| Date | Commit message (Collapse) |
|---|
|
Unicorn 1.1.3 fixes potential race conditions during
SIGUSR1 log reopening.
|
|
This avoids costant resolution problems on client EOF
during input processing.
|
|
|
|
|
|
|
|
HeaderHash objects can only be used as headers without
violating Rack::Lint in Rack 1.1.0 or later.
|
|
This will allow us to be working_directory-aware as
far as config.ru goes.
|
|
|
|
It's useful given all the Gems we support but don't have hard
installation dependencies on.
|
|
no major internal changes until 2.0.0+
|
|
We expect no API changes in Unicorn for a while
|
|
|
|
This release fixes a denial-of-service vector for deployments
exposed directly to untrusted clients.
The HTTP parser in Unicorn <= 0.97.0 would trip an assertion
(killing the associated worker process) on invalid
Content-Length headers instead of raising an exception. Since
Rainbows! and Zbatery supports multiple clients per worker
process, all clients connected to the worker process that hit
the assertion would be aborted.
Deployments behind nginx are _not_ affected by this bug, as
nginx will reject clients that send invalid Content-Length
headers.
The status of deployments behind other HTTP-aware proxies is
unknown. Deployments behind a non-HTTP-aware proxy (or no proxy
at all) are certainly affected by this DoS.
Users are strongly encouraged to upgrade as soon as possible,
there are no other changes besides this bug fix from Rainbows!
0.91.0 nor Unicorn 0.97.0
This bug affects all previously released versions of Rainbows!
and Zbatery.
|
|
The Unicorn.builder helper will help us avoid namespace
conflicts inside config.ru, allowing us to pass tests.
While we're at it, port some tests over from the latest
unicorn.git for dealing with bad configs.
|
|
The HTTP parser in Unicorn <= 0.96.0 did not use the Ruby API
correctly. While this bug did not affect Unicorn itself,
Rainbows! allocates a new Unicorn::HttpParser object for every
client connection and Unicorn did not properly setup the parser
object to be freed.
|
|
Rev 0.3.2 makes performance with Threads* under Ruby 1.8
tolerable.
|
|
We may be making some changes to Unicorn 0.97.0
and allow us to share more code.
|
|
Unicorn 0.96.x should be released once Rack 1.1 is out.
|
|
|
|
|
|
|
|
|
|
We're simply too uncomfortable with the weird GC issues
associated with Tempfile and having linked temporary files at
all. Instead just depend on the #size-aware TmpIO class that
Unicorn 0.94.0 provides for us.
|
|
Unicorn 0.93.5 came to be so the heartbeat tests could
pass consistently.
|
|
It's easier to support especially for Thread* models
which are affected by the BSD stdio weirdness 0.93.4
works around.
|
|
Also new are added basic HTTP tests for UNIX domain socket
handling (for all models, now, of course).
|
|
Rack 1.0.1 is out and works nicely.
|
|
Everything is logged in git anyways and it'll be easier to
hand off to somebody else.
|
|
I think "sleepy" is a better term than "slow" here. "slow" can
mean apps that are CPU/memory bandwidth-bound, and Rainbows!
sucks at those.
|
|
|
|
Also add notes about development things and the configuration
language which uses "Rainbows!". Calling ourselves "Rainbows!"
will help us be taken even more seriously than if the project
were just called "Rainbows"
|
|
No tests yet, but the old "gossamer" and "rainbows" branches
seem to be basically working.
|