Phusion Passenger 5.0.5

Version 5.0.5 of the Phusion Passenger application server for Ruby, Python, Node.js and Meteor has been released! After rapidly fixing critical issues in the two previous releases, we've now taken some time to introduce extra debug tooling and fix remaining important issues.

If you hadn't already, be sure to check out the many major improvements that the 5.x series of Passenger introduces!

Phusion Passenger also has an Enterprise version that comes with a wide array of additional features. By buying Phusion Passenger Enterprise you will directly sponsor the development of the open source version.

Pool file descriptor leaks fixed

Every time server traffic loads go from high to idle, Passenger closes applications in the pool to free up server resources. Keep-alive connections with application processes were not being closed properly however, so some associated file descriptors leaked (GH-1439).
This has been fixed, and we've established additional testing tools and procedures to verify that the file desciptor count remains stable now.

Apache lockup fixed

The connection between the Apache module and Passenger would sometimes stall and block further operation. This happened due to client keep-alive headers occassionally causing the module to create a persistent connection to Passenger that is never closed (GH-1425).

Memory corruption bugs fixed

A common optimization technique that we use in the Passenger 5 codebase is to delay initializing certain request-level objects until absolutely necessary. However, we used to deinitialize those request-level objects regardless of whether they were initialized. If they weren't, then the memory inside those objects may be garbage, causing Passenger to crash. One such crash is documented in GH-1431. We've fixed all the instances of this bug that we could find.

Logging performance optimizations

Sometimes the root cause of a bug can only be analyzed with a sufficiently high log level. Unfortunately, a high log level also lowers performance, which may prevent timing-sensitive bugs from occurring. In order to reduce this problem, we've made the logging code up to around 90% faster than previous versions (depending on storage drive speed).

Miscellaneous bug fixes

Fixes a compilation problem on Solaris. This problem was caused by the fact that tm_gmtoff is not supported on that platform. Closes GH-1435.
Fixes a potential read-past-buffer bug in string-to-integer conversion routines. Thanks to dcb314 for spotting this. Closes GH-1441.
[Enterprise] Fixes a bug in Flying Passenger's --instance-registry-dir command line parameter. This command line parameter didn't do anything.
[Enterprise] The Flying Passenger daemon no longer supports the --max-preloader-idle-time config option. This is because the config option never worked. The correct way to set the max preloader idle time is through the Nginx config option, but this was wrongly documented, so the documentation has been fixed.

Improvements

There is now an API endpoint for force disconnecting a client: passenger-config admin-command DELETE /server/<client name>.json. Closes GH-1246.
In order to more easily analyze file descriptor leaks, we've introduced the PassengerFileDescriptorLogFile (Apache) and passenger_file_descriptor_log_file (Nginx) config options. This allows Passenger to log all file descriptor open/close activity to a specific log file.
The PassengerDebugLogFile (Apache) and passenger_debug_log_file (Nginx) configuration options have been renamed to PassengerLogFile and passenger_log_file, respectively. The old name is support supported for backward compatibility.