o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
Release 5.0.3
-------------
* [Standalone] When using the builtin engine, `passenger start` may crash during
startup due to an initialization race condition. This has been fixed.
* [Enterprise] Fixes a bug in passenger-irb. Running passenger-irb without a PID
parameter worked, but running it with a PID parameter didn't.
* Fixes an integer overflow that resulted in a file descriptor leak and stalled
client connections. Closes GH-1412.
* Truncates Passenger source code paths in logs (to 3 chars) to reduce redundant
info. Closes GH-1383.
* Fixes invalid JSON output for non-finite double values (e.g. from the HTTP JSON
API). Closes GH-1408.
* All hooks now set the `PASSENGER_HOOK_NAME` environment variable. This variable
is set to the name of the hook that is being called.
* The Ruby handler no longer tries to call #force_encoding on response body
strings, which fixes an incompatibility with apps/libraries that return frozen
body strings. Closes GH-1414.
* If the Ruby handler crashes while processing a Rack response body, it will now
no longer stall the connection.
* Fixes env.SERVER_PORT containing 80 instead of 443 when using https on default
port. Closes GH-1421.
* We now handle errors in the `poll()` system call better. This might fix some
crashes during shutdown which manifest on FreeBSD.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
Release 5.0.2
-------------
* Fixes a connection freeze that could occur when processing large responses. This would
manifest itself under the error message "This website is under heavy load" or "Request
queue is full, returning an error". Closes GH-1404.
* Debian and Ubuntu packages have been reintroduces.
* When `passenger-config restart-app` is run interactively, if Passenger is not serving
any applications, then the command now prints an error message instead of showing a
menu with only a "Cancel" option.
* Fixes a compilation problem on FreeBSD 10 (contributed by: clemensg). Closes GH-1401.
* [Standalone] Fixes a crash that would occur if you use the `--ctl` parameter.
* [Enterprise] The `--max-request-time` option has been added to Passenger Standalone.
* [Enterprise] The `max_request_time_reached` hook has been introduced. This hook allows
you to run diagnostics on a process that that took too long to respond to a request.
Release 5.0.1
-------------
* The `passenger-config restart-app` command is now more user friendly. When run in a
terminal, it will show an interactive menu, allowing you to select the app to restart.
Closes GH-1387.
* Fixed a crash bug in the handling of sticky session cookies.
* Log failed program in error message, not its command line (contributed by: paisleyrob).
Closes GH-1397.
* [Nginx] Fixes cases in which Passenger overrides the Nginx handler function even when
it shouldn't, for example when Passenger is disabled. Closes GH-1393.
* [Enterprise] The `sticky_sessions` and `envvars` options in Passengerfile.json is now
also supported in mass deployment mode.
Release 5.0.0 release candidate 2
---------------------------------
* Fixes an installation problem with the Ruby gem due to incorrect Makefile generation.
Closes GH-1382.
* More helpful message when request queue is full. Closes GH-1375.
Release 5.0.0 release candidate 1
---------------------------------
* Fixed Date headers not being formatted in the GMT timezone. Closes GH-1367.
* Fixed Passengerfile.json/passenger-standalone.json not being properly loaded in
Passenger Standalone.
* Fixed support for sticky sessions.
* Fixed an infinite loop if the ApplicationPool garbage collector fails due to an
exception. Closes GH-1360.
* Fixed Passenger Standalone exiting prematurely when the HelperAgent crashes. Exiting
prematurely is not supposed to happen because the watchdog will restart the HelperAgent.
Closes GH-1339.
* Fixed a crash that occurs when using a non-standard startup file value. Closes GH-1378.
* When dumping system metrics during error page generation, the `passenger-config`
command is now invoked under the same Ruby interpreter as the app, instead of the
one in PATH. Closes GH-1381.
* When a Ruby process crashes due to an uncaught exception, this fact is now properly
logged.
* Specifying 0 for the `max_pool_size` config option no longer results in a crash.
Closes GH-1334.
* The timeouts when downloading Passenger Standalone binaries and source files are
now customizable. Closes GH-1295.
