Phusion white papers Phusion overview

Baseimage-docker 0.9.15 released

By Hongli Lai on October 3rd, 2014

Baseimage-docker is a special Docker image that is configured for correct use within Docker containers. It is Ubuntu, plus modifications for Docker-friendliness. You can use it as a base for your own Docker images. Learn more at the Github repository and the website, which explain in detail what the problems are with the stock Ubuntu base image, and why you should use baseimage-docker.

Changes in this release

  • Fixed the setuid bit on /usr/bin/sudo. This problem was caused by Docker bug #6828.

Using baseimage-docker

Please learn more at the README.

Phusion Passenger 4.0.53 released

By Hongli Lai on October 1st, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.53 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

  • Upgraded the preferred Nginx version to 1.6.2.
  • Improved RVM gemset autodetection.
  • Fixed some Ruby 2.2 compatibility issues.

Installing or upgrading to 4.0.53

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.



Baseimage-docker 0.9.14 released

By Hongli Lai on October 1st, 2014

Baseimage-docker is a special Docker image that is configured for correct use within Docker containers. It is Ubuntu, plus modifications for Docker-friendliness. You can use it as a base for your own Docker images. Learn more at the Github repository and the website, which explain in detail what the problems are with the stock Ubuntu base image, and why you should use baseimage-docker.

Changes in this release

  • Installed all the latest Ubuntu security updates. This patches Shellshock, among other things.
  • Some documentation updates by andreamtp.

Using baseimage-docker

Please learn more at the README.

RSVP Now: The Future of App Deployment

By Ninh Bui on September 30th, 2014

Phusion USA Roadtrip 2014

Phusion will be traveling across the US this October to give tech talks on their future vision of app deployment. We’ve been working on some pretty exciting stuff and our friends over at AirBnB and ConstantContact have generously offered to host us over at their San Francisco and Waltham offices respectively to talk about this:

Writing an app is one thing, deploying it to a production ready environment and keeping it online in the face of countless potential scenarios of adversity is an entirely different beast. Not only does it currently still involve a fair bit of expertise when it comes to unix-fu, it also involves keeping an eye out on the latest software and configure them properly to combat things like security breaches. This is all generally considered tedious and cumbersome work, and often outside the domain of knowledge of developers. Wouldn’t it be great if we didn’t need to go through as many hoops as we need to do today and make it more developer friendly?

This talk will go over the most important steps currently involved in setting up a production environment for your a web app and will propose alternative approaches as well in the form of new software solutions developed by Phusion. This talk will focus on app deployment, monitoring and server provisioning, but will also touch upon topics such as UI design and UX as the latter plays an important part in making things more accessible. More specifically, we’ll discuss Docker, Polymer, Node, Rails, Phusion Passenger, Union Station and much more.

RSVP to attend!

Date Location Details/RSVP
Oct 23rd, 2014 — 6:00pm — 8:00pm Constant Contact Waltham Office Rails Boston Meetup.com
Oct 29th, 2014 — 6:00pm – 8:00pm AirBnB SF HQ AirBnB Meetups

Get notified about our tech talk recording

Unable to attend? No worries! We’ll be giving this series of tech talks over at our friends at Twitter too, who have generously offered to record it. We expect to be able to post it up online sometime in the future. Be sure to follow us on @phusion_nl and/or sign up to our newsletter to stay in the loop on this.

Sign up to be notified about our tech talk recordings, and other Phusion related news. You can unsubscribe any time.



On behalf of the Phusion team, we’re looking forward to meeting up with you next month!

Security advisory: Phusion Passenger and the CVE-2014-6271 Bash vulnerability

By Hongli Lai on September 25th, 2014

On 24 September 2014, an important security vulnerability for Bash was published. This vulnerability, dubbed “Shellshock” and with identifiers CVE-2014-6271 and CVE-2014-7169, allows remote code execution.

This vulnerability is not caused by Phusion Passenger, but does affect Phusion Passenger. We strongly advise users to upgrade their systems as soon as possible. Please note that while CVE-2014-6271 has been patched, CVE-2014-7169 isn’t. A fix is still pending.

Update: CVE-2014-7169 has been patched in Debian 7. Other operating system vendors may follow soon.

For details about how Phusion Passenger is related to this vulnerability, please refer to https://news.ycombinator.com/item?id=8369776.

