Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: nginx_config_p…
Fetching contributors…

Cannot retrieve contributors at this time

1120 lines (914 sloc) 52.75 kb
Release 4.0.15
* Fix a crash when multiple passenger_pass_header directives are set.
Fixes issue #934.
* Permissions on the server instance directory are now explicitly set
with chmod, so that permissions are correct on systems with a non-default
umask. Fixes issue #928.
* Fix permission problems when running `passenger start` with `--user`.
* `passenger-config --detect-apache2` now correctly detects the eror log
filename on Amazon Linux. Fixes issue #933.
Release 4.0.14
* Fixed a bug in Passenger Standalone's source compiler, for the specific
case when the downloaded Nginx binary doesn't work, and compilation
of the Nginx binary did not succeed the first time (e.g. because of
missing dependencies).
* Precompiled Ruby native extensions are now automatically downloaded.
Release 4.0.13
* Updated preferred Nginx version to 1.4.2.
* Worked around the fact that FreeBSD 9.1 has a broken C++ runtime. Patch
contributed by David Keller.
* Autogenerated HTTP Date headers are now in UTC instead of local time.
This could cause cookies to have the wrong expiration time. Fixes issue #913.
* Fixed compatibility problems with Ruby 1.8.6 (issue #924).
* Introduced a tool, `passenger-config --detect-apache2`, which autodetects
all Apache installations on the system along with their parameters (which
apachectl command to run, which log file to read, which config file to edit).
The tool advises users about how to use that specific Apache installation.
Useful if the user has multiple Apache installations but don't know about
it, or when the user doesn't know how to work with multiple Apache
* Added an API for better Rack socket hijacking support.
* Added a hidden configuration option for customizing the application start
timeout. A proper configuration option will be introduced in the future.
* Added autodetection support for Amazon Linux.
* Fixed process metrics collection on some operating systems. Some systems'
'ps' command expect no space between -p and the list of PIDs.
Release 4.0.10
* Fixed a crash in PassengerWatchdog which occurs on some OS X systems.
* Fixed exception reporting to Union Station.
* Improved documentation.
Release 4.0.9
* [Enterprise] Fixed a problem with passenger-irb.
Release 4.0.8
* Fixed a problem with graceful web server restarts. When you gracefully
restart the web server, it would cause Phusion Passenger internal sockets
to be deleted, thus causing Phusion Passenger to go down. This problem
was introduced in 4.0.6 during the attempt to fix issue #910.
* The PassengerRestartDir/passenger_restart_dir now accepts relative
filenames again, just like in Phusion Passenger 3.x. Patch
contributed by Ryan Schwartz.
* Documentation updates contributed by Gokulnath Manakkattil.
* [Enterprise] Fixed a license key checking issue on some operating systems,
such as CentOS 6.
Release 4.0.7
* There was a regression in 4.0.6 that sometimes prevents
PassengerLoggingAgent from starting up. Unfortunately this slipped
our release testing. This regression has been fixed and we've updated
our test suite to check for these kinds of regressions.
Release 4.0.6
* Fixed a potential 100% CPU lock up in the crash handler, which only occurs
on OS X. Fixes issue #908.
* Fixed a crash in request handling, when certain events are trigger after
the client has already disconnected. Fixes issue #889.
* Phusion Passenger will no longer crash when the Phusion Passenger
native_support Ruby extension cannot be compiled, e.g. because the Ruby
development headers are not installed or because the current user has no
permission to save the native extension file. Fixes issue #890.
* Fixed OS X 10.9 support. Fixes issue #906.
* Removed dependency on bash, so that Phusion Passenger works out of the box
on BSD platforms without installing/configuring bash. Fixes issue #911.
* Fix 'PassengerPoolIdleTime 0' not being respected correctly. Issue #904.
* Admin tools improvement: it is now possible to see all currently running
requests by invoking `passenger-status --show=requests`.
* A new feature called Flying Passenger allows you to decouple the life time
of Phusion Passenger from the web server, so that both can be restarted
indepedently from each other. Please refer to
for an introduction.
* [Apache] Fixed compatibility with Apache pipe logging. Previously this
would cause Phusion Passenger to lock up with 100% CPU during Apache
* [Nginx] The Nginx configure script now checks whether 'ruby' is in $PATH.
Previously, if 'ruby' is not in $PATH, then the compilation process fails
with an obscure error.
* [Nginx] passenger-install-nginx-module now works properly even when Phusion
Passenger is installed through the Debian packages. Before, the installer
would tell you to install Phusion Passenger through the gem or tarball
* [Enterprise] Added pretty printing helpers to the Live IRB Console.
* Fixed permissions on a subdirectory in the server instance directory. The
server instance directory is a temporary directory that Phusion Passenger
uses to store working files, and is deleted after Phusion Passenger exits.
A subdirectory inside it is world-writable (but not world-readable) and is
used for storing Unix domain sockets created by different apps, which may
run as different users. These sockets had long random filenames to prevent
them from being guessed. However because of a typo, this subdirectory was
created with the setuid bit, when it should have sticky bit (to prevent
existing files from being deleted or renamed by a user that doesn't own the
file). This has now been fixed.
* If the server instance directory already exists, it will now be removed
first in order get correct directory permissions. If the directory still
exists after removal, Phusion Passenger aborts to avoid writing to a
directory with unexpected permissions. Fixes issue #910.
* The installer now checks whether the system has enough virtual memory, and
prints a helpful warning if it doesn't.
* Linux/AArch64 compatibility fixes. Patch contributed by Dirk Mueller.
* Improved documentation.
Release 4.0.5
* [Standalone] Fixed a regression that prevented Passenger Standalone
from starting. Fixes issue #899.
* Fixed security vulnerability CVE-2013-2119.