* The `envvars` option is now supported in Passengerfile.json, for passing environment
variables to the application. Closes GH-1377.
* Introduced `hook_queue_full_error` for request queue overflows. Closes GH-1358.
* [Ruby] Fixed handling of "transfer-encoding chunked" response bodies which contain
zero-sized chunks.
* [Nginx] It is no longer necessary to re-specify `passenger_enabled` in `location`
contexts. Closes GH-1338.
* [Enterprise] Fixed a bug in mass deployment reloading.
* [Enterprise] Fixed a bug in mass deployment daemonization.
* [Enterprise] The mass deployment mode now supports the `app_type` and `startup_file`
configuration options in Passengerfile.json/passenger-standalone.json. Closes GH-1366.
Release 5.0.0 beta 3
--------------------
* The turbocache has received major updates and fixes based on excellent feedback Chris
Heald and the community. First, several bugs w.r.t. the handling of caching headers
have been fixed. Second, the turbocache has become slightly more conservative for
security reasons. In previous versions, default cacheable responses (as defined by RFC
7234) were cached unless caching headers tell us not to. Now, default cacheable responses
are only cached if caching headers explicitly tell us to. This change was introduced
because there are many applications that set incorrect caching headers on private
responses. This new behavior is currently not configurable, but there are plans to make
it configurable in 5.0.0 release candidate 1.
* Introduced a new configuration option, `passenger_response_buffer_high_watermark` (Nginx)
and `PassengerResponseBufferHighWatermark` (Apache), for configuring the behavior of the
response buffering system. Closes GH-1300.
* Fixed more cookie handling issues. Closes GH-1310.
* Fixed various WebSocket issues. Closes GH-1306.
* Fixed some crashes caused by race conditions. Closes GH-1326.
* Fixed issues with handling POST data. Closes GH-1331.
* Fixed some issues on Heroku. Closes GH-1329.
* Fixed some integer overflows. Fix contributed by Go Maeda. Closes GH-1357.
* Fixed the `passenger-status --show=union_station` command. Closes GH-1336.
* Nginx versions earlier than 1.6 are no longer supported.
* Improved state introspection.
Release 5.0.0 beta 2
--------------------
* Fixed handling of multiple Set-Cookie headers. Closes GH-1296.
* `passenger-config system-metrics` now works properly if the agent is installed in
~/.passenger. Closes GH-1304.
* Documentation enhancements by Igor Vuk. Closes GH-1318.
* Fixed some crasher bugs.
* [Standalone] User switching is now correctly disabled.
* [Standalone] Fixed the `--thread-count` parameter.
* [Apache] IPs set by mod_remoteip are now respected. Closes GH-1284.
* [Apache] Fixed support for gzipped chunked responses. Closes GH-1309.
Release 5.0.0 beta 1
--------------------
Version 5.0.0 beta 1 contains major changes. It's mostly compatible with version 4, but there
are a few minor breakages, which are described below. Major changes and notable breakages are:
* Performance has been much improved. This is thanks to months of optimization work. You can
learn more at www.rubyraptor.org.
* We've published a [server optimization guide]
(https://www.phusionpassenger.com/documentation/ServerOptimizationGuide.html) for those who
are interested in tuning Phusion Passenger.
* Support for Rails 1.2 - 2.2 has been removed, for performance reasons. Rails 2.3 is still
supported.
* Phusion Passenger now supports integrated HTTP caching, which we call turbocaching. If your
app sets the right HTTP headers then Phusion Passenger can tremendously accelerate your app.
It is enabled by default, but you can disable it with `--disable-turbocaching` (Standalone),
`PassengerTurbocaching off` (Apache), or 'passenger_turbocaching off' (Nginx).
* Touching restart.txt will no longer restart your app immediately. This is because, for
performance reasons, the stat throttle rate now defaults to 10. You can still get back the
old behavior by setting `PassengerStatThrottleRate 0` (Apache) or
`passenger_stat_throttle_rate 0` (Nginx), but this is not encouraged. Instead, we encourage
you to use the `passenger-config restart-app` tool to initiate restarts, which has immediate
effect.
