Phusion Passenger 5.0.7

Version 5.0.7 of the Phusion Passenger application server for Ruby, Python, Node.js and Meteor has been released! This update contains a collection of fixes for specific use cases. We also took some time to introduce improvements and incorporate pull requests.

If you hadn't already, be sure to check out the many major improvements that the 5.x series of Passenger introduces. And please be aware that you can enjoy enterprise features and sponsor the open source development directly by buying Phusion Passenger Enterprise.

Environment variable issues fixed

The caching of request-specific environment variables caused issues with Shibboleth users, because it can change variables per request. Another changing variable is @env['HTTPS'], for sites that use both HTTP and HTTPS access. Caching resulted in HTTP users getting HTTPS replies (GH-1472).

This was fixed by no longer caching request-specific environment variables.

Turbocache vs. X-Sendfile / X-Accel-Redirect

Applications may offload serving of (usually static) files to the webserver running in front of them. This is signaled by the application by returning the X-Sendfile (Apache with mod_xsendfile) or X-Accel-Redirect (Nginx) header. However, this return value may depend on factors like authentication and should therefore not be cached. For this reason, the turbocache no longer caches responses that contain the X-Sendfile or the X-Accel-Redirect header.

Apache config checker

We built a small validator to help our Apache users with some common Passenger configuration problems. It is run automatically after the installer, but can also be run separately with the following command:
passenger-config validate-install --validate-apache2.

For example, it will detect whether there are multiple installations of Passenger, which could cause confusion. It will also detect mistakes like trying to LoadModule Passenger more than once.

Standalone vs. Ruby / Node.js / Python

We added configuration options so that custom Ruby, Node.js and Python executables can be specified. This was already possible in Apache/Nginx configurations, but is now also supported in Passenger Standalone through the command line options --ruby, --nodejs and --python (GH-1442).

Nginx 1.6.3 preferred

Nginx 1.6.3 was released, so we set it as the preferred version.

Unfortunately, Nginx 1.8.0 didn't make it into this release, but it is planned for the next version. Having said this, Passenger 5.0.7 is compatible with Nginx 1.8.0, so you can still use Nginx 1.8.0 together with Passenger 5.0.7. It's just not the default version that Passenger selects.

Miscellaneous bug fixes

  • Supports changed way of specifying settings for (non-bundled) Meteor apps. Closes GH-1403.
  • Fixes an integer-to-string conversion bug in the code responsible for buffering chunked request bodies. This bug could cause the PassengerAgent to crash due to an exception. Thanks to Marcus Rückert of SUSE for reporting this.
  • Fixes a memory corruption bug that would be triggered when using passenger_base_uri. The memory corruption bug resided in the code for resolving symlinks. Closes GH-1388.
  • Re-introduced signal catchers during shutdown, to allow clean shutdown in Foreman. Closes GH-1454.
  • passenger-status --show=xml no longer outputs the non-XML header by default. This fixes a regression as reported in a comment in GH-1136.
  • Passenger now prefers to load Rack and Bundler from RubyGems instead of from vendor_ruby. This solves some issues with Rack and Bundler on Debian systems. Closes GH-1480 and GH-1478.
  • The logging agent no longer aborts with an error if one of the Passenger root directory's parent directories is not world-executable. Closes GH-1487.
  • [Standalone] Running passenger start --engine=builtin --daemonize would fail with a timeout error. This has been fixed.
  • [Standalone] Running passenger start --nginx-version=XXX would crash. This has been fixed. Closes GH-1490.
  • [Apache] Fixed some issues with X-Sendfile. Closes GH-1376.
  • Fixes wrong memory address display in crash dumps. Thanks to thoughtpolice for pointing it out.
  • Fixes an ugly backtrace that would be shown if an invalid request is made to an application process using the private HTTP interface. Contributed by jbergler. Closes GH-1311.

Improvements

  • [Nginx] The Nginx module now looks for index.html if the path ends in / so that it works intuitively, without needing to use try_files.
  • [Nginx] Introduces the passenger_read_timeout option for rare cases when server needs more than the default 10 minute timeout. Contributed by pkmiec. Closes GH-PR-34.
  • [Apache] If the installer fails to autodetect Apache while the installer is running as a normal user, it will now ask you to give it root privileges. Closes GH-1289.
  • Various documentation improvements. Closes GH-PR-1332, GH-PR-1354, GH-PR-1216, GH-PR-1385, GH-PR-1302.

Installing or upgrading to 5.0.7

We recommend upgrading to the latest version of Passenger, especially if you are on version 5.0.5 or below.


OS X

Debian

Ubuntu

Heroku

Docker

Ruby gem

Tarball

If you are upgrading from 4.x, please read the 5.0 upgrade notes to learn about potential upgrade caveats.