18:00 osa 

Upgrade third-party tarantool module from 966f2f5 to 3599ba0.

 

12:07 osa 

Upgrade third-party nchan (formerly http_push) module from 0.99.8 to 0.99.11.

 

23:01 osa 

Change the third-party http_auth_digest module location and upgrade it.
Previous location no longer supported by developers.

PR:	203967

 

22:35 osa 

Add AWS proxy third-party module.
PR:	208499

 

05:48 osa 

Upgrade third-party brotli module from 86998c6 to 2fc6f12.

Changes:	https://github.com/google/ngx_brotli/commit/2fc6f123b4ee4ac711c66e7831cb80749eec5bbe

 

11:36 osa 

Upgrade third-party push module from 0.99.7 to 0.99.8.

 

11:24 osa 

Add third-party video_thumbextractor module, version 0.7.0.

PRs:	185847, 185850

 

21:45 osa 

Upgrade third-party modules:

o) http_push from 0.99.6 to 0.99.7;
o) modsecurity from 2.9.1-RC1 to 2.9.1.

 

22:42 osa 

Upgrade third-party modules:

o) clojure from 0.4.3 to 0.4.4;
o) http_push from 0.99.5 to 0.99.6.

 

22:51 osa 

Upgrade third-party subs_filter module from 0.6.2 to 0.6.4.

Patch submitted by:	Oleksandr V. Typlyns'kyi <astral@wangsamp.km.ua> (via
private mail)

 

11:52 osa 

Upgrade from 5.0.25 to 5.0.26:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

23:29 osa 

Upgrade third-party http_redis module from 0.3.7 to 0.3.8,
compile it as dynamic module for www/nginx-devel.

 

20:10 osa 

Upgrade third-party ct (Certificate Transparency) module from 1790ac0 to
f3cad5e.
Enable dynamic module feature in www/nginx-devel.

 

16:19 osa 

Upgrade from 5.0.24 to 5.0.25:

o) www/rubygem-passenger;
o) third-party passenger modules for www/nginx and www/nginx-devel.

 

23:28 osa 

Upgrade third-party nchan (formerly http_push) module from 0.99.4 to 0.99.5.

 

23:19 osa 

Upgrade third-party small_light module from 0.6.9 to 0.6.15,
enable as dynamic module for www/nginx-devel only.

 

22:17 osa 

Merge the upgrade for the following third-party modules to its
latest revisions from www/nginx-devel:

o) echo
o) eval
o) headers
o) lua
o) set

Do not bump PORTREVISION.

 

22:01 osa 

Add third-party http_json_status module.

Submitted by:	Vyacheslav, Omnilance LLC <vyacheslav@omnilance.com>

 

14:03 osa 

Upgrade third-party auth_krb5 module from f76d5d9 to c85a38c revision.

 

13:37 osa 

Upgrade third-party nchan module from 0.98 to 0.99.4.

 

12:49 osa 

Add third-party brotli module.

 

18:09 osa 

Upgrade third-party modsecurity module from 2.9.0 to 2.9.1-rc1.

 

17:36 osa 

Upgrade third-party fancy_index module from 0.3.5 to 0.3.6.

 

17:28 osa 

Upgrade third-party ldap_auth module from be8ff8eecb to 8517bb0.

 

01:26 osa 

Upgrade from 5.0.22 to 5.0.24:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

01:12 osa 

Upgrade third-party lua module from 0.9.19 to 0.10.0.

 

23:17 osa 

Upgrade third-party http_push (nchan) module from ver.0.731 to ver.0.98.

 

05:31 feld 

www/nginx: Update to 1.8.1

PR:		206698
Security:	CVE-2016-0742
Security:	CVE-2016-0746
Security:	CVE-2016-0747

 

13:01 osa 

Upgrade third party push_stream module from 0.3.5 to 0.5.1.

PR:		205233

 

23:08 osa 

Security update from 5.0.21 to 5.0.22:

o) www/rubygem-passenger;
o) third-party passenger modules for www/nginx and www/nginx-devel.

Please note: third-party passenger module is disabled by default for
www/nginx and www/nginx-devel ports.

Security:	CVE-2015-7519
PR:		205104

 

11:59 osa 

Upgrade third-party srcache module from 0.29 to 0.30.

 

11:46 osa 

Upgrade third-party drizzle module from 0.1.8 to 0.1.9.
Remove needless patch.

 

00:13 osa 

Sort entries according to order of 'make makesum'.
No functional changes.

 

00:08 osa 

Add third-party certificate_transparency module.

PR:	204926

 

18:33 osa 

Upgrade third-party lua module from 0.9.18 to 0.9.19.

 

03:31 osa 

Upgrade third-party ldap module from 928856aa95 to be8ff8eecb.