Urgency: low
Scope: local exploit
Summary: denial of service and arbitrary code execution by hijacking temp files
Affected versions: all versions
Fixed versions: 3.0.21 and 4.0.5
Phusion Passenger's code did not always create temporary files and directories in a secure manner. Temporary files and directories were sometimes created with a predictable filename. A local attacker can pre-create temporary files, resulting in a denial of service. In addition, this vulnerability allows a local attacker to run arbitrary code as another user, by hijacking temporary files.
By pre-creating certain temporary files with certain permissions, attackers can prevent Passenger Standalone from starting (denial of service).
By pre-creating certain temporary files with certain other permissions, attackers can trick `passenger start` and the build system (which is invoked by `passenger-install-apache2-module`/`passenger-install-nginx-module`) to run arbitrary code. The user that the code is run as, is equal to the user that ran `passenger start` or the build system. Attacks of this nature have to be timed exactly right. The attacker must overwrite the file contents right after Phusion Passenger has created the file contents, but right before the file is used. In the context of `passenger start`, the vulnerable window begins right after Passenger Standalone has created the Nginx config file, and ends when Nginx has read the config file. Once Nginx has started and initialized, the system is no longer vulnerable. `passenger stop` and other Passenger Standalone commands besides `start` are not vulnerable. In the context of the build system, the vulnerable window begins when `passenger-install-apache2-module`/`passenger-install-nginx-module` prints its first dependency checking message, and ends when it prints the first compiler command.
Only the `passenger start` command, the `passenger-install-apache2-module` command and the `passenger-install-nginx-module` commands are vulnerable. Phusion Passenger for Apache and Phusion Passenger for Nginx (once they are installed) are not vulnerable.
Fixed versions:
3.0.21 and 4.0.5 have been released to address this issue.
You can use this workaround if you are unable to upgrade. Before invoking any Phusion Passenger command, set the `TMPDIR` environment variable to a directory that is not world-writable. Special care must be taken when you use sudo: sudo resets all environment variables, so you should either invoke sudo with `-E`, or you must set the environment variable after gaining root privileges with sudo.
Release 4.0.4
* Fixed autodetection of noexec-mount /tmp directory. Fixes issue #850
and issue #625.
* Fixed a WSGI bug. wsgi.input was a file object opened in text mode,
but should be opened in binary mode. Fixes issue #881.
* Fixed a potential crash in Out-of-Band Work. Fixes issue #894.
* Fixed a potential crash in rolling restarting, which only occurs if a
process was also being spawned at the same time. Fixes issue #896.
* [Apache] The RailsBaseURI and RackBaseURI directives have been unified.
For a long time, RailsBaseURI told Phusion Passenger that the given
sub-URI belongs to a **Rails 2** application. Attempt to use this
directive with Rails 3 or with Rack applications would result in an
error. Because this confused users, RailsBaseURI and RackBaseURI
have now been unified and can now be used interchangably. Phusion
Passenger will automatically detect what kind of application it is.
The Nginx version already worked like this. Fixes issue #882.
* [Standalone] The Passenger Standalone temp directory and
PassengerWatchdog server instance directory have been unified.
PassengerWatchdog already automatically updates the timestamps of
all files in its server instance directory every 6 hours to prevent
/tmp cleaners from deleting the directory. Therefore this
unification prevents the Passenger Standalone temp directory to be
deleted by /tmp cleaners as well. Fixes issue #654.
* [Standalone] types_hash_max_size has been increased from 1024 to
2048. This solves a problem that causes Nginx not to start on some
platforms. Contributed by Jan-Willem Koelewijn.
Release 4.0.3
* Better protection is now provided against application processes that
are stuck and refuse to shut down cleanly. Since version 4.0.0,
Phusion Passenger already forcefully shuts down all processes during
web server shutdown. In addition to this, 4.0.3 now also forcefully
shuts down processes that take more than 1 minute to shut down, even
outside the context of web server shutdowns. This feature does not,
however, protect against requests that take too long. Use
PassengerMaxRequestTime (Apache) or passenger_max_request_time (Nginx)
for that.
* Fixed a crash in the HelperAgent which results in frequent process
restarts in some traffic patterns. Fixes issue #862.
* Fixed a problem that prevents processes from being spawned correctly
if the user's bashrc changes working directory. Fixes issue #851.
* passenger-status now also displays CPU usage.
* The installer now checks for checksums when automatically downloading
PCRE and Nginx. Contributed by Joshua Lund.
* An error is now printed when trying to daemonize Phusion Passenger
Standalone on Ruby implementations that don't support forking.
Contributed by Benjamin Fleischer.
* Although Phusion Passenger already supported JRuby, *installing*
Phusion Passenger with JRuby was not possible. This has been fixed.
* Various other minor bug fixes.
Release 4.0.2
* Bumped the preferred Nginx version to 1.4.1 because of a critical
Nginx security vulnerability, CVE-2013-2028. Users are advised to
upgrade immediately.
Release 4.0.1
* Fixed a crasher bug in the Deployment Error Resistance feature.
* Fixed a bug in PassengerDefaultUser and PassengerDefaultGroup.
* Fixed a bug which could cause application processes to exit before
they've finished their request.
* Fixed some small file descriptor leaks.
* Bumped the preferred Nginx version to 1.4.0.
* Editing the Phusion Passenger Standalone Nginx config template
is no longer discouraged.
* Improved documentation.
Release 4.0.0 release candidate 6
* WebSocket support on Nginx. Requires Nginx >= 1.3.15.
* Improved RVM support.
* Performance optimizations.
* Various bug fixes.
