So in this release we've added code to suppress these messages when mod_xsendfile is being used. Issue #474. * [Nginx] Fixed "passenger_user_switching off" permission problems If Nginx is running as root and passenger_user_switching is turned off, then Phusion Passenger would fail to initialize because of a permission problem. This has been fixed. Issue #458. * [Nginx] Nginx >= 0.8.38 is now supported. Thanks to Sergey A. Osokin for reporting the problem. * [Nginx] passenger-install-nginx-module upgraded It now defaults to installing Nginx 0.7.65 instead of 0.7.64. Release 2.2.11 -------------- * This release fixes a regression that appeared in 2.2.10 which only affects Apache. When under high load, Apache might freeze and stop responding to requests. It is caused by a race condition which is why it escaped our last release testing. This problem does not affect Nginx; you only have to upgrade if you're using Apache. http://groups.google.com/group/phusion-passenger/t/d5bb2f17c8446ea0 Release 2.2.10 -------------- * Fixed some Bundler compatibility problems. * Fixed some file descriptor passing problems, which previously could lead to mysterious crashes. * Fixed some compilation problems on newer GCC versions. Issue #430. * Support #size method in rack.input. Release 2.2.9 ------------- * Fixed compatibility with Rails 3. Actually, previous Phusion Passenger releases were already compatible with Rails 3, depending on the spawn method that would be invoked. Here's the story: Since Phusion Passenger 2.2.8, when the file config.ru exists, Phusion Passenger will treat the app as a Rack app, not as a Rails app. This is in contrast to earlier versions which gave Rails detection more priority than Rack detection. Phusion Passenger loads Rack apps and Rails apps in different ways. The Rails loader was not compatible with Rails 3, which is what we've fixed in this release. That said, a Rails 3 app would have worked out-of-the-box on Phusion Passenger 2.2.8 as well because Rails 3 apps include a config.ru file by default, causing Phusion Passenger 2.2.8 to use the Rack loader. Earlier versions of Phusion Passenger would just completely bail out because they'd use the Rails loader. That said, with 2.2.9 there are still some caveats: - Smart spawning (the mechanism with which REE's 33% memory reduction is implemented) is *not* supported for Rack apps. This means that if you want to utilize smart spawning with Rails 3, then you should remove your config.ru file. - Rails 3 depends on Rack 1.1.0. You must have Rack 1.1.0 installed as a gem, even if you've bundled it with the gem bundler. This is because Phusion Passenger itself depends on Rack. Both of these caveats are temporary. We have plans to solve both of these properly in the future. * What's up with the Gem Bundler? There has been some reports that Phusion Passenger is not compatible with Yehuda Katz's gem bundler (http://github.com/wycats/bundler). This might have been true for an earlier version of the gem bundler, but the latest version seems to work fine. Please note that you need to insert the following snippet in config/preinitializer.rb, as instructed by the gem bundler's README: require "#{RAILS_ROOT}/vendor/gems/environment" The Rails::Boot monkey patching code as posted at http://yehudakatz.com/2009/11/03/using-the-new-gem-bundler-today/ does not seem to be required anymore. * Fixed support for ActiveRecord subclasses that connect to another database. ActiveRecord subclasses that connect to a database other than the default one did not have their connection correctly cleared after forking. This can result in weird errors along the lines of "Lost connection to MySQL server during query". Issue #429. * [Nginx] Fixed PCRE URL. passenger-install-nginx-module downloads PCRE 7.8 if PCRE is not already installed. However PCRE 7.8 has been removed from their FTP server, so we've updated the URL to point to the latest version, 8.0. Release 2.2.8 ------------- * [Nginx] Fixed some signal handling problems. Restarting Nginx on OS X with SIGHUP can sometimes take a long time or even fail completely. This is because of some signal handling problems, which have now been fixed. * [Nginx] Added OpenSSL as dependency. OpenSSL is required in order to install Nginx, but this was not checked by passenger-install-nginx-module. As a result, passenger-install-nginx-module fails on e.g. out-of-the-box Ubuntu installations until the user manually installs OpenSSL. Issue #422. * [Nginx] Fixed support for internal redirects and subrequests. It