File: CHANGELOG

package info (click to toggle)
passenger 5.0.30-1.1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 43,084 kB
  • sloc: cpp: 366,066; ruby: 33,237; ansic: 30,341; sh: 15,830; makefile: 356; python: 309; perl: 32
file content (2394 lines) | stat: -rw-r--r-- 138,104 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
Release 5.0.30
--------------

 * Changes mbuf block size from 512 to 4096 bytes to better fit modern requests and significantly speed up disk buffering.
 * [Nginx] Fixes PCRE checksum after the preferred version update in 5.0.29 (contributed by: clemensg).
 * [Apache] Fixes buffer limit crash on large file upload (when core disk buffer can't keep up with client for some time), and limits per-client buffer memory usage to 130 KB. Closes GH-1620.
 * Fixes potential hang when an UnseekableSocket gets serialized to json. Closes GH-1838.


Release 5.0.29
--------------

 * Fixes the FreeBSD build breaking due to the `-ldl` flag introduced by the LVE integration patch (5.0.28). Closes GH-1805.
 * Fixes per-application interpreter override (ruby, node, python) being ignored in mass deployment mode. Closes GH-1818.
 * Fixes incomplete refactor from 5.0.27 that could, under specific conditions, lead to a Passenger crash. Closes GH-1794.
 * [Apache] Remove unused code that caused a crash in configurations with thousands of VirtualHost entries. Closes GH-1676.
 * [Nginx] Fixes use of invalid logfile name (memory already released) in backup log redirection code. Possibly related to GH-1774.
 * [Nginx] The preferred Nginx version is now 1.10.1 (previously 1.10.0).
 * [Nginx] The preferred PCRE version is now 8.39 (previously 8.34).
 * [Standalone] Passenger Standalone now supports /dev/stdout and /dev/stderr as log file path (via `--log-file` or Passengerfile.json). This is especially useful in Docker containers. In previous versions logging to those paths did not work, resulting in nothing getting logged at all.


Release 5.0.28
--------------

 * Finalizes the fix (5.0.26) for the `rails server` command integration to prevent "missing on_event" errors. Closes GH-1768.
 * Fixes missing -fPIC in Nginx dynamic module compilation (5.0.26) on Linux (rewrite of a patch by Andrei Belov). Closes GH-1793.
 * Fixes memory leak that could occur whenever more than 1024 concurrent requests are handled (more likely since the higher concurrency support options from 5.0.24). Closes GH-1797.
 * Integrates with CloudLinux LVE and CageFS (security checks and a new option PassengerLveMinUid). Thanks to Oleksiy Shchukin from CloudLinux Inc. for contributing this.
 * Fixes the Nginx build when the PCRE library is not available (such as when compiling with `--without-http_rewrite_module`). Closes GH-1796.
 * Extends `passenger-memory-stats` filter to show the instance dir toucher too (as well as the core in valgrind debug runs).
 * Changes the default for friendly error pages to "off" unless the environment is set to "development", rather than "on" unless "staging" or "production". Closes GH-1782.
 * [Nginx] The preferred Nginx version is now 1.10.0 (previously 1.8.1).


Release 5.0.27
--------------

 * Fixes encoding issue for Ruby apps that resulted in a 0-byte response body. This occurred when the Ruby native support lib was not used and the app outputted an encoding that doesn't mix with UTF-8 (like UTF-16). Closes GH-1763.
 * Fixes Passenger Core and application processes staying on the Watchdogs OOM score (unkillable) when user switching is set to off. Closes GH-1631.
 * Supports Debian GNU/kFreeBSD build. Based on contribution by stevenc99.
 * Switches a number of places in the Passenger Core over to using the monotonic clock instead of the wallclock for robustness against clock time-stepping.
 * Slightly improves out-of-memory detection in some subroutines.
 * Fixes incomplete libuv upgrade: some build files were not autoregenerated during the upgrade from 1.5.0 to 1.8.0 in the previous release.
 * Warnings about 502 responses that are caused by applications aborting their output while the client is no longer connected (e.g. due to half-close event, reported since 5.0.26) are now reduced to debug level.
 * Fixes automatic compilation of Ruby's native_support library in case Passenger was installed through Debian or RPM packages. Closes GH-1778.
 * Fixes memory leak when buffering large request/response bodies to disk (which happens as soon as the 100 KB memory buffer is full).
 * Fixes crash if an application spawn fails and a non-UTF8 character appears in the spawn output. Closes GH-1601.
 * Updates the `rails server` command integration (from 5.0.25) to prevent "missing on_event" errors. Closes GH-1768. Update: not all required code made it to the release, the final fix is delivered in 5.0.28.
 * [Union Station] Fixes a crash that occurs if all of the following conditions are met: 1) Union Station support is enabled, 2) the client sent at least one header containing the empty string, 3) the application responds with a 4xx or 5xx status. Closes GH-1776.


