Passenger 5.0.21: OS X El Capitan support, Node.js improvements, bug fixes

Version 5.0.21 of the Phusion Passenger application server for Ruby, Python, Node.js and Meteor has been released.

If you hadn't already, be sure to check out the many major improvements that the 5.x series of Passenger introduces. And please be aware that you can enjoy enterprise features and sponsor the open source development directly by buying Phusion Passenger Enterprise.

OS X El Capitan support

Passenger requires OpenSSL. One of the changes in OS X El Capitan is that, although OpenSSL is still included, its development headers no longer are. Passenger now tries to autodetect OpenSSL from Homebrew instead.

Closes GH-1630.

Node.js and Meteor secure headers

Sometimes it is useful for applications to know certain information about the request, such as the IP address of the client, whether the application is served over HTTPS, etc. However, Node.js and Meteor applications do not talk to HTTP clients directly. Instead, Passenger sits in between the client and the application as a reverse proxy, so applications cannot obtain this information directly from the socket that they are listening on. They must obtain this information from Passenger.

Passenger communicates with Node.js and Meteor apps over HTTP, so the only way for Passenger to send this kind of information to the application is via HTTP headers. However, HTTP headers can be spoofed.

The secure HTTP headers feature allows Passenger to send such information to the application, while guaranteeing that this information is not spoofed by the client.

In case of Apache, per-request variables are now passed to Node.js and Meteor apps through the !~Passenger-Envvars secure header.

Node.js: better PM2 compatibility

Passenger now calls process.emit('message', 'shutdown') whenever Passenger shuts down an application process. This is the same hook as used by PM2, allowing applications which use the PM2 graceful shutdown mechanism to be run on Passenger without changes.

This feature is contributed by Kenneth Powers.

Bug fixes

Properly handles Ruby applications that output the Content-Length and Transfer-Encoding headers in non-standard casing, e.g. Content-length. Closes GH-1517.
Fixes Ruby application loading incompatibilities caused by the use of absolute paths. Closes GH-1596.
Fixes some unintentional caching of request-specific environment variables. Closes GH-1479.
[Enterprise] Fixes a bug in passenger-irb where printing strings larger than 64 KB would cause it to crash.
[Enterprise] Fixes the passenger-config restart-app command so that it performs a non-rolling-restart unless --rolling-restart is given as command line option, as per the documentation. Previously, passenger-config restart-app without --rolling-restart would perform a rolling restart if rolling restarts are configured in the configuration file, but this contradicted documented behavior. Closes GH-1634.