Release 4.0.0 release candidate 5
* The default config snippet for Apache has changed! It must now contain a
`PassengerDefaultRuby` option. The installer has been updated to output
this option. The `PassengerRuby` option still exists, but it's only used
for configuring different Ruby interpreters in different contexts. Please
refer to the manual for more information.
* We now provide GPG digital signatures for all file releases by Phusion.
More information can be found in the manual.
* `passenger-status` now displays process memory usage and time when it
was last used. The latter fixes issue #853.
* Exceptions in Rack application objects are now caught to prevent
application processes from exiting.
* The `passenger-config` tool now supports the `--ruby-command` argument,
which helps the user with figuring out the correct Ruby command to use
in case s/he wants to use multiple Ruby interpreters. The manual has
also been updated to mention this tool.
* Fixed streaming responses on Apache.
* Worked around an OS X Unix domain socket bug. Fixes issue #854.
* Out-of-Band Garbage Collection now works properly when the application
has disabled garbage collection. Fixes issue #859.
* Fixed support for /usr/bin/python on OS X. Fixes issue #855.
* Fixed looping-without-sleeping in the ApplicationPool garbage collector
if PassengerPoolIdleTime is set to 0. Fixes issue #858.
* Fixed some process memory usage measurement bugs.
* Fixed process memory usage measurement on NetBSD. Fixes issue #736.
* Fixed a file descriptor leak in the Out-of-Band Work feature. Fixes issue #864.
* The PassengerPreStart helper script now uses the default Ruby
interpreter specified in the web server configuration, and no longer
requires a `ruby` command to be in `$PATH`.
* Updated preferred PCRE version to 8.32.
* Worked around some RVM bugs.
* The ngx_http_stub_status_module is now enabled by default.
* Performance optimizations.
Release 4.0.0 release candidate 4
* Fixed compilation on systems where /tmp is mounted noexec.
* Fixed some memory corruption bugs.
* Improved debugging messages.
* Phusion Passenger Standalone now sets underscores_in_headers.
Fixes issue #708.
* Fixed some process spawning compatibility problems, as
reported in issue #842.
* The Python WSGI loader now correctly shuts down client sockets
even when there are child processes that keep the socket open.
* A new configuration option PassengerPython (Apache) and
passenger_python (Nginx) has been added so that users can
customize the Python interpreter on a per-application basis.
Fixes issue #852.
* The Apache module now supports file uploads larger than 2 GB
when on 32-bit systems. Fixes issue #838.
* The Nginx version now supports the `passenger_temp_dir` option.
* Environment variables set in the Nginx configuration file
(through the `env` config option) are now correctly passed to
all application processes. Fixes issue #371.
* Fixed support for RVM mixed mode installations. Fixes issue #828.
* Phusion Passenger now outputs the Date HTTP header in case the
application didn't already do that (and was violating the HTTP spec).
Fixes issue #485.
* Phusion Passenger now checks whether /dev/urandom isn't broken.
Fixes issue #516.
Release 3.9.5 (4.0.0 release candidate 3)
* Fixed Rake autodetection.
Release 3.9.4 (4.0.0 release candidate 2)
* More bug fixes.
* More documentation updates.
* Better crash diagnostics.
Release 3.9.3 (4.0.0 release candidate 1)
* The Nginx version now supports the `passenger_app_root` configuration option.
* The Enterprise memory limiting feature has been extended to work with non-Ruby applications as well.
* Application processes that have been killed are now automatically detected within 5 seconds. Previously Phusion Passenger needed to send a request to the process before detecting that it's gone. This change means that when you kill a process by sending it a signal, Phusion Passenger will automatically respawn it within 5 seconds (provided that the process limit settings allow respawning).
* Phusion Passenger Standalone's HTTP client body limit has been raised from 50 MB to 1 GB.
* Python 3 support has been added.
* The build system has been made compatible with JRuby and Ruby 2.0.
* The installers now print a lot more information about detected system settings so that the user can see whether something has been wrongly detected.
* Some performance optimizations. These involve further extending the zero-copy architecture, and the use of hash table maps instead of binary tree maps.
* Many potential crasher and freezer bugs have been fixed.
* Error diagnostics have been further improved.
* Many documentation improvements.
Release 3.9.2 (4.0.0 beta 2)
* New feature: JRuby and Rubinius support.
* New feature: Out of Band Work.
* Sending SIGBART to a Ruby process will now trigger the same behavior
as SIGQUIT - that is, it will print a backtrace. This is necessary
for proper JRuby support because JRuby cannot catch SIGQUIT.
* Rolling restarts and depoyment error resistance are now also available
in Phusion Passenger Standalone in the Enterprise version.
* System call failure simulation framework.
* Improved crash reporting.
* Many documentation improvements.
* Many bug fixes.
Release 3.9.1 (4.0.0 beta 1)
This is the first beta of Phusion Passenger 4. The changes are numerous.
* Support for multiple Ruby versions.
* The internals now use evented I/O.
* Real-time response buffering.
* Improved zero-copy architecture.
* Rewritten ApplicationPool and process spawning subsystem.
* Multithreading within Ruby apps (Phusion Passenger Enterprise only).
* Python WSGI support lifted to "beta" status.
* More protection against stuck processes.
* Automatically picks up environment variables from your bashrc.
* Allows setting environment variables directly in Apache.
* Automatic asset pipeline support in Standalone.
* Deleting restart.txt no longer triggers a restart.
* More stable Union Station support.
* Many internal robustness improvements.
* Better relocatability without wasting space.
Release 3.0.21
* Rebootstrapped the libev configure to fix compilation problems on Solaris 11.
* Fixed support for RVM mixed mode installations. Fixes issue #828.
* Fixed encoding problems in Phusion Passenger Standalone.
* Changed preferred Nginx version to 1.2.9.
* Catch exceptions raised by Rack application objects.