 

21:20 osa 

Upgrade third-party modules:

o) lua from 0.9.16 to 0.9.18;
o) memc from 0.15 to 0.16;
o) postgres from 1.0rc5 to 1.0rc7;
o) rds-csv from 0.05 to 0.07.
o) rds-json from 0.13 to 0.14;
o) redis2 from 0.11 to 0.12;
o) set-misc from 0.28 to 0.29;

Remove needless patch for third-party postgres module, change
has been added to the upstream.

 

21:40 osa 

Upgrade third-party push_module from 0.692 to 0.731.
Also, the module has been moved to GitHub.

 

02:35 osa 

Upgrade third-party clojure module from 0.4.2 to 0.4.3.

 

04:28 osa 

Update from 5.0.20 to 5.0.21:

o) www/rubygem-passenger;
o) third-party passenger modules for www/nginx and www/nginx-devel.

 

03:18 osa 

Upgrade third-party naxsi module from 0.50 to 0.54.
Switch from Google Code to GitHub.

 

23:20 osa 

Upgrade from 5.0.18 to 5.0.20:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

00:52 osa 

Upgrade third-party lua module from 0.9.15 to 0.9.16.
Remove needless patch.

 

23:23 osa 

Upgrade from 5.0.16 to 5.0.18:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

01:58 osa 

Upgrade third-party clojure module from 0.4.1 to 0.4.2.

While I'm here remove security/shibboleth2-sp as dependency for third-party
shibboleth module.

 

22:12 osa 

Add third-party shibboleth module,
https://github.com/nginx-shib/nginx-http-shibboleth.

Submitted by:	Guy Antony Halse <G.halse@ru.ac.za> (via private mail)

 

22:19 osa 

Upgrade from 5.0.15 to 5.0.16:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

17:36 vg 

Added 3rd party tarantool upstream module:

Tarantool NginX upstream module

- Benefit from nginx features and tarantool features over HTTP(S).
- Call tarantool methods via JSON RPC.
- Load Balancing with elastic configuration.
- Backup and fault tolerance.
- Low overhead.

PR:		ports/202593
Approved by:	osa

 

00:58 osa 

Upgrade third-party clojure module from 0.4.0 to 0.4.1.

 

22:30 osa 

Upgrade from 5.0.14 to 5.0.15:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

00:11 osa 

Upgrade from 5.0.13 to 5.0.14:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

08:28 philip 

Update third-party KRB5/SPNEGO module to the latest upstream version.

Approved by:	osa (maintainer)

 

23:43 osa 

Upgrade third-party clojure module from 0.3.0 to 0.4.0.

 

22:24 osa 

Upgrade from 5.0.11 to 5.0.13:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

21:54 osa 

Upgrade third-party headers_more module from 0.26 to 0.261.

 

16:44 koobs 

www/nginx{-deve}: Fix build with HEADERS_MORE option

Upstream apparently re-tagged the v0.26 release, thereby changing the contents
of the tarball oftained from github, causing distinfo checksums to become
mismatched.

This change updates distinfo entries in nginx and nginx-devel to compensate.

PR:		201129
Submitted by:	Adam Twardowski <adam dot twardowski gmail.com>
Approved by:	portmgr (blanket)
MFH:		2015Q3

 

09:29 osa 

Upgrade from 5.0.10 to 5.0.11:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

23:25 osa 

Upgrade third-party fancyindex module from 0.3.4 to 0.3.5.

 

11:36 osa 

Add third-party clojure module, version 0.3.0.

 

19:51 osa 

Add third-party ajp module.

 

19:28 osa 

Add third-party statsd module.

PR:	178799

 

18:11 osa 

Add third-party SPNEGO authentication module.

PR:	192904

 

16:50 osa 

Add third-party small_light module, version 0.6.9.

PR:	185816

 

00:00 osa 

Welcome back third-party upload module.

PR:	200809

 

01:31 osa 

Upgrade from 5.0.9 to 5.0.10:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

03:10 osa 

Upgrade from 5.0.8 to 5.0.9:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

07:51 peter 

Update the optional (defaults to off) ldap authentication module to a more
recent version.  Of particular importance is that the old one
connected/disconnected to the ldap server for every single URL being served
while this one has a configurable cache.

PR:		200550
Reviewed by:	osa

 

14:01 mat 

Convert nginx, nginx-devel and tengine to USE_GITHUB.

Sponsored by:	Absolight

 

02:38 osa 

Make 'make makesum' happy.

 

23:10 osa 

Add third-party postgres module back.

Based on patch from:	Alexander Ushakov <alexander@tauruna.ru>

 

16:27 osa 

Upgrade from 5.0.7 to 5.0.8:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

 

01:03 osa 

Update from 5.0.6 to 5.0.7:

o) www/rubygem-passenger;
o) third-party passenger modules for www/nginx and www/nginx-devel.