* Websockets are now properly disconnected on application restarts.
* The Phusion Passneger log levels have been completely revamped. If you were setting a log
level before (e.g. through `passenger_log_level`), please read the latest documentation to
learn about the new log levels.
* If you use out-of-band garbage collection, beware that the `X-Passenger-Request-OOB-Work`
header has now been renamed to `!~Request-OOB-Work`.
* When using Rack's full socket hijacking, you must now output an HTTP status line.
* [Nginx] The `passenger_set_cgi_param` option has been removed and replaced by
`passenger_set_header` and `passenger_env_var`.
* [Nginx] `passenger_show_version_in_header` is now only valid in the `http` context.
* [Apache] The `PassengerStatThrottleRate` option is now global.
Minor changes:
* The minimum required Nginx version is now 1.6.0.
* The instance directory is now touched every hour instead of every 6 hours. This should
hopefully prevent more problems with /tmp cleaner daemons.
* Applications are not grouped not only on the application root path, but also on the
environment. For example, this allows you to run the same app in both production and staging
mode, with only a single directory, without further configuration. Closes GH-664.
* The `passenger_temp_dir` option (Nginx) and the `PassengerTempDir` option (Apache) have been
replaced by two config options. On Nginx they are `passenger_instance_registry_dir` and
`passenger_data_buffer_dir`. On Apache they are `PassengerInstanceRegistryDir` and
`PassengerDataBufferDir`. On Apache, `PassengerUploadBufferDir` has been replaced by
`PassengerDataBufferDir`.
* Command line tools no longer respect the `PASSENGER_TEMP_DIR` environment variable.
Use `PASSENGER_INSTANCE_REGISTRY_DIR` instead.
* `passenger-status --show=requests` has been deprecated in favor of
`passenger-status --show=connections`.
* Using the SIGUSR1 signal to restart a Ruby app without dropping connections, is no longer
supported. Instead, use `passenger-config detach-process`.
* Introduced the `passenger-config reopen-logs` command, which instructs all Phusion Passenger
agent processes to reopen their log files. You should call this after having rotated the web
server logs.
* [Standalone] The Phusion Passenger Standalone config template has changed. Users are
encouraged to update it.
* [Standalone] `passenger-standalone.json` has been renamed to `Passengerfile.json`.
* [Standalone] `passenger-standalone.json`/`Passengerfile.json` no longer overrides command
line options. Instead, command line options now have the highest priority.
Release 4.0.60
--------------
* Fixed the password protection of internal Phusion Passenger processes.
For security reasons, Phusion Passenger limits access to internal processes, by using Unix
file permissions and randomly generated passwords that only authorized internal processes
know. It turns out that this password wasn't set correctly, which has now been fixed.
There was no security vulnerability, because the file permissions already provide
sufficient security. The password only serves as an extra layer of security just in case
there is a problem with the former.
This issue is not at all related to any application-level security or application-level
passwords. Any database passwords, keys, or secrets used and generated by applications
have got nothing to do with the nature of this issue. This issue only relates to some
randomly generated passwords that Passenger uses internally, for its internal operations.
</ChangeLog>
<ChangeLog>
12 Feb 2015 - 2.9.0
-------------------
* Fix apr_crypto.h include, now checking if apr_crypto.h is available by
checking the definition WITH_APU_CRYPTO.
[martinjina and ModSecurity team]
15 Dez 2014 - 2.9.0-RC2
-----------------------
* OpenSSL dependency was removed on MS Windows builds. ModSecurity is now using
the Windows certificate storage.
[Gregg Smith, Steffen and ModSecurity team]
* Informs about external resources loaded/failed while reloading Apache.
[ModSecurity team]
* Adds missing 'ModSecurity:' prefix in some warnings messages.
[Walter Hop and ModSecurity team]
* Refactoring external resources download warn messages. Holding the message
to be displayed when Apache is ready to write on the error_log.
[ModSecurity team]
* Remote resources loading process is now failing in case of HTTP error.