* Fix for CVE-2013-2119. Details can be found in the announcement for version 4.0.5.
* Version 3.0.20 was pulled because its fixes were incomplete.
Release 3.0.19
* Nginx security fix: do not display Nginx version when
server_tokens are off.
* Fixed compilation problems on some systems.
* Fixed some Union Station-related bugs.
Release 3.0.18
* Fixed compilation problems on Fedora 17.
* Fixed Union Station compatibility with Rails 3.2.
* Phusion Passenger Enterprise Standalone now supports rolling
restarts and deployment error resistance.
Release 3.0.17
* Fixed a Ruby 1.9 encoding-related bug in the memory measurer.
(Phusion Passenger Enterprise)
* Fixed OOM adjustment bugs on Linux.
* Fixed compilation problems on Fedora 18 and 19.
* Fixed compilation problems on SunOS.
* Fixed compilation problems on AIX. Contribution by Perry Smith.
* Fixed various compilation warnings.
* Upgraded preferred Nginx version to 1.2.3.
3.0.16 was an unofficial hotfix release, and so its announcement had been skipped.
Release 3.0.15
* Updated documentation.
* Updated website links.
Release 3.0.14
* [Apache] Fixed a long-standing mod_rewrite-related problem.
Some mod_rewrite rules would not work, but it depends on the exact
mod_rewrite configuration so it would work for some people but not
for others. Issue #563. Thanks a lot to cedricmaion for providing
information on the nature of the bug and to peter.nash55 for
providing a VM that allowed us to reproduce the problem.
* [Nginx] Preferred Nginx version to 1.2.2.
The previously preferred version was 1.2.1.
* Cleared some confusing terminology in the documentation.
* Fixed some Ruby 1.9 encoding problems.
Release 3.0.13
* [Nginx] Preferred Nginx version upgraded to 1.2.1.
* Fixed compilation problems on FreeBSD 6.4. Fixes issue #766.
* Fixed compilation problems on GCC >= 4.6.
* Fixed compilation problems on OpenIndiana and Solaris 11. Fixes issue #742.
* Union Station-related bug fixes.
* Sending the soft termination signal twice to application processes no longer makes them crash. Patch contributed by Ian Ehlert.
Release 3.0.12
* [Apache] Support Apache 2.4. The event MPM is now also supported.
* [Nginx] Preferred Nginx version upgraded to 1.0.15.
* [Nginx] Preferred PCRE version upgraded to 8.30.
* [Nginx] Fixed compatibility with Nginx < 1.0.10.
* [Nginx] Nginx is now installed with http_gzip_static_module by default.
* [Nginx] Fixed a memory disclosure security problem.
The issue is documented at
and affects more modules than just Phusion Passenger. Users are advised
to upgrade as soon as possible. Patch submitted by Gregory Potamianos.
* [Nginx] passenger_show_version_in_header now hides the Phusion Passenger version number from the 'Server:' header too.
Patch submitted by Gregory Potamianos.
* Fixed a /proc deprecation warning on Linux kernel >= 3.0.
Release 3.0.11
* Fixed a compilation problem on platforms without alloca.h, such as FreeBSD 7.
* Improved performance and solved some warnings on Xen systems by compiling
with `-mno-tls-direct-seg-refs`. Patch contributed by Michał Pokrywka.
Release 3.0.10
* [Nginx] Dropped support for Nginx versions older than 1.0.0
* [Nginx] Fixed support for Nginx 1.1.4+
* [Nginx, Standalone] Upgraded default Nginx version to 1.0.10
The previously default version was 1.0.5.
* [Nginx] New option passenger_max_requests
This is equivalent to the PassengerMaxRequests option in the Apache
version: Phusion Passenger will automatically shutdown a worker process
once it has processed the specified number of requests.
Contributed by Paul Kmiec.
* [Apache] New option PassengerBufferResponse
The Apache version did not buffer responses. This could block the Ruby
worker process in case of slow clients. We now enable response buffering
by default. It can be turned off through this option. Feature contributed
by Ryo Onodera.
* Fixed remaining Ruby 1.9.3 compatibility problems
We already supported Ruby 1.9.3 since 3.0.8, but due to bugs in Ruby
1.9.3's build system Phusion Passenger would fail to detect Ruby 1.9.3
features on some systems. Fixes issue #714.
* Fixed a bug in PassengerPreStart
A regression was introduced in 3.0.8, causing the prespawn script to
connect to the host name instead of to Fix contributed by
Andy Allan.
* Fixed compatibility with GCC 4.6
Affected systems include Ubuntu 11.10.
* Fixed various compilation problems.
* Fixed some Ruby 1.9 encoding problems.
* Fixed some Ruby 1.9.3 deprecation warnings.
Release 3.0.9
* [Nginx] Fixed a NULL pointer crash that occurs on HTTP/1.0 requests
when the Host header isn't given.
* Fixed deprecation warnings on RubyGems >= 1.6.
* Improved Union Station support stability.
Release 3.0.8
* [Nginx] Upgraded preferred Nginx version to 1.0.5.
* [Nginx] Fixed various compilation problems on various platforms.
* [Nginx] We now ensure that SERVER_NAME is equal to HTTP_HOST without the port part.
This is needed for Rack compliance. By default Nginx sets SERVER_NAME to
whatever is specified in the server_name directive, but that's not necessarily
the correct value. This fixes, for example, the use of the 'map' statement
* [Nginx] Added the options passenger_buffer_size, passenger_buffers and passenger_busy_buffers_size.
These options are similar to proxy_module's similarly named options. You can
use these to e.g. increase the maximum header size limit.
* [Nginx] passenger_pre_start now supports virtual hosts that listen on Unix domain sockets.
