Permalink
Browse files

Continue writing release notes

  • Loading branch information...
1 parent c878017 commit 24cc3fae4250666a3e129f6f843c4a8ac752adf4 @FooBarWidget FooBarWidget committed Aug 24, 2009
Showing with 57 additions and 30 deletions.
  1. +51 −28 NEWS
  2. +6 −2 Rakefile
View
79 NEWS
@@ -1,6 +1,44 @@
Release 2.2.5
-------------
+ * [Apache] Small file uploads are now buffered; fixes potential DoS attack
+ Phusion Passenger buffers large file uploads to a temp file so that it
+ doesn't block applications while an upload is in progress, but it sent
+ small uploads directly to the application without buffering it. This could
+ result in a potential DoS attack: the client can send many small, incomplete
+ file uploads to the server, and this would block all application processes
+ until a timeout occurs. In order to solve this problem, Phusion Passenger
+ now buffers small file upload in memory. Bug #356.
+
+ * [Apache] Added a configuration option for resolving symlinks in the document
+ root path Phusion Passenger 2.2.0 and higher no longer resolve symlinks in
+ the document root path in order to properly support Capistrano-style
+ directory structures. The exact behavior is documented in the Users Guide,
+ section "How Phusion Passenger detects whether a virtual host is a web
+ application".
+
+ However, some people relied on the old behavior. A new configuration option,
+ PassengerResolveSymlinksInDocumentRoot, has been added to allow reverting
+ back to the old behavior.
+
+ * [Apache] mod_env variables are now also passed through CGI environment headers
+ Prior to version 2.2.3, environment variables set by mod_env are passed to
+ the application as CGI environment headers, not through Ruby's ENV variable.
+ In the last release we introduced support for setting ENV environment
+ variables with mod_env, and got rid of the code for setting CGI environment
+ headers. It turns out that some people relied on the old behavior, we so now
+ environment variables set with mod_env are set in both ENV and in the CGI
+ environment.
+
+ Fixes bug #335.
+
+ * [Apache] Fixed compilation problems on some Linux systems with older versions of Apache
+ If you used to see compilation errors like this:
+
+ ext/apache2/Configuration.cpp:554: error: expected primary-expression before '.' token
+
+ then this version should compile properly.
+
* [Nginx] Support for streaming responses (e.g. Comet or HTTP push)
Buffering of backend responses is now disabled. This fixes support for
streaming responses, something which the Apache version has supported
@@ -18,7 +56,7 @@ Release 2.2.5
to STDERR so that it can show them later if the application failed to start.
This turns out to be much more difficult than expected, with all kinds of
corner cases that can mess up this feature.
-
+
For example, if the Rails log file is not writable, then this can cause
Rails to crash with a bizarre and unhelpful error message whenever it tries
to write to STDERR:
@@ -31,35 +69,20 @@ Release 2.2.5
Of all of these problems have been fixed now. (Bug #332)
- * [Apache] Added a configuration option for resolving symlinks in the document
- root path Phusion Passenger 2.2.0 and higher no longer resolve symlinks in
- the document root path in order to properly support Capistrano-style
- directory structures. The exact behavior is documented in the Users Guide,
- section "How Phusion Passenger detects whether a virtual host is a web
- application".
+ * Fixed some bugs in application sources preloading
+ Rails >= 2.2 already preloads the application sources, in which case Phusion
+ Passenger wasn't supposed to perform it's own preloading, but the Rails
+ >= 2.2 detection code was bugged. This has been fixed.
- However, some people relied on the old behavior. A new configuration option,
- PassengerResolveSymlinksInDocumentRoot, has been added to allow reverting
- back to the old behavior.
-
- * [Apache] mod_env variables are now also passed through CGI environment headers
- Prior to version 2.2.3, environment variables set by mod_env are passed to
- the application as CGI environment headers, not through Ruby's ENV variable.
- In the last release we introduced support for setting ENV environment
- variables with mod_env, and got rid of the code for setting CGI environment
- headers. It turns out that some people relied on the old behavior, we so now
- environment variables set with mod_env are set in both ENV and in the CGI
- environment.
-
- Fixes bug #335.
-
- * [Apache] Fixed compilation problems on some Linux systems with older versions of Apache
- If you used to see compilation errors like this:
-
- ext/apache2/Configuration.cpp:554: error: expected primary-expression before '.' token
-
- then this version should compile properly.
+ Rails < 2.2 doesn't preload the application sources by itself, but there
+ should be a certain order with which the sources are preloaded, otherwise
+ preloading could fail in some applications. We now enforce a specific load
+ order: first models, then controllers, then helpers.
+ Bug #359.
+
+ * The Users Guide for Apache now mentions something about correct permissions
+ for application directories.
* Fixed compilation problems on IA-64 (bug #118). We also reduced the stack
sizes for the threads by half, so Phusion Passenger should use even less
virtual memory now.
View
@@ -885,12 +885,16 @@ task :news_as_html do
end
# Auto-link to issue tracker.
- text.gsub!(/(bug) #(\d+)/i) do
+ text.gsub!(/(bug|issue) #(\d+)/i) do
url = "http://code.google.com/p/phusion-passenger/issues/detail?id=#{$2}"
- %Q(<a href="#{url}">#{$1} ##{$2}</a>)
+ %Q(<{a href="#{url}"}>#{$1} ##{$2}<{/a}>)
end
text.strip!
+ text = CGI.escapeHTML(text)
+ text.gsub!(%r(&lt;\{(.*?)\}&gt;(.*?)&lt;\{/(.*?)\}&gt;)) do
+ "<#{CGI.unescapeHTML $1}>#{$2}</#{CGI.unescapeHTML $3}>"
+ end
text
end

0 comments on commit 24cc3fa

Please sign in to comment.