 

02:16 osa 

Remove support for next unsupported third-party modules:

o) http_upload;
o) postgres;
o) supervisord;
o) tcp_proxy;

Add back third-party http_upstream_sticky module's checksums.

 

23:26 osa 

Upgrade to latest stable version 1.8.0.

According to vendor's recommendations safely remove NGX_THREADS macro
with some long unused code from some third-party modules.

Merge changes from www/nginx-devel to www/nginx.
Merge third-pary upstream_sticky module from www/nginx to www/nginx-devel.

Remove outdated syslog support.

 

18:03 osa 

Upgrade third-party set_misc module from 0.24 to 0.28.

 

00:26 osa 

Upgrade third-party modules:

o) echo from 0.51 to 0.57;
o) memc from 0.14 to 0.15;
o) srcache from 0.25 to 0.29.

 

00:08 osa 

Upgrade third-party redis2 module from 0.10 to 0.11.

 

23:58 osa 

Upgrade third-pary redis2 module from 0.9.4 to 0.9.15.

 

21:55 osa 

Upgrade third-party headers-more module from 0.25 to 0.26.

Patch from:	Denis Denisov <denji0k@gmail.com> (via mail)

 

23:37 osa 

Upgrade from 1.6.2 to 1.6.3.

<ChangeLog>

*) Feature: now the "tcp_nodelay" directive works with SPDY connections.

*) Bugfix: in error handling.
   Thanks to Yichun Zhang and Daniil Bondarev.

*) Bugfix: alerts "header already sent" appeared in logs if the
   "post_action" directive was used; the bug had appeared in 1.5.4.

*) Bugfix: alerts "sem_post() failed" might appear in logs.

*) Bugfix: in hash table handling.
   Thanks to Chris West.

*) Bugfix: in integer overflow handling.
   Thanks to Regis Leroy.

</ChangeLog>

 

16:02 osa 

Upgrade third-party rtmp module from 1.1.6 to 1.1.7.

 

23:38 osa 

Upgrade from 5.0.4 to 5.0.6:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

The passenger now uses its own libev fork, so remove devel/libev dependency.

<ChangeLog>

Release 5.0.6
-------------

* The turbocache no longer caches responses for which the Cache-Control header
  contains "no-cache". Please note that "no-cache" does not mean "do not cache
  this response". Instead, it means "any caching servers may only serve the
  cached response after validating it". Since the turbocache does not support
  validation, we've chosen to skip caching instead.

  Coincidentally, this change "fixes" problems with applications that
  erroneously use "no-cache" as a flag for "do not cache this response". What
  these applications should actually use is "no-store". We recommend the
  developers of such applications to change their caching headers in this
  manner, because even if Passenger doesn't unintentionally cache the response,
  any intermediate proxies that visitors are behind may still cache the
  response.

* Fixes a number of memory leaks. Memory was leaked upon processing a request
  with multiple headers, upon processing a response with multiple headers, and
  upon processing a response with Set-Cookie headers. Every time such a request
  or response was processed, 512 bytes of memory was leaked due to improperly
  dereferencing relevant memory buffers. Closes GH-1455.

* Fixes various bugs related to Union Station data collection.

  Union Station is our upcoming application analytics and performance
  monitoring SaaS platform. It is opt-in: no data is collected unless you turn
  the feature on.

* Fixes a Union Station-related file descriptor leak. Closes GH-1439.

* Fixes some bugs w.r.t. use of uninitialized memory.

* More informative error message if a support binary is not found, including a
  resolution hint. Closes GH-1395.

* [Apache] `SetEnv` variables are now passed as Rack/CGI/request variables.
  This was also the case in Passenger 4, but not in Passenger 5.0.0-5.0.5.
  We've restored the old behavior because the behavior in 5.0.0-5.0.5 breaks
  certain Apache modules such as Shibboleth. Closes GH-1446.

* [Standalone] PID and log files now correctly created if user specifies
  relative path.

Release 5.0.5
-------------

* Fixes various crashes due to use of uninitialized memory. One such crash is
  documented in GH-1431.

* Fixes a connection stall in the Apache module. Closes GH-1425.

* Fixes a potential read-past-buffer bug in string-to-integer conversion
  routines. Thanks to dcb314 for spotting this. Closes GH-1441.

* Fixes a compilation problem on Solaris. This problem was caused by the fact
  that `tm_gmtoff` is not supported on that platform. Closes GH-1435.

* There is now an API endpoint for force disconnecting a client:
  `passenger-config admin-command DELETE /server/<client name>.json`.
  Closes GH-1246.

* Fixes some file descriptor leaks. These leaks were caused by the fact that
  keep-alive connections with application processes were not being closed
  properly. Closes GH-1439.