Release 5.0.26
--------------

 * `passenger-status --show=server` now reports the speed at which new requests are accepted.
 * `passenger-status --show=server` now reports `last_data_send_time` and `last_data_receive_time` which can be used to troubleshoot long-running requests (for example, to see if a websocket heartbeat is stuck).
 * Passenger now reports TCP half-closing events to Node.js and Meteor applications, which allows them to detect request body and WebSocket closes without having to send data to the client.
 * Fixes outputting Content-Length and Transfer-Encoding headers on HEAD requests for Ruby apps. These headers were omitted in previous versions on HEAD requests.
 * Bumps the default socket backlog size from 1024 to 2048.
 * Upgrades libuv to version 1.8.0.
 * When using our RPM packages, system SELinux policy upgrades no longer break the Passenger SELinux policy. Closes GH-1663.
 * [Apache] Fixes compilation against Apache installations which include `-pie` in CFLAGS. Closes GH-1756.
 * [Nginx, Standalone] Bumps default Nginx worker_connections from 1024 to 4096 (effectively 2048 because of internal reverse proxy)
 * [Nginx, Standalone] Introduces the option `core_file_descriptor_ulimit` and `app_file_descriptor_ulimit`, for setting the file descriptor ulimits of the Passenger core and the application, respectively.
 * [Nginx] Passenger can now be [compiled as an Nginx dynamic module](https://www.phusionpassenger.com/library/install/nginx/install_as_nginx_module.html#dynamic-module). Thanks to Ruslan Ermilov from NGINX Inc for contributing this.
 * [Standalone] Prints a warning when an unsupported configuration option in Passengerfile.json is set.
 * [Standalone] Fixes "address already in use" errors when using the builtin engine.
 * [Enterprise] The rolling restart feature now waits until the old process is completely gone (drained its request queue, process exited) before proceeding with rolling restarting the next process. This results in friendlier resource usage during rolling restart.
 * [Union Station] Fixes custom logging time arguments getting overwritten by current time for Ruby apps (so some sub-blocks like "framework request processing" appeared shorter than they were). This could happen since the switch to monotonic clock in 5.0.22.


Release 5.0.25
--------------

 * Integrates into the `rails server` command. Please learn more at [the Passenger + Rails integration documentation](https://www.phusionpassenger.com/library/dev/ruby/rails_integration.html).
 * Adds explicit support for Action Cable. Please learn more at the [Passenger Library](https://www.phusionpassenger.com/library/dev/ruby/rails_integration.html#action_cable).
 * Removes packages for Ubuntu 15.04 Vivid and Debian 6. Ubuntu 15.04 and Debian 6 are still supported, we just don't supply packages for them anymore. If you are an Ubuntu 15.04 or Debian 6 user and you want to use Passenger >= 5.0.25, then please upgrade your distribution, or install Passenger from RubyGems/tarball.
 * Fixes a potential crash due to memory corruption in code for `passenger-config reopen-logs`.
 * Fixes a potential crash in the large (inbound/outbound) file buffering code.
 * Fixes a crash that occurs when using Nginx + HTTPS + Sub-requests. Closes GH-1724.
 * Fixes a crash that occurs when using Nginx + syslog and a logfile for Passenger. Also fixes edge cases where the Nginx logpath would override the Passenger logpath. Closes GH-1514 (again).
 * [Union Station] Fixes a potential crash due to a wrong limit on snprintf (introduced in 5.0.24 by GH-1633). Closes GH-1744.
 * [Union Station] Fixes Union Station Node.js request introspection to allow for application.use method chaining. Closes GH-1745.
 * [Union Station] Fixes information about sinks sometimes missing from `passenger-status --show=union_station`.
 * [Union Station] When one or more Union Station gateways are suffering from technical difficulties, the Union Station support code now tries more quickly to reestablish the connection.
 * [Standalone] Don't reject the value 0 (meaning no limit) for `--max-request-queue-size`. Closes GH-1743.
 * [Standalone] Makes the `--address` option work more reliably if the passed hostname may resolve to multiple addresses. For example, if you pass `--address localhost` then previous versions could fail because Passenger thinks it's an IPv6 address (::1) while Nginx thinks it's an IPv4 address (127.0.0.1). Hostname resolution is now done in a consistent manner.
 * [Standalone] Adds the `--unlimited-concurrency-path` configuration option.
 * [Standalone] Adds IPv6 support to the builtin engine.