is now possible to, for example, point X-Accel-Redirects to Phusion Passenger-served URLs. Patch contributed by W. Andrew Loe III: issue #433. * [Apache] Fixed a GnuTLS compatibility issue. mod_gnutls can cause Phusion Passenger to crash because of an unchecked NULL pointer. This problem has now been fixed: issue #391. * Fixed thread creation issue on Intel Itanium platforms. This fixes issue #427. * Fixed compilation problems on Linux running on the Renesas SH4 CPU. Patch contributed by iwamatsu: issue #428. * The Rack library has been unvendored. The original reason for vendoring was to work around broken Rails applications that explicitly specify Rack as a gem dependency. We've found a better workaround that does not require vendoring Rack. This also fixes a compatibility problem with Rails 3, because Rails 3 depends on a newer Rack version than the one we had vendored. Issue #432. * Fixed compatibility with Ruby 1.9.1 patchlevel >= 152 Ruby 1.9.1 patchlevel >= 152 has a bug in its tempfile library. If you've seen an error message along the lines of *** Exception IOError in Passenger RequestHandler (closed stream) then this is a Ruby bug at work. This bug has been fixed in Ruby 1.9.2, but Ruby 1.9.1 still contains this bug. We've added a workaround so that the bug is not triggered with this Ruby version. Issue #432. Release 2.2.7 ------------- * Removed forgotten debugging code in passenger-install-apache2-module, which caused it not to compile anything. Release 2.2.6 ------------- * Some /tmp cleaner programs such as tmpwatch try to remove subdirectories in /tmp/passenger.xxx after a while because they think those subdirectories are unused. This could cause Phusion Passenger to malfunction, requiring a web server restart. Measures have now been taken to prevent those tmp cleaner programs from removing anything in /tmp/passenger.xxx. Issue #365. * When autodetecting the application type, Rack is now given more priority than Rails. This allows one to drop a config.ru file in a Rails directory and have it detected as a Rack application instead of a Rails application. Patch contributed by Sam Pohlenz: issue #338. * The default socket backlog has been increased from 'SOMAXCONN' (which is 128 on most platforms) to 1024. This should fix most 'helper_server.sock failed: Resource temporarily unavailable' errors. * Fixed compilation problems on Solaris. Issue #369 and issue #379. * Fixed crashes on PowerPC. * Some Ruby 1.9 compatibility fixes. Issue #398. * The installer now displays correct dependency installation instructions for Mandriva Linux. * [Apache] The location of the 'apxs' and 'apr-config' commands can now also be passed to the installer through the --apxs-path and --apr-config-path parameters, in addition to the $APXS2 and $APR_CONFIG environment variables. Issue #3. * [Nginx] Various problems that only occur on 64-bit platforms have been fixed. * [Nginx] The installer now installs Nginx 0.7.64 by default. Release 2.2.5 ------------- * [Apache] Small file uploads are now buffered; fixes potential DoS attack Phusion Passenger buffers large file uploads to temp files so that it doesn't block applications while an upload is in progress, but it sent small uploads directly to the application without buffering it. This could result in a potential DoS attack: the client can send many small, incomplete file uploads to the server, and this would block all application processes until a timeout occurs. In order to solve this problem, Phusion Passenger now buffers small file uploads in memory. Bug #356. * [Apache] Fixed support for mod_rewrite passthrough rules Mod_rewrite passthrough rules were not properly supported because of a bug fix for supporting encoded slashes (%2f) in URLs. Unfortunately, due to bugs/limitations in Apache, we can support either encoded slashes or mod_rewrite passthrough rules, but not both; supporting one will break the other. Support for mod_rewrite passthrough rules is now enabled by default; that is, support for encoded slashes is disabled by default. A new configuration option, "PassengerAllowEncodedSlashes", has been added. Turning this option on will enable support for encoded slashes and disable support for mod_rewrite passthrough rules. Issue #113 and issue #230. * [Apache] Added a configuration option for resolving symlinks in the document root path Phusion Passenger 2.2.0 and higher no longer resolves symlinks in the document root path in order to properly support Capistrano-style directory structures. The exact behavior is documented in