Phusion Passenger 5.0.4

Hello World from Daniël Knoppel (LinkedIn profile)! Daniël is a seasoned developer / entrepeneur who joined the Phusion team at the 5.x release of the Phusion Passenger application server for Ruby, Python and Node.js. Together we are happy to announce version 5.0.4, which resolves all critical issues reported to us in the wake of the 5.0.1 release. This release also introduces some miscellaneous improvements and minor bug fixes.

If you hadn't already, be sure to check out the many major improvements that the 5.x series of Passenger introduces!

Version 5.0.3 has been skipped because we discovered a compilation problem that occurred on some systems, right after we already tagged 5.0.3. This blog post describes the changes in 5.0.3 and 5.0.4 together.

Phusion Passenger also has an Enterprise version that comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

"This website is under heavy load"

It's great to see 5.x moving into the wild and being pushed to the max. There we started seeing the issue above, and community reporting helped us to track down various independent causes. In 5.0.2 we already fixed one major cause (stuck responses), and in 5.0.3 we tackled less common but still significant causes:

  • There was an integer overflow that resulted in the thread load balancer skipping batches of incoming clients at peak loads, resulting in stalled connections and leaked file descriptors (GH-1412).

    The integer overflow was easily triggered because of a micro-optimization we applied. The thread load balancer accepts connections in batches of 16. So we gave only 4 bits of memory to the integer field that stored the number of accepted connections. But there was an off-by-one bug: 4 bits only gives you access to values 0-15. So if the thread load balancer accepted exactly 16 connections at once, the integer would overflow and the loop would break.

  • The Ruby handler was calling #force_encoding on response body strings, which is not compatible with apps/libraries that return frozen body strings, causing the response to get stuck (GH-1414).

Correct SERVER_PORT for HTTPS

Applications relying on the SERVER_PORT Rack env variable mistakenly received the value of 80 instead of 443 in standard HTTPS setups (GH-1421). This could cause for example OAuth signed requests to fail due to the resulting URL mismatch.

Miscellaneous bug fixes

  • [Enterprise] Fixes a bug in passenger-irb. Running passenger-irb without a PID parameter worked, but running it with a PID parameter didn't.
  • [Standalone] When using the builtin engine, passenger start may crash during startup due to an initialization race condition. This has been fixed.
  • If the Ruby handler crashes while processing a Rack response body, it will now no longer stall the connection.
  • Fixes invalid JSON output for non-finite double values (e.g. from the HTTP JSON API). Closes GH-1408.
  • We now handle errors in the poll() system call better. This might fix some crashes during shutdown which manifest on FreeBSD.

Improvements

  • All hooks now set the PASSENGER_HOOK_NAME environment variable. This variable is set to the name of the hook that is being called.
  • Truncates Passenger source code paths in logs (to 3 chars) to reduce redundant info. Closes GH-1383.

Installing or upgrading to 5.0.4

If you are on 5.0.1 or 5.0.2, we recommend moving to 5.0.4 as soon as possible.


OS X

Debian

Ubuntu

Heroku

Docker

Ruby gem

Tarball

If you are upgrading from 4.x, please read the 5.0 upgrade notes to learn about potential upgrade caveats.

Final

Phusion Passenger's core is open source. Please fork or watch us on Github. :)