Version 5.0.21 of the Phusion Passenger application server for Ruby, Python, Node.js and Meteor has been released.
If you hadn't already, be sure to check out the many major improvements that the 5.x series of Passenger introduces. And please be aware that you can enjoy enterprise features and sponsor the open source development directly by buying Phusion Passenger Enterprise.
OS X El Capitan support
Passenger requires OpenSSL. One of the changes in OS X El Capitan is that, although OpenSSL is still included, its development headers no longer are. Passenger now tries to autodetect OpenSSL from Homebrew instead.
Node.js and Meteor secure headers
Sometimes it is useful for applications to know certain information about the request, such as the IP address of the client, whether the application is served over HTTPS, etc. However, Node.js and Meteor applications do not talk to HTTP clients directly. Instead, Passenger sits in between the client and the application as a reverse proxy, so applications cannot obtain this information directly from the socket that they are listening on. They must obtain this information from Passenger.
Passenger communicates with Node.js and Meteor apps over HTTP, so the only way for Passenger to send this kind of information to the application is via HTTP headers. However, HTTP headers can be spoofed.
The secure HTTP headers feature allows Passenger to send such information to the application, while guaranteeing that this information is not spoofed by the client.
In case of Apache, per-request variables are now passed to Node.js and Meteor apps through the
!~Passenger-Envvars secure header.
Node.js: better PM2 compatibility
Passenger now calls
process.emit('message', 'shutdown') whenever Passenger shuts down an application process. This is the same hook as used by PM2, allowing applications which use the PM2 graceful shutdown mechanism to be run on Passenger without changes.
This feature is contributed by Kenneth Powers.
- Properly handles Ruby applications that output the
Transfer-Encodingheaders in non-standard casing, e.g.
Content-length. Closes GH-1517.
- Fixes Ruby application loading incompatibilities caused by the use of absolute paths. Closes GH-1596.
- Fixes some unintentional caching of request-specific environment variables. Closes GH-1479.
- [Enterprise] Fixes a bug in passenger-irb where printing strings larger than 64 KB would cause it to crash.
- [Enterprise] Fixes the
passenger-config restart-appcommand so that it performs a non-rolling-restart unless
--rolling-restartis given as command line option, as per the documentation. Previously,
--rolling-restartwould perform a rolling restart if rolling restarts are configured in the configuration file, but this contradicted documented behavior. Closes GH-1634.
Please see the installation guide.
Upgrading to 5.0.21
We recommend upgrading to the latest version of Passenger, especially if you are on version 5.0.17 or below.
If you are upgrading from 4.x, please read the 5.0 upgrade notes to learn about potential upgrade caveats.