* [Apache] Fixed the pcre.h compilation problem.
* [Standalone] Fixed 'passenger stop'.
It didn't work properly because it kept waiting for 'tail' to exit.
We now properly terminate 'tail' as well.
* Fixed compatibility with Rake 0.9.
* Fixed various Ruby 1.9 compatibility issues.
* Various documentation improvements.
* New Union Station filter language features.
It now supports status codes and response times.
Please refer to
for more information.
Release 3.0.7
* Fixed a bug passenger-install-apache2-module. It could crash on
some systems due to a typo in the code.
* Upgraded preferred Nginx version to 1.0.0.
* Phusion Passenger Standalone now pre-starts application processes
at startup instead of doing that at the first request.
* When sending data to Union Station, the HTTP status code is now also
* Various Union Station-related stability improvements.
* The Linux OOM killer was previously erroneously disabled for all
Phusion Passenger processes, including application processes. The
intention was to only disable it for the Watchdog. This has been
fixed, and the Watchdog is now the only process for which the OOM
killer is disabled.
* Fixed some compilation problems on OpenBSD.
* Due to a typo, the dependency on file-tail was not entirely removed
in 3.0.6. This has now been fixed.
Release 3.0.6
* Fixed various compilation problems such as XCode 4 support and OpenBSD support.
* Fixed various Union Station-related stability issues.
* Fixed an issue with host name detection on certain platforms.
* Improved error logging in various parts.
* The dependency on the file-tail library has been removed.
* During installation, check whether /tmp is mounted with 'noexec'.
Phusion Passenger's installer relies on /tmp *not* being mounted
with 'noexec'. If it is then the installer will now show a helpful
error message instead of bailing out in a confusing manner. Users
can now tell the installer to use a different directory for storing
temporary files by customizing the $TMPDIR environment variable.
* Phusion Passenger Standalone can now run Rackup files that are not named ''.
The filename can be passed through the command line using the -R option.
Release 3.0.5
* [Apache] Fixed Union Station process statistics collection
Union Station users that are using Apache may notice that no process
information show up in Union Station. This is because of a bug in
Phusion Passenger's Apache version, which has now been fixed.
* [Apache] PassengerAnalytics has been renamed to UnionStationSupport
This option has been renamed for consistency reasons.
* [Nginx] passenger_analytics has been renamed to union_station_support
This option has been renamed for consistency reasons.
* Fixed Union Station data sending on older libcurl versions
Some Union Station users have reported that their data don't show up.
Upon investigation this turned out to be a compatibility with older
libcurl versions. Affected systems include all RHEL 5 based systems,
such as RHEL 5.5 and CentOS 5.5. We've now fixed compatibility
with older libcurl versions.
* Added support for the Union Station filter language
This language can be used to limit the kind of data that's sent to
Union Station. Please read for details.
* Fixed a PassengerMaxPoolSize/passenger_max_pool_size violation bug
People who host a lot of different applications on Phusion Passenger
may notice that it sometimes spawns more processes than is allowed
by PassengerMaxPoolSize/passenger_max_pool_size. This has been fixed.
Release 3.0.4
* [Apache] Changed mod_dir workaround hook priority
Phusion Passenger temporarily disables mod_dir on all Phusion
Passenger-handled requests in order to avoid conflicts. In order to do this
it registers some Apache hooks with the APR_HOOK_MIDDLE priority, but it
turned out that this breaks some other modules like mod_python. The hook
priority has been changed to APR_HOOK_LAST to match mod_dir's hook
priorities. Issue reported by Jay Freeman.
* Added support for Union Station:
* Some error messages have been improved.
Release 3.0.3
* [Nginx] Preferred Nginx version upgraded to 0.8.54
The previous preferred version was 0.8.53.
* PATH_INFO and REQUEST_URI now contain the original escaped URI
Phusion Passenger passes the URI, as reported by Apache/Nginx, to
application processes through the PATH_INFO and REQUEST_URI variables.
These variables are supposed to contain the original, unescaped URI, e.g.
/clubs/%C3%BC. Both Apache and Nginx thought that it would be a good idea
to unescape the URI before passing it to modules like Phusion Passenger,
thereby causing PATH_INFO and REQUEST_URI to contain the unescaped URI,
e.g. /clubs/ü. This causes all sorts of encoding problems. We now manually
re-escape the URI when setting PATH_INFO and REQUEST_URI. Issue #404.
* The installer no longer detects directories as potential commands
Previously the installer would look in $PATH for everything that's
executable, including directories. If one has /usr/lib in $PATH
and a directory /usr/lib/gcc exists then the installer would recognize
/usr/lib/gcc as the compiler. We now explicitly check whether the item
is also a file.
* PseudoIO now responds to #to_io
Phusion Passenger sets STDERR to a PseudoIO object in order to capture
anything written to STDERR during application startup. This breaks
some libraries which expect STDERR to respond to #to_io. This has now
been fixed. Issue #607.
* Fixed various other minor bugs
See the git commit log for details.
Release 3.0.2
* [Nginx] Fixed compilation problems
The Nginx compilation process was broken due to not correctly reverting
the working directory of the Nginx configure script. This has been fixed:
issue #595.
* [Nginx] Fixed crash if passenger_root refers to a nonexistant directory
Issue #599.
* Fixed compilation problems on NetBSD
There was a typo in a NetBSD-specific fcntl() call. It also turns out that
NetBSD doesn't support some ISO C99 math functions like llroundl(); this
has been worked around by using other functions. Issue #593.
* Fixed file descriptor closing issues on FreeBSD
Phusion Passenger child processes didn't correct close file descriptors
on FreeBSD because it queries /dev/fd to do that. On FreeBSD /dev/fd
only returns meaningful results if fdescfs is mounted, which it isn't
by default. Issue #597.