[Walter Hop and ModSecurity team]
* Fixed start up crash on Apache with mod_ssl configured. Crash was happening
during the download of remote resources.
[Christian Folini, Walter Hop and ModSecurity team]
* Curl is not a mandatory dependency to ModSecurity core anymore.
[Rainer Jung and ModSecurity team]
18 Nov 2014 - 2.9.0-RC1
-----------------------
* `pmFromFile' and `ipMatchFromFile' operators are now accepting HTTPS served
files as parameter.
* `SecRemoteRules' directive - allows you to specify a HTTPS served file that
may contain rules in the SecRule format to be loaded into your ModSecurity
instance.
* `SecRemoteRulesFailAction' directive - allows you to control whenever the
user wants to Abort or just Warn when there is a problem while downloading
rules specified with the directive: `SecRemoteRules'.
* `fuzzyHash' operator - allows to match contents using fuzzy hashes.
* `FILES_TMP_CONTENT' collection - make available the content of uploaded
files.
* InsecureNoCheckCert - option to validate or not a chain of SSL certificates
on mlogc connections.
* ModSecurityIIS: ModSecurity event ID was changed from 0 to 0x1.
[Issue #676 - Kris Kater and ModSecurity team]
* Fixed signature on "status call": ModSecurity is now using the original
server signature.
[Issues #702 - Linas and ModSecurity team]
* YAJL version is printed while ModSecurity initialization.
[Issue #703 - Steffen (Apache Lounge) and Mauro Faccenda]
* Fixed subnet representation using slash notation on the @ipMatch operator.
[Issue #706 - Walter Hop and ModSecurity team]
* Limited the length of a status call.
[Issue #714 - 'cpanelkurt' and ModSecurity team]
* Added the missing -P option to nginx regression tests.
[Issue #720 - Paul Yang]
* Fixed automake scripts to do not use features which will be deprecated in
the upcoming releases of automake.
[Issue #760 - ModSecurity team]
* apr-utils's LDFALGS is now considered while building ModSecurity.
[Issue #782 - Daniel J. Luke]
* IIS installer is not considering IIS 6 as compatible anymore.
[Issue #790 - ModSecurity team]
* Fixed yajl build script: now looking for the correct header file.
[Issue #804 - 'rpfilomeno' and ModSecurity team]
* mlgoc is now forced to use TLS 1.x.
[Issue #806 - Josh Amishav-Zlatin and ModSecurity team]
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
Release 4.0.58
--------------
* [Enterprise] Fixed a bug in the Debian packages which caused Flying Passenger to break when used with non-system Rubies.
* The Debian packages no longer require Ruby 1.9. Closes GH-1353.
</ChangeLog>
Submitted by: Miguel Clara <miguelmclara@gmail.com>
<ChangeLog>
v0.3.4
======
- Viewport is now defined in the generated HTML, which works better
for mobile devices.
- Even-odd row styling moved to the CSS using :nth-child(). This
makes the HTML served to clients smaller.
v0.3.3
======
- New feature: table headers in the default template are now clickable
to set the sorting criteria and direction of the index entries.
(https://github.com/aperezdc/ngx-fancyindex/issues/7)
v0.3.2
======
- Solved a bug that would leave certain clients stalled forever.
- Improved handling of subrequests for non-builtin headers/footers.
</ChangeLog>
upgrade the www/nginx-devel to 1.7.9).
<ChangeLog>
2014-12-23 VERSION 2.3
* Fix compatibility with nginx-1.7.9+.
2014-12-02 VERSION 2.2
* Fix compatibility with nginx-1.7.8+.
2014-05-19
* Fix build on Solaris with SunCC (Solaris Studio).
Reported by Jussi Sallinen.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
Release 4.0.57
--------------
* Fixed a native extension compatibility problem with Ruby 2.2.
Closes [ruby-core:67152](https://bugs.ruby-lang.org/issues/10656).
* Fixed compatibility with Nginx 1.7.9. Closes GH-1335.