* In order to more easily debug future file descriptor leaks, we've introduced
  the `PassengerFileDescriptorLogFile` (Apache) and
 `passenger_file_descriptor_log_file` (Nginx) config options. This allows
  Passenger to log all file descriptor open/close activity to a specific log
  file.

* The `PassengerDebugLogFile` (Apache) and `passenger_debug_log_file` (Nginx)
  configuration options have been renamed to `PassengerLogFile` and
  `passenger_log_file`, respectively. The old name is support supported for
  backward compatibility reasons.

* [Enterprise] Fixes a bug in Flying Passenger's `--instance-registry-dir`
  command line parameter. This command line parameter didn't do anything.

* [Enterprise] The Flying Passenger daemon no longer supports the
  `--max-preloader-idle-time` config option. This is because the config option
  never worked. The correct way to set the max preloader idle time is through
  the Nginx config option, but this was wrongly documented, so the
  documentation has been fixed.

</ChangeLog>

 

00:41 osa 

Upgrade from 5.0.2 to 5.0.4:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

<ChangeLog>

Release 5.0.3
-------------

 * [Standalone] When using the builtin engine, `passenger start` may crash
during
   startup due to an initialization race condition. This has been fixed.
 * [Enterprise] Fixes a bug in passenger-irb. Running passenger-irb without a
PID
   parameter worked, but running it with a PID parameter didn't.
 * Fixes an integer overflow that resulted in a file descriptor leak and stalled
   client connections. Closes GH-1412.
 * Truncates Passenger source code paths in logs (to 3 chars) to reduce
redundant
   info. Closes GH-1383.
 * Fixes invalid JSON output for non-finite double values (e.g. from the HTTP
JSON
   API). Closes GH-1408.
 * All hooks now set the `PASSENGER_HOOK_NAME` environment variable. This
variable
   is set to the name of the hook that is being called.
 * The Ruby handler no longer tries to call #force_encoding on response body
   strings, which fixes an incompatibility with apps/libraries that return
frozen
   body strings. Closes GH-1414.
 * If the Ruby handler crashes while processing a Rack response body, it will
now
   no longer stall the connection.
 * Fixes env.SERVER_PORT containing 80 instead of 443 when using https on
default
   port. Closes GH-1421.
 * We now handle errors in the `poll()` system call better. This might fix some
   crashes during shutdown which manifest on FreeBSD.

</ChangeLog>

 

00:06 osa 

Upgrade from 4.0.59 to 5.0.2:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

<ChangeLog>

Release 5.0.2
-------------

 * Fixes a connection freeze that could occur when processing large responses.
This would
   manifest itself under the error message "This website is under heavy load" or
"Request
   queue is full, returning an error". Closes GH-1404.
 * Debian and Ubuntu packages have been reintroduces.
 * When `passenger-config restart-app` is run interactively, if Passenger is not
serving
   any applications, then the command now prints an error message instead of
showing a
   menu with only a "Cancel" option.
 * Fixes a compilation problem on FreeBSD 10 (contributed by: clemensg). Closes
GH-1401.
 * [Standalone] Fixes a crash that would occur if you use the `--ctl` parameter.
 * [Enterprise] The `--max-request-time` option has been added to Passenger
Standalone.
 * [Enterprise] The `max_request_time_reached` hook has been introduced. This
hook allows
   you to run diagnostics on a process that that took too long to respond to a
request.

Release 5.0.1
-------------

 * The `passenger-config restart-app` command is now more user friendly. When
run in a
   terminal, it will show an interactive menu, allowing you to select the app to
restart.
   Closes GH-1387.
 * Fixed a crash bug in the handling of sticky session cookies.
 * Log failed program in error message, not its command line (contributed by:
paisleyrob).
   Closes GH-1397.
 * [Nginx] Fixes cases in which Passenger overrides the Nginx handler function
even when
   it shouldn't, for example when Passenger is disabled. Closes GH-1393.
 * [Enterprise] The `sticky_sessions` and `envvars` options in
Passengerfile.json is now
   also supported in mass deployment mode.

Release 5.0.0 release candidate 2
---------------------------------

 * Fixes an installation problem with the Ruby gem due to incorrect Makefile
generation.
   Closes GH-1382.
 * More helpful message when request queue is full. Closes GH-1375.