Release 3.0.1
* MUCH faster compilation
We've applied code aggregation techniques, allowing Phusion Passenger
to be compiled much quicker now. For example, compiling the Nginx
component (not Nginx itself) on a MacBook Pro now takes only 29
seconds instead of 51 seconds, an improvement of 75%! Compiling the
Apache module on a slower Dell Inspiron now takes 39 seconds instead of
1 minute 22 seconds, or 110% faster!
* Fixed malfunction after web server restart
On Linux systems that have a non-standard filesystem on /tmp, Phusion
Passenger could malfunction after restarting the web server because of
a bug that's only triggered on certain filesystems. Issue #569.
* Boost upgraded to version 1.44.0.
We were on 1.42.0.
* Much improved startup error messages
Phusion Passenger performs many extensive checks during startup to ensure
integrity. However the error message in some situation could be vague.
These startup error messages have now been improved dramatically, so that
if something goes wrong during startup you will now more likely know why.
* Curl < 7.12.1 is now supported
The previous version fails to compile with Curl versions earlier than
7.12.1. Issue #556.
* passenger-make-enterprisey fixed
This is the command that people can run after donating. It allows people
to slightly modify Phusion Passenger's display name as a joke. In 3.0.0 it
was broken because of a typo. This has been fixed.
* Removed passenger-stress-test
This tool was used during the early life of Phusion Passenger for stress
testing websites. Its performance has never been very good and there are
much better tools for stress testing, so this tool has now been removed.
* [Apache] RailsEnv and RackEnv configuration options are now equivalent
In previous versions, RailsEnv only had effect on Rails 1 and Rails 2 apps
while RackEnv only had effect on Rack apps. Because Rails 3 apps are
considered Rack apps, setting RailsEnv had no effect on Rails 3 apps.
Because this is confusing to users, we've now made RailsEnv and RackEnv
equivalent. Issue #579.
* [Nginx] Fixed compilation problems on systems with unpowerful shells
Most notably Solaris. Its default shell does not support some basic
constructs that we used in the Nginx configure script.
* [Nginx] Upgraded default Nginx version to to 0.8.53
The previous default was 0.8.52.
* [Nginx] passenger_enabled now only accepts 'on' or 'off' values
Previously it would recognize any value not equal to 'on' as meaning
'off'. This caused confusion among users who thought they could also
specify 'true', so we now throw a proper error if the value is
unrecognized. Fixes issue #583.
Release 3.0.0
This is a major release with many changes. Please read our blog for details.
Release 2.2.15
* [Apache] Fixed incorrect temp dir cleanup by passenger-status
On some systems, running passenger-status could print the following
*** Cleaning stale folder /tmp/passenger.1234
...after which Phusion Passenger breaks because that directory is
necessary for it to function properly. The cause of this problem
has been found and has been fixed.
* [Apache] Fixed some upload handling problems
Previous versions of Phusion Passenger check whether the size of
the received upload data matches the contents of the Content-Length
header as received by the client. It turns out that there could
be a mismatch e.g. because of mod_deflate input compression, so
we can't trust Content-Length anyway and we're being too strict.
The check has now been removed.
* [Nginx] Fixed compilation issues with Nginx >= 0.7.66
Thanks to Potamianos Gregory for reporting this issue. Issue #500.
* [Nginx] Default Nginx version changed to 0.7.67
The previous default version was 0.7.65.
* Fixed more Bundler problems
Previous versions of Phusion Passenger would preload some popular
libraries such as mysql and sqlite3 in order to utilize copy-on-write
optimizations better. However this behavior conflicts with Bundler
so we've removed it.
Release 2.2.14
* Added support for Rubinius
Patch contributed by Evan Phoenix.
* Fixed a mistake in the SIGQUIT backtrace message.
Patch contributed by Christoffer Sawicki.
* [Nginx] Fix a localtime() crash on FreeBSD
This was caused by insufficient stack space for threads. Issue #499.
Release 2.2.13
* Fixed some Rails 3 compatibility issues that were recently introduced.
* Fixed a typo that causes config/setup_load_paths.rb not to be loaded
Release 2.2.12
* Improved Bundler support.
Previous versions might not be able to correctly load gems bundled
by Bundler. We've also documented how our Bundler support works and
how to override our support if you need special behavior.
Please refer to the Phusion Passenger Users Guide, section
"Bundler support".
* Worked around some user account handling bugs in Ruby. Issue #192.
* Fixed some Ruby 1.9 tempfile.rb compatibility problems.
* Fixed some compilation problems on some ARM Linux platforms.
* [Apache] Suppress bogus mod_xsendfile-related error messages.
When mod_xsendfile is being used, Phusion Passenger might print
bogus error messages like "EPIPE" or "Apache stopped forwarding
the backend's response" to the log file. These messages are
normal, are harmless and can be safely ignored, but they pollute
the log file. So in this release we've added code to suppress
these messages when mod_xsendfile is being used. Issue #474.
* [Nginx] Fixed "passenger_user_switching off" permission problems
If Nginx is running as root and passenger_user_switching is turned
off, then Phusion Passenger would fail to initialize because of
a permission problem. This has been fixed. Issue #458.
* [Nginx] Nginx >= 0.8.38 is now supported.
Thanks to Sergey A. Osokin for reporting the problem.
* [Nginx] passenger-install-nginx-module upgraded
It now defaults to installing Nginx 0.7.65 instead of 0.7.64.
Release 2.2.11
* This release fixes a regression that appeared in 2.2.10 which only
affects Apache. When under high load, Apache might freeze and stop
responding to requests. It is caused by a race condition which is
why it escaped our last release testing.
This problem does not affect Nginx; you only have to upgrade if
you're using Apache.