Release 4.0.56
--------------
* Fixed a file descriptor leak that manifests when an error page is shown. Contributed by
Paul Bonaud, closes GH-1325.
* Improved Node.js request load balancing. Closes GH-1322. Thanks to Charles Vallieres for
the analysis.
Release 4.0.55
--------------
* Supports Ruby 2.2. Closes GH-1314.
* Fixed Linux OS name detection.
Release 4.0.54
--------------
* Contains a licensing-related hot fix for Enterprise customers.
</ChangeLog>
Before, we had:
site_perl : lib/perl5/site_perl/5.18
site_perl/perl_arch : lib/perl5/site_perl/5.18/mach
perl_man3 : lib/perl5/5.18/man/man3
Now we have:
site_perl : lib/perl5/site_perl
site_arch : lib/perl5/site_perl/mach/5.18
perl_man3 : lib/perl5/site_perl/man/man3
Modules without any .so will be installed at the same place regardless of the
Perl version, minimizing the upgrade when the major Perl version is changed.
It uses a version dependent directory for modules with compiled bits.
As PERL_ARCH is no longer needed in plists, it has been removed from
PLIST_SUB.
The USE_PERL5=fixpacklist keyword is removed, the .packlist file is now
always removed, as is perllocal.pod.
The old site_perl and site_perl/arch directories have been kept in the
default Perl @INC for all Perl ports, and will be phased out as these old
Perl versions expire.
PR: 194969
Differential Revision: https://reviews.freebsd.org/D1019
Exp-run by: antoine
Reviewed by: perl@
Approved by: portmgr
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
* Fixed a null termination bug when autodetecting application types.
* Node.js apps can now also trigger the inverse port binding mechanism by passing `'/passenger'`
as argument. This was introduced in order to be able to support the Hapi.js framework.
Please read
http://stackoverflow.com/questions/20645231/phusion-passenger-error-http-server-listen-was-called-more-than-once/20645549
for more information regarding Hapi.js support.
* It is now possible to abort Node.js WebSocket connections upon application restart.
Please refer to
https://github.com/phusion/passenger/wiki/Phusion-Passenger:-Node.js-tutorial#restarting_apps_that_serve_long_running_connections
for more information. Closes GH-1200.
* Passenger Standalone no longer automatically resolves symlinks in its paths.
* `passenger-config system-metrics` no longer crashes when the system clock is set to a time
in the past. Closes GH-1276.
* `passenger-status`, `passenger-memory-stats`, `passenger-install-apache2-module` and
`passenger-install-nginx-module` no longer output ANSI color codes by default when
STDOUT is not a TTY. Closes GH-487.
* `passenger-install-nginx-module --auto` is now all that's necessary to make it fully
non-interactive. It is no longer necessary to provide all the answers through
command line parameters. Closes GH-852.
* Minor contribution by Alessandro Lenzen.
</ChangeLog>
<ChangeLog>
*) Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).
Thanks to Antoine Delignat-Lavaud.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: requests might hang if resolver was used and a timeout
occurred during a DNS request.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
* Fixed a potential heap corruption bug.
* Added Union Station support for Rails 4.1.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
* Upgraded the preferred Nginx version to 1.6.1.
* Fixed a crash that may be triggered by the `passenger_max_requests` feature.
* Introduced the `spawn_failed` hook, which is called when an application
process fails to spawn. You could use this hook to setup an error
notification system. Closes GH-1252.
* Fonts, RSS and XML are now gzip-compressed by default in Phusion Passenger
Standalone. Thanks to Jacob Elder. Closes GH-1254.
* Fixed some user and group information lookup issues. Closes GH-1253.
* Fixed some request handling crashes. Closes GH-1250.
* Fixed some compilation problems on Gentoo. Closes GH-1261.
* Fixed some compilation problems on Solaris. Closes GH-1260.
</ChangeLog>
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
Add CPE information.
<ChangeLog>
Release 4.0.48
--------------
* Fixed a race condition while determining what user an application should
be executed as. This bug could lead to applications being run as the wrong
user. Closes GH-1241.