the Users Guide, section "How Phusion Passenger detects whether a virtual host is a web application". However, some people relied on the old behavior. A new configuration option, PassengerResolveSymlinksInDocumentRoot, has been added to allow reverting back to the old behavior. Patch contributed by Locaweb (http://www.locaweb.com.br/). * [Apache] mod_env variables are now also passed through CGI environment headers Prior to version 2.2.3, environment variables set by mod_env are passed to the application as CGI environment headers, not through Ruby's ENV variable. In the last release we introduced support for setting ENV environment variables with mod_env, and got rid of the code for setting CGI environment headers. It turns out that some people relied on the old behavior, we so now environment variables set with mod_env are set in both ENV and in the CGI environment. Fixes bug #335. * [Apache] Fixed compilation problems on some Linux systems with older versions of Apache If you used to see compilation errors like this: ext/apache2/Configuration.cpp:554: error: expected primary-expression before '.' token then this version should compile properly. * [Apache] Fixed I/O timeouts for communication with backend processes Got rid of the code for enforcing I/O timeouts when reading from or writing to a backend process. This caused more problems than it solved. * [Nginx] Support for streaming responses (e.g. Comet or HTTP push) Buffering of backend responses is now disabled. This fixes support for streaming responses, something which the Apache version has supported for a while now. One can generate streaming responses in Ruby on Rails like this: render :text => lambda { |response, output| 10_000.times do |i| output.write("hello #{i}!\n") end } * [Nginx] Installer now installs Nginx 0.7.61 by default Previously it installed 0.6.37 by default. * [Nginx] Fixed the installer's --extra-configure-flags flag when combined with --auto-download Arguments passed to --extra-configure-flags were not being passed to the Nginx configure script when --auto-download is given. This has been fixed: bug #349. * [Nginx] Fixed unnecessary download of PCRE The installer now checks whether PCRE is installed in /opt/local (e.g. MacPorts) as well before concluding that it isn't installed and going ahead with downloading PCRE. * Fixed STDERR capturing While spawning an application, Phusion Passenger captures any output written to STDERR so that it can show them later if the application failed to start. This turns out to be much more difficult than expected, with all kinds of corner cases that can mess up this feature. For example, if the Rails log file is not writable, then this can cause Rails to crash with a bizarre and unhelpful error message whenever it tries to write to STDERR: /!\ FAILSAFE /!\ Thu Aug 20 14:58:39 +1000 2009 Status: 500 Internal Server Error undefined method `[]' for nil:NilClass Some applications reopen STDERR to a log file. This didn't work. Of all of these problems have been fixed now. (Bug #332) * Fixed some bugs in application sources preloading Rails >= 2.2 already preloads the application sources, in which case Phusion Passenger wasn't supposed to perform it's own preloading, but the Rails >= 2.2 detection code was bugged. This has been fixed. Rails < 2.2 doesn't preload the application sources by itself, but there should be a certain order with which the sources are preloaded, otherwise preloading could fail in some applications. We now enforce a specific load order: first models, then controllers, then helpers. Bug #359. * Fixed a few bugs in WSGI compliance PATH_INFO is supposed to be set to the request URI, but without the query string and without the base URI. This has been fixed: bug #360. * Fixed some Ruby 1.9-specific crashes caused by encoding issues. Bug #354. * Fixed loading of config/environment.rb on Ruby 1.9.2, because Ruby 1.9.2 no longer has "." in the default load path. Patch by metaljastix, issue #368. * The Users Guide for Apache now mentions something about correct permissions for application directories. * Fixed compilation problems on IA-64 (bug #118). We also reduced the stack sizes for the threads by half, so Phusion Passenger should use even less virtual memory now. * Fixed compilation problems on Linux systems with ARM CPU. * Fixed a few compatibility problems with 64-bit OpenBSD. * Fixed a few typos and minor bugs. Older releases -------------- Please consult the blog posts on http://old.blog.phusion.nl/ for the information about older releases.