Release 2.2.10
* Fixed some Bundler compatibility problems.
* Fixed some file descriptor passing problems, which previously
could lead to mysterious crashes.
* Fixed some compilation problems on newer GCC versions. Issue #430.
* Support #size method in rack.input.
Release 2.2.9
* Fixed compatibility with Rails 3.
Actually, previous Phusion Passenger releases were already compatible
with Rails 3, depending on the spawn method that would be invoked. Here's
the story:
Since Phusion Passenger 2.2.8, when the file exists, Phusion
Passenger will treat the app as a Rack app, not as a Rails app. This is
in contrast to earlier versions which gave Rails detection more priority
than Rack detection. Phusion Passenger loads Rack apps and Rails apps in
different ways. The Rails loader was not compatible with Rails 3, which
is what we've fixed in this release.
That said, a Rails 3 app would have worked out-of-the-box on Phusion
Passenger 2.2.8 as well because Rails 3 apps include a file
by default, causing Phusion Passenger 2.2.8 to use the Rack loader.
Earlier versions of Phusion Passenger would just completely bail out
because they'd use the Rails loader.
That said, with 2.2.9 there are still some caveats:
- Smart spawning (the mechanism with which REE's 33% memory reduction
is implemented) is *not* supported for Rack apps. This means that if
you want to utilize smart spawning with Rails 3, then you should
remove your file.
- Rails 3 depends on Rack 1.1.0. You must have Rack 1.1.0 installed as
a gem, even if you've bundled it with the gem bundler. This is because
Phusion Passenger itself depends on Rack.
Both of these caveats are temporary. We have plans to solve both of these
properly in the future.
* What's up with the Gem Bundler?
There has been some reports that Phusion Passenger is not compatible with
Yehuda Katz's gem bundler ( This might
have been true for an earlier version of the gem bundler, but the latest
version seems to work fine. Please note that you need to insert the
following snippet in config/preinitializer.rb, as instructed by the gem
bundler's README:
require "#{RAILS_ROOT}/vendor/gems/environment"
The Rails::Boot monkey patching code as posted at
does not seem to be required anymore.
* Fixed support for ActiveRecord subclasses that connect to another database.
ActiveRecord subclasses that connect to a database other than the default
one did not have their connection correctly cleared after forking.
This can result in weird errors along the lines of "Lost connection to
MySQL server during query". Issue #429.
* [Nginx] Fixed PCRE URL.
passenger-install-nginx-module downloads PCRE 7.8 if PCRE is not already
installed. However PCRE 7.8 has been removed from their FTP server,
so we've updated the URL to point to the latest version, 8.0.
Release 2.2.8
* [Nginx] Fixed some signal handling problems.
Restarting Nginx on OS X with SIGHUP can sometimes take a long time or
even fail completely. This is because of some signal handling problems,
which have now been fixed.
* [Nginx] Added OpenSSL as dependency.
OpenSSL is required in order to install Nginx, but this was not checked
by passenger-install-nginx-module. As a result,
passenger-install-nginx-module fails on e.g. out-of-the-box Ubuntu
installations until the user manually installs OpenSSL. Issue #422.
* [Nginx] Fixed support for internal redirects and subrequests.
It is now possible to, for example, point X-Accel-Redirects to Phusion
Passenger-served URLs. Patch contributed by W. Andrew Loe III: issue #433.
* [Apache] Fixed a GnuTLS compatibility issue.
mod_gnutls can cause Phusion Passenger to crash because of an unchecked
NULL pointer. This problem has now been fixed: issue #391.
* Fixed thread creation issue on Intel Itanium platforms.
This fixes issue #427.
* Fixed compilation problems on Linux running on the Renesas SH4 CPU.
Patch contributed by iwamatsu: issue #428.
* The Rack library has been unvendored.
The original reason for vendoring was to work around broken Rails
applications that explicitly specify Rack as a gem dependency. We've
found a better workaround that does not require vendoring Rack.
This also fixes a compatibility problem with Rails 3, because Rails
3 depends on a newer Rack version than the one we had vendored.
Issue #432.
* Fixed compatibility with Ruby 1.9.1 patchlevel >= 152
Ruby 1.9.1 patchlevel >= 152 has a bug in its tempfile library. If you've
seen an error message along the lines of
*** Exception IOError in Passenger RequestHandler (closed stream)
then this is a Ruby bug at work. This bug has been fixed in Ruby 1.9.2,
but Ruby 1.9.1 still contains this bug. We've added a workaround so that
the bug is not triggered with this Ruby version. Issue #432.
Release 2.2.7
* Removed forgotten debugging code in passenger-install-apache2-module,
which caused it not to compile anything.
Release 2.2.6
* Some /tmp cleaner programs such as tmpwatch try to remove subdirectories
in /tmp/ after a while because they think those
subdirectories are unused. This could cause Phusion Passenger to
malfunction, requiring a web server restart. Measures have now been
taken to prevent those tmp cleaner programs from removing anything
in /tmp/ Issue #365.
* When autodetecting the application type, Rack is now given more priority
than Rails. This allows one to drop a file in a Rails directory
and have it detected as a Rack application instead of a Rails application.
Patch contributed by Sam Pohlenz: issue #338.
* The default socket backlog has been increased from 'SOMAXCONN' (which
is 128 on most platforms) to 1024. This should fix most
'helper_server.sock failed: Resource temporarily unavailable'
* Fixed compilation problems on Solaris. Issue #369 and issue #379.
* Fixed crashes on PowerPC.
* Some Ruby 1.9 compatibility fixes. Issue #398.
* The installer now displays correct dependency installation instructions
for Mandriva Linux.