* [Standalone] Improved autodetection of Rails asset pipeline files. This
prevents Standalone from incorrectly setting caching headers on non-asset
pipeline files. Closes GH-1225.
* Fixed compilation problems on CentOS 5. Thanks to J. Smith. Closes GH-1247.
* Fixed compilation problems on OpenBSD.
* Fixed compatibility with Ruby 1.8.5.
Release 4.0.47
--------------
* [Enterprise] Fixed a bug in Flying Passenger's `--max-preloader-idle-time`
option.
Release 4.0.46
--------------
* Further improved Node.js and Socket.io compatibility.
* Sticky session cookies have been made more reliable.
* Fixed WebSocket upgrade issues on Firefox. Closes GH-1232.
* The Python application loader now inserts the application root into `sys.path`.
The fact that this was not done previously caused a lot of confusion amongst
Python users, who wondered why their `passenger_wsgi.py` could not import any
modules from the same directory.
* Fixed a compatibility problem with Django, which could cause Django apps to
freeze indefinitely. Closes GH-1215.
* Logging of application spawning errors has been much improved. Full details
about the error, such as environment variables, are saved to a private log file.
In the past, these details were only viewable in the browser. This change also
fixes a bug on Phusion Passenger Enterprise, where enabling Deployment Error
Resistance causes error messages to get lost. Closes GH-1021 and GH-1175.
* Fixed a regression in Node.js support. When a Node.js app is deployed on
a HTTPS host, the `X-Forwarded-Proto` header wasn't set in 4.0.45.
Closes GH-1231.
* Passenger Standalone no longer, by default, loads shell startup files before
loading the application. This is because Passenger Standalone is often invoked
from the shell anyway. Indeed, loading shell startup files again can interfere
with any environment variables already set in the invoking shell. You can
still tell Passenger Standalone to load shell startup files by passing
`--load-shell-envvars`. Passenger for Apache and Passenger for Nginx still
load shell startup files by default.
* Passenger Standalone now works properly when the HOME environment variable
isn't set. Closes GH-713.
* Passenger Standalone's `package-runtime` command has been removed. It has
been broken for a while and has nowadays been obsolete by our automatic
[binary generation system](https://github.com/phusion/passenger_autobuilder).
Closes GH-1133.
* The `passenger_startup_file` option now also works on Python apps. Closes GH-1233.
* If you are a [Union Station](https://www.unionstationapp.com) customer, then
Phusion Passenger will now also log application spawning errors to Union Station.
This data isn't shown in the Union Station interface yet, but it will be
implemented in the future.
* Fixed compilation problems on OmniOS and OpenIndiana. Closes GH-1212.
* Fixed compilation problems when Nginx is configured with OpenResty.
Thanks to Yichun Zhang. Closes GH-1226.
* Fixed Nginx HTTP POST failures on ARM platforms. Thanks to nocelic for the fix.
Closes GH-1151.
* Documentation contributions by Tim Bishop and Tugdual de Kerviler.
* Minor Nginx bug fix by Feng Gu. Closes GH-1235.
</ChangeLog>
<ChangeLog>
*) Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
Thanks to Chris Boulton.
*) Bugfix: the $uri variable might contain garbage when returning errors
with code 400.
Thanks to Sergey Bobrov.
*) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug
had appeared in 1.5.6.
Thanks to Svyatoslav Nikolsky.
</ChangeLog>
Starting with perl 5.20, they're not installed any more if empty,
and on FreeBSD, they're (always ?) empty.
PR: 190681
Submitted by: mat
Exp-Run by: antoine
Sponsored by: Absolight
o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.
<ChangeLog>
Release 4.0.44
--------------
* The issue tracker has now been moved from Google Code to Github.
Before version 4.0.44 (May 29 2014, commit 3dd0964c9f4), all
issue numbers referred to Google Code. From now on, all issue
numbers will refer to Github Issues.
* Fixed compilation problems on OS X Lion and OS X Mountain Lion.
* On Ruby, fixed `nil` being frozen on accident in some cases.
See issue #1192.