Release 5.0.24
--------------

 * Fixes a crash when the new `force_max_concurrent_requests_per_process` option (5.0.22) was used for non-Node.js apps (e.g. Ruby). Closes GH-1720.
 * Fixes Solaris compilation. This was a regression due to the patch for GH-1643 in 5.0.22. Closes GH-1694, GH-1701.
 * Logs for [Union Station](https://www.unionstationapp.com) provide more information about request queueing. Closes GH-1633.
 * Also log HTTP headers to Union Station for HTTP 4xx responses (extends the header logging for HTTP 5xx that was added in 5.0.22)
 * Fixes cases where compilation failure of (optional) native utils was not reported.
 * On Ruby, no longer traps SIGEXIT. This fixes erroneously setting `$ERROR_INFO` in `at_exit` callbacks. Closes GH-1730.
 * Fixes a wrong loop exit condition that could cause a deadlock with 100% CPU usage by Passenger core. Closes GH-1709, GH-1732.
 * Adds `socket_backlog` option to configure the Passenger Core socket backlog. For use with e.g. "Resource temporarily unavailable while connecting to upstream" errors. Closes GH-1726.
 * [Nginx] The preferred Nginx version is now 1.8.1 (previously 1.8.0).
 * [Standalone] Fixes the default value of the `load_shell_envvars` option. It's supposed to be disabled by default, but due to a typo it was enabled by default.


Release 5.0.23
--------------

 * Fixes the request acceptor error handling timeout. When an error occurs while Passenger is accepting a request (for example, when Passenger has run out of file descriptors), Passenger is supposed to wait for 3 seconds before trying again. Because of a typo, Passenger actually waited 3 milliseconds.
 * [Enterprise] Fixed a regression in the Passenger Standalone Nginx config template that breaks the Mass Deployment feature.
 * The mime type for serving static XHTML files is updated. We no longer use the mobile profile, so it is recognized by desktop browsers. Closes GH-1695.
 * Improves error messages about Ruby native support to indicate the optional nature. Passenger is able to operate even without the native support extension, but that wasn't clear enough to some users, causing them to think of the old messages as errors.
 * [Standalone, Nginx] When using the new `abort_websockets_on_process_shutdown` configuration option, Passenger waited for the app to close without signaling it that shutdown was in progress. Node.js apps now get a SIGINT. Closes GH-1702.
 * With friendly error pages off Passenger would still show a trace (referencing only Passenger code) for unusual spawn errors. This has been changed to a generic error message. Closes GH-1704.