Release 5.0.0 release candidate 1
---------------------------------

 * Fixed Date headers not being formatted in the GMT timezone. Closes GH-1367.
 * Fixed Passengerfile.json/passenger-standalone.json not being properly loaded
in
   Passenger Standalone.
 * Fixed support for sticky sessions.
 * Fixed an infinite loop if the ApplicationPool garbage collector fails due to
an
   exception. Closes GH-1360.
 * Fixed Passenger Standalone exiting prematurely when the HelperAgent crashes.
Exiting
   prematurely is not supposed to happen because the watchdog will restart the
HelperAgent.
   Closes GH-1339.
 * Fixed a crash that occurs when using a non-standard startup file value.
Closes GH-1378.
 * When dumping system metrics during error page generation, the
`passenger-config`
   command is now invoked under the same Ruby interpreter as the app, instead of
the
   one in PATH. Closes GH-1381.
 * When a Ruby process crashes due to an uncaught exception, this fact is now
properly
   logged.
 * Specifying 0 for the `max_pool_size` config option no longer results in a
crash.
   Closes GH-1334.
 * The timeouts when downloading Passenger Standalone binaries and source files
are
   now customizable. Closes GH-1295.
 * The `envvars` option is now supported in Passengerfile.json, for passing
environment
   variables to the application. Closes GH-1377.
 * Introduced `hook_queue_full_error` for request queue overflows. Closes
GH-1358.
 * [Ruby] Fixed handling of "transfer-encoding chunked" response bodies which
contain
   zero-sized chunks.
 * [Nginx] It is no longer necessary to re-specify `passenger_enabled` in
`location`
   contexts. Closes GH-1338.
 * [Enterprise] Fixed a bug in mass deployment reloading.
 * [Enterprise] Fixed a bug in mass deployment daemonization.
 * [Enterprise] The mass deployment mode now supports the `app_type` and
`startup_file`
   configuration options in Passengerfile.json/passenger-standalone.json. Closes
GH-1366.

Release 5.0.0 beta 3
--------------------

 * The turbocache has received major updates and fixes based on excellent
feedback Chris
   Heald and the community. First, several bugs w.r.t. the handling of caching
headers
   have been fixed. Second, the turbocache has become slightly more conservative
for
   security reasons. In previous versions, default cacheable responses (as
defined by RFC
   7234) were cached unless caching headers tell us not to. Now, default
cacheable responses
   are only cached if caching headers explicitly tell us to. This change was
introduced
   because there are many applications that set incorrect caching headers on
private
   responses. This new behavior is currently not configurable, but there are
plans to make
   it configurable in 5.0.0 release candidate 1.
 * Introduced a new configuration option,
`passenger_response_buffer_high_watermark` (Nginx)
   and `PassengerResponseBufferHighWatermark` (Apache), for configuring the
behavior of the
   response buffering system. Closes GH-1300.
 * Fixed more cookie handling issues. Closes GH-1310.
 * Fixed various WebSocket issues. Closes GH-1306.
 * Fixed some crashes caused by race conditions. Closes GH-1326.
 * Fixed issues with handling POST data. Closes GH-1331.
 * Fixed some issues on Heroku. Closes GH-1329.
 * Fixed some integer overflows. Fix contributed by Go Maeda. Closes GH-1357.
 * Fixed the `passenger-status --show=union_station` command. Closes GH-1336.
 * Nginx versions earlier than 1.6 are no longer supported.
 * Improved state introspection.

Release 5.0.0 beta 2
--------------------

 * Fixed handling of multiple Set-Cookie headers. Closes GH-1296.
 * `passenger-config system-metrics` now works properly if the agent is
installed in
   ~/.passenger. Closes GH-1304.
 * Documentation enhancements by Igor Vuk. Closes GH-1318.
 * Fixed some crasher bugs.
 * [Standalone] User switching is now correctly disabled.
 * [Standalone] Fixed the `--thread-count` parameter.
 * [Apache] IPs set by mod_remoteip are now respected. Closes GH-1284.
 * [Apache] Fixed support for gzipped chunked responses. Closes GH-1309.

Release 5.0.0 beta 1
--------------------

Version 5.0.0 beta 1 contains major changes. It's mostly compatible with version
4, but there
are a few minor breakages, which are described below. Major changes and notable
breakages are:

 * Performance has been much improved. This is thanks to months of optimization
work. You can
   learn more at www.rubyraptor.org.
 * We've published a [server optimization guide]
   (https://www.phusionpassenger.com/documentation/ServerOptimizationGuide.html)
for those who
   are interested in tuning Phusion Passenger.
 * Support for Rails 1.2 - 2.2 has been removed, for performance reasons. Rails
2.3 is still
   supported.
 * Phusion Passenger now supports integrated HTTP caching, which we call
turbocaching. If your
   app sets the right HTTP headers then Phusion Passenger can tremendously
accelerate your app.
   It is enabled by default, but you can disable it with
`--disable-turbocaching` (Standalone),
   `PassengerTurbocaching off` (Apache), or 'passenger_turbocaching off'
(Nginx).
 * Touching restart.txt will no longer restart your app immediately. This is
because, for
   performance reasons, the stat throttle rate now defaults to 10. You can still
get back the
   old behavior by setting `PassengerStatThrottleRate 0` (Apache) or
   `passenger_stat_throttle_rate 0` (Nginx), but this is not encouraged.
Instead, we encourage
   you to use the `passenger-config restart-app` tool to initiate restarts,
which has immediate
   effect.
 * Websockets are now properly disconnected on application restarts.
 * The Phusion Passneger log levels have been completely revamped. If you were
setting a log
   level before (e.g. through `passenger_log_level`), please read the latest
documentation to
   learn about the new log levels.
 * If you use out-of-band garbage collection, beware that the
`X-Passenger-Request-OOB-Work`
   header has now been renamed to `!~Request-OOB-Work`.
 * When using Rack's full socket hijacking, you must now output an HTTP status
line.
 * [Nginx] The `passenger_set_cgi_param` option has been removed and replaced by
   `passenger_set_header` and `passenger_env_var`.
 * [Nginx] `passenger_show_version_in_header` is now only valid in the `http`
context.
 * [Apache] The `PassengerStatThrottleRate` option is now global.

Minor changes:

 * The minimum required Nginx version is now 1.6.0.
 * The instance directory is now touched every hour instead of every 6 hours.
This should
   hopefully prevent more problems with /tmp cleaner daemons.
 * Applications are not grouped not only on the application root path, but also
on the
   environment. For example, this allows you to run the same app in both
production and staging
   mode, with only a single directory, without further configuration. Closes
GH-664.
 * The `passenger_temp_dir` option (Nginx) and the `PassengerTempDir` option
(Apache) have been
   replaced by two config options. On Nginx they are
`passenger_instance_registry_dir` and
   `passenger_data_buffer_dir`. On Apache they are
`PassengerInstanceRegistryDir` and
   `PassengerDataBufferDir`. On Apache, `PassengerUploadBufferDir` has been
replaced by
   `PassengerDataBufferDir`.
 * Command line tools no longer respect the `PASSENGER_TEMP_DIR` environment
variable.
   Use `PASSENGER_INSTANCE_REGISTRY_DIR` instead.
 * `passenger-status --show=requests` has been deprecated in favor of
   `passenger-status --show=connections`.
 * Using the SIGUSR1 signal to restart a Ruby app without dropping connections,
is no longer
   supported. Instead, use `passenger-config detach-process`.
 * Introduced the `passenger-config reopen-logs` command, which instructs all
Phusion Passenger
   agent processes to reopen their log files. You should call this after having
rotated the web
   server logs.
 * [Standalone] The Phusion Passenger Standalone config template has changed.
Users are
   encouraged to update it.
 * [Standalone] `passenger-standalone.json` has been renamed to
`Passengerfile.json`.
 * [Standalone] `passenger-standalone.json`/`Passengerfile.json` no longer
overrides command
   line options. Instead, command line options now have the highest priority.

Release 4.0.60
--------------

 * Fixed the password protection of internal Phusion Passenger processes.

   For security reasons, Phusion Passenger limits access to internal processes,
by using Unix
   file permissions and randomly generated passwords that only authorized
internal processes
   know. It turns out that this password wasn't set correctly, which has now
been fixed.
   There was no security vulnerability, because the file permissions already
provide
   sufficient security. The password only serves as an extra layer of security
just in case
   there is a problem with the former.

   This issue is not at all related to any application-level security or
application-level
   passwords. Any database passwords, keys, or secrets used and generated by
applications
   have got nothing to do with the nature of this issue. This issue only relates
to some
   randomly generated passwords that Passenger uses internally, for its internal
operations.

</ChangeLog>

 

12:49 osa 

Update third-party modsecurity module from 2.8.0 to 2.9.0.

<ChangeLog>

12 Feb 2015 - 2.9.0
-------------------

 * Fix apr_crypto.h include, now checking if apr_crypto.h is available by
   checking the definition WITH_APU_CRYPTO.
   [martinjina and ModSecurity team]

15 Dez 2014 - 2.9.0-RC2
-----------------------

 * OpenSSL dependency was removed on MS Windows builds. ModSecurity is now using
   the Windows certificate storage.
   [Gregg Smith, Steffen and ModSecurity team]
 * Informs about external resources loaded/failed while reloading Apache.
   [ModSecurity team]
 * Adds missing 'ModSecurity:' prefix in some warnings messages.
   [Walter Hop and ModSecurity team]
 * Refactoring external resources download warn messages. Holding the message
   to be displayed when Apache is ready to write on the error_log.
   [ModSecurity team]
 * Remote resources loading process is now failing in case of HTTP error.
   [Walter Hop and ModSecurity team]
 * Fixed start up crash on Apache with mod_ssl configured. Crash was happening
   during the download of remote resources.
   [Christian Folini, Walter Hop and ModSecurity team]
 * Curl is not a mandatory dependency to ModSecurity core anymore.
   [Rainer Jung and ModSecurity team]