Release 4.0.43
--------------
* Introduced a new command `passenger-config list-instances`, which prints all
running Phusion Passenger instances.
* Introduced a new command `passenger-config system-metrics, which displays
metrics about the system such as the total CPU and memory usage.
* Fixed some compilation problems caused by the compiler capability autodetector.
* System metrics such as total CPU usage and memory usage, are now sent to
[Union Station](https://www.unionstationapp.com) in preparation for future
features.
Release 4.0.42
--------------
* [Nginx] Upgraded the preferred Nginx version to 1.6.0.
* [Nginx] Fixed compatibility with Nginx 1.7.0.
* [Standalone] The MIME type for .woff files has been changed to application/font-woff.
Fixes issue #1071.
* There are now APT packages for Ubuntu 14.04. At the same time, packages for
Ubuntu 13.10 have been abandoned.
* Introduced a new command, `passenger-config build-native-support`, for ensuring
that the native_support library for the current Ruby interpreter is built. This
is useful in system provisioning scripts.
* For security reasons, friendly error pages (those black/purple pages that shows
the error message, backtrace and environment variable dump when an application
fails to start) are now disabled by default when the application environment is
set to 'staging' or 'production'. Fixes issue #1063.
* Fixed some compilation warnings on Ubuntu 14.04.
* Fixed some compatibility problems with Rake 10.2.0 and later.
See [Rake issue 274](https://github.com/jimweirich/rake/issues/274).
* Improved error handling in [Union Station](https://www.unionstationapp.com) support.
* Data is now sent to Union Station on a more frequent basis, in order to make new
data show up more quickly.
* Information about the code revision is now sent to Union Station, which will be
used in the upcoming deployment tracking feature in Union Station 2.
</ChangeLog>
Temporary disable third-party modules and patches:
o http_upstream_sticky
o postgres
o syslog_support
o tcp_proxy
ChangeLog: http://nginx.org/en/CHANGES-1.6
a zeising, kwm production, with help from dumbbell, bdrewery:
NEW XORG ON FREEBSD 9-STABLE AND 10-STABLE
This update switches over to use the new xorg stack by default on FreeBSD 9
and 10 stable, on osversions where vt(9) is available.
It is still possible to use the old stack by specifying WITHOUT_NEW_XORG in
/etc/make.conf .
FreeBSD 8-STABLE and released versions of FreeBSD still use
the old version.
A package repository with binary packages for new xorg will
be available soon.
This patch also contains updates of libxcb and related ports, pixman, as well
as some drivers and utilities.
Bump portrevisions for xf86-* ports, as well as virtualbox-ose-additions due
to xserver version change.
Apart from these updates, the way shared libraries are handled has been
changed for all xorg ports, as well as libxml2 and freetype, which means
ltverhack is gone and as a consequence shared libraries have been bumped.
The plan is that this change will make library bumps less likely in the
future.
All affected ports have had their portrevisions bumped as a consequence of
this.
Fix some issues where WITH_NEW_XORG weren't detected properly on CURRENT.
Update instructions, hardware support, and more notes can be found on
https://wiki.freebsd.org/Graphics
Thanks to: all testers, bdrewery and the FreeBSD x11@ team
exp-run by: bdrewery [1]
PR: ports/187602 [1]
Approved by: portmgr (bdrewery), core (jhb)
<ChangeLog>
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_spdy_module, potentially resulting in arbitrary code
execution (CVE-2014-0133).
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr.
Manuel Sadosky, Buenos Aires, Argentina.
*) Bugfix: in the "fastcgi_next_upstream" directive.
Thanks to Lucas Molas.
</ChangeLog>
<ChangeLog>
*) Bugfix: the "client_max_body_size" directive might not work when
reading a request body using chunked transfer encoding; the bug had
appeared in 1.3.9.
Thanks to Lucas Molas.
*) Bugfix: a segmentation fault might occur in a worker process when
proxying WebSocket connections.
</ChangeLog>
<ChangeLog>
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
Thanks to Ivan Ristić.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: memory leak in nginx/Windows.
</ChangeLog>