Release 5.0.22
--------------

 * Fixes a header collision vulnerability (CVE-2015-7519, medium severity). Note that this fix involves filtering request headers containing underscores. Please see our blog for detailed vulnerability description and advisory. Thanks to the SUSE security team for reporting this issue.
 * [Apache] Fixes compatibility with Apache 2.4.17's mod_autoindex. Fix contributed by Eric Covener. Closes GH-1642.
 * [Standalone] Passenger Standalone now [accepts configuration options from environment variables](https://www.phusionpassenger.com/library/config/standalone/intro.html). This makes using Passenger Standalone significantly easier on Heroku or on systems that follow the 12-factor principle. Closes GH-1661.
 * [Standalone] The Nginx configuration template has been cleaned up. It is now significantly easier to edit the Nginx configuration template without breaking compatibility with future versions.
 * [Standalone] The `passenger start` command now performs a sanity check on the internally generated Nginx configuration file and advises you accordingly when there is a problem.
 * [Standalone] The `passenger status` and `passenger stop` commands now respect Passengerfile.json. Closes GH-1593.
 * [Standalone] Passenger Standalone on Solaris now properly tails the application log file.
 * [Standalone] Fixes a problem with Passenger Standalone's builtin engine exiting at startup when run on Solaris.
 * [Standalone] `passenger start` now accepts the `--envvar` command line option for passing environment variables to the application.
 * [Standalone] `passenger start` now accepts the `--memory-limit` configuration option.
 * [Standalone] `passenger start` now accepts the `--max-request-queue-size` configuration option.
 * [Standalone] `passenger start` now accepts the `--debug-nginx-config` configuration option. This option allows you to view the Nginx configuration file that Passenger Standalone generates internally.
 * [Standalone, Nginx] Introduces a new configuration option: `abort_websockets_on_process_shutdown`. By default, when Passenger shuts down or restarts an application process, it will abort associated Websocket connections. This option allows you to disable that behavior. Closes GH-1686.
 * Introduces a new configuration option: `force_max_concurrent_requests_per_process`. This option is mostly useful for making dynamic process scaling work in Node.js and Meteor apps.
 * Various administration tools, such as `passenger-status`, no longer raise an flock EBADF error on Solaris. Closes GH-1643.
 * The `passenger-config reopen-logs` command, when used in combination with Passenger Standalone and the Nginx engine, now also instructs Nginx to reopen its log files. Closes GH-1674.
 * Fixes Passenger erroneously adding a `Content-Length` or `Transfer-Encoding` header to Ruby HTTP 204 No Content responses. Closes GH-1595.
 * Fixes Union Station logging of Rack response body actions.
 * The `passenger-config restart-app` command, when given `--ignore-app-not-running`, now properly exits with a zero status when one or more applications are running, but none of them belonging to the invoking user. Closes GH-1655.
 * The `passenger-config validate-install` command no longer prints false warnings about duplicate Passenger installs on systems that use RBenv. Closes GH-1627.
 * Fixes race conditions in the automatic building of the Ruby native support extension. Closes GH-1570.
 * [Enterprise] Fixes compatibility with byebug 7.0. Closes GH-1662.
 * Support Union Station logging for Node.js applications, with Express/MongoDB automatically supported. 
 * The Ruby Union Station hooks no longer abort with a fatal error when the application does not call the Union Station initializer method during startup. The error is now only logged.
 * In case of an error response (HTTP 5xx), Union Station logging will also contain request headers.
 * The Union Station hooks are now more resilient against environment variable problems.


Release 5.0.21
--------------

 * Properly handles Ruby applications that output the `Content-Length` and `Transfer-Encoding` headers in non-standard casing, e.g. `Content-length`. Closes GH-1517.
 * Fixes Ruby application loading incompatibilities caused by the use of absolute paths. Closes GH-1596.
 * Fixes OpenSSL detection problems on OS X 10.11 El Capitan. OS X 10.11 no longer includes OpenSSL headers, so Passenger will suggest and use OpenSSL from Homebrew. Closes GH-1630.
 * Introduces the [secure HTTP headers](https://www.phusionpassenger.com/library/indepth/meteor/secure_http_headers.html) feature for Node.js and Meteor apps. This mechanism allows Passenger to send per-request information to the application, while guaranteeing that this information is not spoofed by the client.
 * Per-request Apache environment variables are now passed to Node.js and Meteor apps through the [`!~Passenger-Envvars`](https://www.phusionpassenger.com/library/indepth/nodejs/apache_per_request_envvars.html) secure header.
 * Fixes some unintentional caching of request-specific environment variables. Closes GH-1479.
 * For Node.js applications, Passenger now calls `process.emit('message', 'shutdown')` whenever Passenger shuts down an application process. This is the same hook as used by PM2, allowing applications which use the PM2 graceful shutdown mechanism to be run on Passenger without changes.
 * [Enterprise] Fixes a bug in passenger-irb where printing strings larger than 64 KB would cause it to crash.
 * [Enterprise] Fixes the `passenger-config restart-app` command so that it performs a non-rolling-restart unless `--rolling-restart` is given as command line option, as per the documentation. Previously, `passenger-config restart-app` without `--rolling-restart` would perform a rolling restart if rolling restarts are configured in the configuration file, but this contradicted documented behavior. Closes GH-1634.