18 Nov 2014 - 2.9.0-RC1
-----------------------

 * `pmFromFile' and `ipMatchFromFile' operators are now accepting HTTPS served
    files as parameter.
 * `SecRemoteRules' directive - allows you to specify a HTTPS served file that
    may contain rules in the SecRule format to be loaded into your ModSecurity
    instance.
 * `SecRemoteRulesFailAction' directive - allows you to control whenever the
    user wants to Abort or just Warn when there is a problem while downloading
    rules specified with the directive: `SecRemoteRules'.
 * `fuzzyHash' operator - allows to match contents using fuzzy hashes.
 * `FILES_TMP_CONTENT' collection - make available the content of uploaded
    files.
 * InsecureNoCheckCert - option to validate or not a chain of SSL certificates
   on mlogc connections.
 * ModSecurityIIS: ModSecurity event ID was changed from 0 to 0x1.
   [Issue #676 - Kris Kater and ModSecurity team]
 * Fixed signature on "status call": ModSecurity is now using the original
   server signature.
   [Issues #702 - Linas and ModSecurity team]
 * YAJL version is printed while ModSecurity initialization.
   [Issue #703 - Steffen (Apache Lounge) and Mauro Faccenda]
 * Fixed subnet representation using slash notation on the @ipMatch operator.
   [Issue #706 - Walter Hop and ModSecurity team]
 * Limited the length of a status call.
   [Issue #714 - 'cpanelkurt' and ModSecurity team]
 * Added the missing -P option to nginx regression tests.
   [Issue #720 - Paul Yang]
 * Fixed automake scripts to do not use features which will be deprecated in
   the upcoming releases of automake.
   [Issue #760 - ModSecurity team]
 * apr-utils's LDFALGS is now considered while building ModSecurity.
   [Issue #782 - Daniel J. Luke]
 * IIS installer is not considering IIS 6 as compatible anymore.
   [Issue #790 - ModSecurity team]
 * Fixed yajl build script: now looking for the correct header file.
   [Issue #804 - 'rpfilomeno' and ModSecurity team]
 * mlgoc is now forced to use TLS 1.x.
   [Issue #806 - Josh Amishav-Zlatin and ModSecurity team]

</ChangeLog>

 

03:23 osa 

Upgrade from 4.0.58 to 4.0.59:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

<ChangeLog>

Release 4.0.59
--------------

* [Enterprise] Fixed support for free-style Node.js apps.

</ChangeLog>

 

23:28 osa 

Upgrade from 4.0.57 to 4.0.58:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

<ChangeLog>

Release 4.0.58
--------------

* [Enterprise] Fixed a bug in the Debian packages which caused Flying Passenger
to break when used with non-system Rubies.
* The Debian packages no longer require Ruby 1.9. Closes GH-1353.

</ChangeLog>

 

16:54 osa 

Upgrade third-party dav_ext module from 0.0.2 to 0.0.3.

 

16:38 osa 

Upgrade third-party drizzle module from 0.1.7 to 0.1.8.
Rename extra patch for the module.

 

16:03 osa 

Upgrade third-party rtmp module from 1.1.5 to 1.1.6.
Remove necessary patch for the module.

 

03:27 osa 

Update third-party ngx_fancyindex module from 0.3.1 to 0.3.4.

Submitted by:	Miguel Clara <miguelmclara@gmail.com>

<ChangeLog>

v0.3.4
======
- Viewport is now defined in the generated HTML, which works better
  for mobile devices.
- Even-odd row styling moved to the CSS using :nth-child(). This
  makes the HTML served to clients smaller.

v0.3.3
======
- New feature: table headers in the default template are now clickable
  to set the sorting criteria and direction of the index entries.
  (https://github.com/aperezdc/ngx-fancyindex/issues/7)

v0.3.2
======
- Solved a bug that would leave certain clients stalled forever.
- Improved handling of subrequests for non-builtin headers/footers.

</ChangeLog>

 

17:08 osa 

Update third-party ngx_cache_purge module from 2.1 to 2.3 (as preparation to
upgrade the www/nginx-devel to 1.7.9).

<ChangeLog>

2014-12-23    VERSION 2.3
    * Fix compatibility with nginx-1.7.9+.

2014-12-02    VERSION 2.2
    * Fix compatibility with nginx-1.7.8+.

2014-05-19
    * Fix build on Solaris with SunCC (Solaris Studio).
      Reported by Jussi Sallinen.