* [Apache] The location of the 'apxs' and 'apr-config' commands can now
also be passed to the installer through the --apxs-path and
--apr-config-path parameters, in addition to the $APXS2 and $APR_CONFIG
environment variables. Issue #3.
* [Nginx] Various problems that only occur on 64-bit platforms have been fixed.
* [Nginx] The installer now installs Nginx 0.7.64 by default.
Release 2.2.5
* [Apache] Small file uploads are now buffered; fixes potential DoS attack
Phusion Passenger buffers large file uploads to temp files so that it
doesn't block applications while an upload is in progress, but it sent
small uploads directly to the application without buffering it. This could
result in a potential DoS attack: the client can send many small, incomplete
file uploads to the server, and this would block all application processes
until a timeout occurs. In order to solve this problem, Phusion Passenger
now buffers small file uploads in memory. Bug #356.
* [Apache] Fixed support for mod_rewrite passthrough rules
Mod_rewrite passthrough rules were not properly supported because of a bug
fix for supporting encoded slashes (%2f) in URLs. Unfortunately, due to
bugs/limitations in Apache, we can support either encoded slashes or
mod_rewrite passthrough rules, but not both; supporting one will break the
Support for mod_rewrite passthrough rules is now enabled by default; that
is, support for encoded slashes is disabled by default. A new configuration
option, "PassengerAllowEncodedSlashes", has been added. Turning this option
on will enable support for encoded slashes and disable support for
mod_rewrite passthrough rules.
Issue #113 and issue #230.
* [Apache] Added a configuration option for resolving symlinks in the document root path
Phusion Passenger 2.2.0 and higher no longer resolves symlinks in
the document root path in order to properly support Capistrano-style
directory structures. The exact behavior is documented in the Users Guide,
section "How Phusion Passenger detects whether a virtual host is a web
However, some people relied on the old behavior. A new configuration option,
PassengerResolveSymlinksInDocumentRoot, has been added to allow reverting
back to the old behavior.
Patch contributed by Locaweb (
* [Apache] mod_env variables are now also passed through CGI environment headers
Prior to version 2.2.3, environment variables set by mod_env are passed to
the application as CGI environment headers, not through Ruby's ENV variable.
In the last release we introduced support for setting ENV environment
variables with mod_env, and got rid of the code for setting CGI environment
headers. It turns out that some people relied on the old behavior, we so now
environment variables set with mod_env are set in both ENV and in the CGI
Fixes bug #335.
* [Apache] Fixed compilation problems on some Linux systems with older versions of Apache
If you used to see compilation errors like this:
ext/apache2/Configuration.cpp:554: error: expected primary-expression before '.' token
then this version should compile properly.
* [Apache] Fixed I/O timeouts for communication with backend processes
Got rid of the code for enforcing I/O timeouts when reading from or writing to
a backend process. This caused more problems than it solved.
* [Nginx] Support for streaming responses (e.g. Comet or HTTP push)
Buffering of backend responses is now disabled. This fixes support for
streaming responses, something which the Apache version has supported
for a while now. One can generate streaming responses in Ruby on Rails
like this:
render :text => lambda { |response, output|
10_000.times do |i|
output.write("hello #{i}!\n")
* [Nginx] Installer now installs Nginx 0.7.61 by default
Previously it installed 0.6.37 by default.
* [Nginx] Fixed the installer's --extra-configure-flags flag when combined with --auto-download
Arguments passed to --extra-configure-flags were not being passed to the
Nginx configure script when --auto-download is given. This has been
fixed: bug #349.
* [Nginx] Fixed unnecessary download of PCRE
The installer now checks whether PCRE is installed in /opt/local (e.g.
MacPorts) as well before concluding that it isn't installed and going ahead
with downloading PCRE.
* Fixed STDERR capturing
While spawning an application, Phusion Passenger captures any output written
to STDERR so that it can show them later if the application failed to start.
This turns out to be much more difficult than expected, with all kinds of
corner cases that can mess up this feature.
For example, if the Rails log file is not writable, then this can cause
Rails to crash with a bizarre and unhelpful error message whenever it tries
to write to STDERR:
/!\ FAILSAFE /!\ Thu Aug 20 14:58:39 +1000 2009
Status: 500 Internal Server Error
undefined method `[]' for nil:NilClass
Some applications reopen STDERR to a log file. This didn't work.
Of all of these problems have been fixed now. (Bug #332)
* Fixed some bugs in application sources preloading
Rails >= 2.2 already preloads the application sources, in which case Phusion
Passenger wasn't supposed to perform it's own preloading, but the Rails
>= 2.2 detection code was bugged. This has been fixed.
Rails < 2.2 doesn't preload the application sources by itself, but there
should be a certain order with which the sources are preloaded, otherwise
preloading could fail in some applications. We now enforce a specific load
order: first models, then controllers, then helpers.
Bug #359.
* Fixed a few bugs in WSGI compliance
PATH_INFO is supposed to be set to the request URI, but without the query
string and without the base URI. This has been fixed: bug #360.
* Fixed some Ruby 1.9-specific crashes caused by encoding issues. Bug #354.
* Fixed loading of config/environment.rb on Ruby 1.9.2, because Ruby 1.9.2
no longer has "." in the default load path. Patch by metaljastix, issue #368.
* The Users Guide for Apache now mentions something about correct permissions
for application directories.
* Fixed compilation problems on IA-64 (bug #118). We also reduced the stack
sizes for the threads by half, so Phusion Passenger should use even less
virtual memory now.
* Fixed compilation problems on Linux systems with ARM CPU.
* Fixed a few compatibility problems with 64-bit OpenBSD.
* Fixed a few typos and minor bugs.
Older releases
Please consult the blog posts on for the information about older releases.
Jump to Line
Something went wrong with that request. Please try again.