Release 5.0.20
--------------

 * Fixes memory management bugs in Union Station support.
 * Improves the error handling in Union Station support.
 * `passenger-config validate-install` now properly handles CR characters in Apache configuration files.


Release 5.0.19
--------------

 * Fixes an encoding crash in `passenger-memory-stats` on OS X in case one or more processes are running on the system with names containing UTF-8 characters. Closes GH-1603.
 * [Ruby] Fixes handling of HTTP 205 responses, which would cause client connections to freeze.
 * Improves Union Station data collection: more Rack I/O events are now logged. The time taken to write out and to close the Rack response body are now logged.
 * Improves Union Station data sending: errors are now logged more clearly, and DNS errors are now handled more robustly.
 * Improves Union Station troubleshooting: errors can now be diagnosed by running `passenger-status --show=union_station`.
 * Refactors the Union Station Ruby hook code. They have been extracted to external gems. However, they are still bundled with Passenger for ease of use.


Release 5.0.18
--------------

 * Fixes more memory corruption issues in the palloc subsystem.
 * Fixes memory corruption issues in the Passenger core that may occur if the application sets many response headers. The issue was caused by an off-by-one bug.


Release 5.0.17
--------------

 * Adds packages for Ubuntu 15.10 "Wily", even though Ubuntu 15.10 hasn't been released yet.
 * Fixes some memory corruption issues in the palloc subsystem. Closes GH-1587.
 * Fixes the Node.js `PhusionPassenger.on('exit')` event. This event worked if you restart the app or detach an application process, but not if you stop Passenger.
 * Fixes support for `passenger_pre_start` URLs that contain very long authentication strings. This was caused by the fact that our Base64 encoder generated unexpected newlines.
 * [Standalone] Improves application prestarting. Application prestarting is now available in combination with the 'builtin' engine, and now works when SSL is used.


Release 5.0.16
--------------

 * Allows independent configuration of Union Station gateway address, port and certificate. Closes GH-1543.
 * Supports seek() such that body.rewind works when using Rack middleware that uses Zlib::GzipReader (e.g. for compressed requests). Closes GH-1553.
 * [Apache] Improves detection of Apache configuration file problems. Closes GH-1577.
 * [Enterprise] Fixes installation of the Passenger Enterprise Apache module on Debian Testing.
 * Fixes logging of HTTP response code for Union Station. This regression was introduced by Passenger 5. Closes GH-1581. 
 * Adds a new subcommand `passenger-config about support-binaries-dir`.
 * Fixes a regression in the Node.js loader with regard to custom startup files. This bug was introduced in 5.0.14. Closes GH-1557 (again).
 * Fixes a crash when a Ruby application is accessed through a sub-URI and a root virtual host at the same time.


Release 5.0.15
--------------

 * Support SHA256 digests for the Rails asset pipeline, as used by Sprockets 3.x.
 * Support for JRuby 9.0.0.0. Closes GH-1562.
 * Fixes some bugs in Union Station support, which causes some data (such as controller information and exceptions) to not be logged.
 * The old Users Guides have been deprecated in favor of the [Passenger Library](https://www.phusionpassenger.com/library/). The Users Guides now redirect to appropriate sections in the Passenger Library.


Release 5.0.14
--------------

 * [Standalone] Relative path handling has been improved. In previous versions, relative paths were not handled in a consistent manner. Relative paths are now handled consistently according to the following rules:

   - If a relative path is given via a command line option, then it is relative to the current working directory.
   - If a relative path is given via Passengerfile.json, then it is relative to Passengerfile.json.

   Closes GH-1557.
 * [Standalone] The `--disable-turbocaching` now works with the Nginx engine.


Release 5.0.13
--------------

 * The `passenger-config restart-app` command now supports the option `--ignore-passenger-not-running`. If this option is given, the command will exit normally instead of exiting with an error, if Passenger is not running. This option is useful in deployments involving Passenger Standalone. In an initial deployment, Passenger Standalone may not yet be running. Passing this option allows you to ignore that issue.
 * SELinux policy issues in the RPMs have been fixed.
 * [Apache] `passenger-config reopen-logs` didn't work on Apache unless you explicitly set `PassengerLogFile`. This has now been fixed.
 * [Standalone] Due to some internal refactorings, the Passenger Standalone Nginx configuration template has changed. If you used a custom Nginx configuration template, please merge our latest changes into it.