</ChangeLog>

 

16:58 osa 

Upgrade from 4.0.53 to 4.0.57 (as preparation to upgrade the www/nginx-devel to
1.7.9):

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

<ChangeLog>

Release 4.0.57
--------------

 * Fixed a native extension compatibility problem with Ruby 2.2.
   Closes [ruby-core:67152](https://bugs.ruby-lang.org/issues/10656).
 * Fixed compatibility with Nginx 1.7.9. Closes GH-1335.

Release 4.0.56
--------------

 * Fixed a file descriptor leak that manifests when an error page is shown.
Contributed by
   Paul Bonaud, closes GH-1325.
 * Improved Node.js request load balancing. Closes GH-1322. Thanks to Charles
Vallieres for
   the analysis.

Release 4.0.55
--------------

 * Supports Ruby 2.2. Closes GH-1314.
 * Fixed Linux OS name detection.

Release 4.0.54
--------------

 * Contains a licensing-related hot fix for Enterprise customers.

</ChangeLog>

 

14:16 osa 

Update from 4.0.52 to 4.0.53:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

<ChangeLog>

* Upgraded the preferred Nginx version to 1.6.2.
* Improved RVM gemset autodetection.
* Fixed some Ruby 2.2 compatibility issues.

</ChangeLog>

 

01:18 osa 

Update from 4.0.50 to 4.0.52:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

<ChangeLog>

* Fixed a null termination bug when autodetecting application types.
* Node.js apps can now also trigger the inverse port binding mechanism by
passing `'/passenger'`
  as argument.  This was introduced in order to be able to support the Hapi.js
framework.
  Please read
 
http://stackoverflow.com/questions/20645231/phusion-passenger-error-http-server-listen-was-called-more-than-once/20645549
  for more information regarding Hapi.js support.
* It is now possible to abort Node.js WebSocket connections upon application
restart.
  Please refer to
 
https://github.com/phusion/passenger/wiki/Phusion-Passenger:-Node.js-tutorial#restarting_apps_that_serve_long_running_connections
  for more information.  Closes GH-1200.
* Passenger Standalone no longer automatically resolves symlinks in its paths.
* `passenger-config system-metrics` no longer crashes when the system clock is
set to a time
  in the past.  Closes GH-1276.
* `passenger-status`, `passenger-memory-stats`,
`passenger-install-apache2-module` and
  `passenger-install-nginx-module` no longer output ANSI color codes by default
when
  STDOUT is not a TTY. Closes GH-487.
* `passenger-install-nginx-module --auto` is now all that's necessary to make it
fully
  non-interactive.  It is no longer necessary to provide all the answers through
  command line parameters. Closes GH-852.
* Minor contribution by Alessandro Lenzen.

</ChangeLog>

 

01:27 osa 

Update third-party rtmp module from 1.1.4 to 1.1.5.
Fix compilation issue (1).
Do not bump PORTREVISION.

Obtained
from:	https://github.com/arut/nginx-rtmp-module/commit/dd5f2aa117c617e1f0fde26f8fd58903be2d85e8.patch	(1)

 

17:47 osa 

Security update from 1.6.1 to 1.6.2.

<ChangeLog>

*) Security: it was possible to reuse SSL sessions in unrelated contexts
   if a shared SSL session cache or the same TLS session ticket key was
   used for multiple "server" blocks (CVE-2014-3616).
   Thanks to Antoine Delignat-Lavaud.

*) Bugfix: requests might hang if resolver was used and a DNS server
   returned a malformed response; the bug had appeared in 1.5.8.

*) Bugfix: requests might hang if resolver was used and a timeout
   occurred during a DNS request.

</ChangeLog>

 

11:09 osa 

Update from 4.0.49 to 4.0.50:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

<ChangeLog>

* Fixed a potential heap corruption bug.
* Added Union Station support for Rails 4.1.

</ChangeLog>

 

22:06 osa 

Update from 4.0.48 to 4.0.49:

o) www/rubygem-passenger;
o) third-party modules for www/nginx and www/nginx-devel.

<ChangeLog>

 * Upgraded the preferred Nginx version to 1.6.1.
 * Fixed a crash that may be triggered by the `passenger_max_requests` feature.
 * Introduced the `spawn_failed` hook, which is called when an application
   process fails to spawn. You could use this hook to setup an error
   notification system. Closes GH-1252.
 * Fonts, RSS and XML are now gzip-compressed by default in Phusion Passenger
   Standalone. Thanks to Jacob Elder. Closes GH-1254.
 * Fixed some user and group information lookup issues. Closes GH-1253.
 * Fixed some request handling crashes. Closes GH-1250.
 * Fixed some compilation problems on Gentoo. Closes GH-1261.
 * Fixed some compilation problems on Solaris. Closes GH-1260.

</ChangeLog>

 

17:47 osa 

Update third-party modsecurity module from 2.7.5 to latest version 2.8.0.