Please refer to your operating system vendor’s upgrade instructions, for example:

Phusion Passenger 4.0.52 released

By Hongli Lai on September 24th, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.52 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

Version 4.0.50 and 4.0.51 have been skipped because they were hotfixes for Enterprise customers. The changes in 4.0.50, 4.0.51 and 4.0.52 combined are as follows:

  • Fixed a null termination bug when autodetecting application types.
  • Node.js apps can now also trigger the inverse port binding mechanism by passing '/passenger' as argument. This was introduced in order to be able to support the Hapi.js framework. Please read this StackOverflow answer for more information regarding Hapi.js support.
  • It is now possible to abort Node.js WebSocket connections upon application restart. Please refer to this page for more information. Closes GH-1200.
  • Passenger Standalone no longer automatically resolves symlinks in its paths.
  • passenger-config system-metrics no longer crashes when the system clock is set to a time in the past. Closes GH-1276.
  • passenger-status, passenger-memory-stats, passenger-install-apache2-module and passenger-install-nginx-module no longer output ANSI color codes by default when STDOUT is not a TTY. Closes GH-487.
  • passenger-install-nginx-module --auto is now all that’s necessary to make it fully non-interactive. It is no longer necessary to provide all the answers through command line parameters. Closes GH-852.
  • Minor contribution by Alessandro Lenzen.
  • Fixed a potential heap corruption bug.
  • Added Union Station support for Rails 4.1.

Installing or upgrading to 4.0.52

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.



Considering dropping support for Rails 1.0-2.2

By Hongli Lai on September 2nd, 2014

We work very hard to maintain backward compatibility in Phusion Passenger. Even the latest version still supports Ruby 1.8.5 and Rails 1.0. We’ve finally reached a point where we believe dropping support for Rails 1.0-2.2 will benefit the quality of our codebase. Is there anybody here who would object to us dropping support for Rails 1.0-2.2? If so, please let us know by posting a comment. Rails 2.3 will still be supported.

Baseimage-docker 0.9.13 released

By Hongli Lai on August 22nd, 2014

Baseimage-docker is a special Docker image that is configured for correct use within Docker containers. It is Ubuntu, plus modifications for Docker-friendliness. You can use it as a base for your own Docker images. Learn more at the Github repository and the website, which explain in detail what the problems are with the stock Ubuntu base image, and why you should use baseimage-docker.

Changes in this release

  • Fixed my_init not properly exiting with a non-zero exit status when Ctrl-C is pressed.
  • The GID of the docker_env group has been changed from 1000 to 8377, in order to avoid GID conflicts with any groups that you might want to introduce inside the container.
  • The syslog-ng socket is now deleted before starting the syslog-ng daemon, to avoid the daemon from failing to start due to garbage on the filesystem. Thanks to Kingdon Barrett. Closes GH-129.
  • Typo fixes by Arkadi Shishlov.

Using baseimage-docker

Please learn more at the README.

Phusion Passenger 4.0.49 released

By Hongli Lai on August 22nd, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.49 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

  • Upgraded the preferred Nginx version to 1.6.1.
  • Fixed a crash that may be triggered by the passenger_max_requests feature.
  • Introduced the spawn_failed hook, which is called when an application process fails to spawn. You could use this hook to setup an error notification system. Closes GH-1252.
  • Fonts, RSS and XML are now gzip-compressed by default in Phusion Passenger Standalone. Thanks to Jacob Elder. Closes GH-1254.
  • Fixed some user and group information lookup issues. Closes GH-1253.
  • Fixed some request handling crashes. Closes GH-1250.
  • Fixed some compilation problems on Gentoo. Closes GH-1261.
  • Fixed some compilation problems on Solaris. Closes GH-1260.

Installing or upgrading to 4.0.49

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.



Phusion Passenger 4.0.48 released

By Hongli Lai on July 24th, 2014


Phusion Passenger is a fast and robust web server and application server for Ruby, Python, Node.js and Meteor. Passenger takes a lot of complexity out of deploying web apps, and adds powerful enterprise-grade features that are useful in production. High-profile companies such as Apple, New York Times, AirBnB, Juniper, American Express, etc are already using it, as well as over 350.000 websites.

Phusion Passenger is under constant maintenance and development. Version 4.0.48 is a bugfix release.

Phusion Passenger also has an Enterprise version which comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Recent changes

4.0.47 was a hotfix release for an Enterprise customer. The changes in 4.0.47 and 4.0.48 combined are as follows.

  • Fixed a race condition while determining what user an application should be executed as. This bug could lead to applications being run as the wrong user. Closes GH-1241.
  • [Standalone] Improved autodetection of Rails asset pipeline files. This prevents Standalone from incorrectly setting caching headers on non-asset pipeline files. Closes GH-1225.
  • Fixed compilation problems on CentOS 5. Thanks to J. Smith. Closes GH-1247.
  • Fixed compilation problems on OpenBSD.
  • Fixed compatibility with Ruby 1.8.5.

Installing or upgrading to 4.0.48

OS X OS X Debian Debian Ubuntu Ubuntu
Heroku Heroku Ruby gem Ruby gem Tarball Tarball

Final

Phusion Passenger’s core is open source. Please fork or watch us on Github. :)

If you would like to stay up to date with Phusion news, please fill in your name and email address below and sign up for our newsletter. We won’t spam you, we promise.