Release 5.0.12
--------------

 * [Enterprise] Fixed passenger-irb. It was broken in 5.0.10 because of the change that made using admin commands without sudo possible.


Release 5.0.11
--------------

 * In 5.0.10, admin tools such as `passenger-status` and `passenger-config restart-app` display an authorization error if they are run without sudo, while at the same time Passenger isn't serving any applications. Since this is confusing, they have now been modified to display a more appropriate error message.
 * Fixes a bug in the RPMs that prevent admin tools such as `passenger-status` and `passenger-config restart-app` from working when they are invoked without root privileges.
 * Fixes a bug on OS X that prevent admin tools such as `passenger-status` and `passenger-config restart-app` from detecting Passenger instance directories when they are invoked without root privileges. Closes GH-1535.
 * Fixes a bug that causes Passenger not to work if the HOME environment variable is not set.
 * Fixes compatibility with non-Rails Ruby apps that require the actionview gem. Closes GH-1547.
 * Fixes some non-fatal "permission denied" error that may occasionally occur if user switching is turned off. Closes GH-1541.
 * Relative values for the `pid_file` and `log_file` options in Passengerfile.json are now supported.
 * If Passengerfile.json contains a syntax error, Passenger Standalone now correctly prints an error message instead of crashing.
 * Sending a SIGABRT signal to a Ruby process now properly makes it terminate.
 * The `passenger-config restart-app` command now accepts `.` as parameter, which it will interpreter as "restart the app in the current working directory". Closes GH-1386.
 * [Apache] Setting `PassengerLogLevel` no longer redirects Apache's own stderr to that log file. Closes GH-1373.
 * [Standalone] Passenger Standalone's Nginx engine now includes the RealIP module. Closes GH-1389.
 * [Standalone] The `--max-preloader-idle-time` option has been added.


Release 5.0.10
--------------

 * It is now possible to run `passenger-status`, `passenger-config restart-app` and other admin commands without using sudo. When run without sudo, these admin commands will allow you to operate on apps and processes that are owned by the user that invoked the admin command. Closes GH-1392.
 * Fixes a crash introduces in 5.0.9 due to not properly initializing a variable. Closes GH-1530.
 * The `passenger-config reopen-logs` command now works by instructing the Watchdog process to reopen the log file, while instructing the other Passenger processes to re-inerhit the log file from the Watchdog instead of trying to reopen the log file on their own. This makes log file reopening more robust. Closes GH-1452.
 * `passenger-config restart-app` no longer leaves the terminal in a state with black background. Closes GH-1526.
 * `passenger-config admin-command` has been renamed to `passenger-config api-call` in order to avoid confusion with any potential admin interfaces that we will introduce in the future.
 * If Union Station support is enabled, process and system metrics weren't being sent correctly to Union Station. This has been fixed.
 * [Enterprise] Fixes the fact that the Passenger Enterprise RPM didn't correctly set SELinux permissions on its own files.
 * [Apache] passenger-install-apache2-module no longer aborts with an error if the Apache configuration file contains errors. Closes GH-1525.
 * [Apache] Fixes a typo that would cause passenger-install-apache2-module to crash on Red Hat and CentOS systems on which the SELinux command line tools are not installed. Closes GH-1527.


Release 5.0.9
-------------

 * The casing of original headers as generated by the application are now preserved, instead of being downcased. This fixes compatibility issues with broken HTTP clients. Closes GH-1436.
 * Internal refactoring: we've replaced libeio with libuv. This makes some of our code simpler. Closes GH-1428.
 * When the passenger-status tool tries to cleanup a stale instance directory, it will no longer abort with an error when it fails to do that. It will now merely print a warning. Fixes [StackOverflow question 30354732](http://stackoverflow.com/questions/30354732/cap-aborted-capistrano-aborts-rails-deploy-while-attempting-to-chown-tmp-p/30357100#30357100).
 * Fixes compilation problems on Solaris.
 * The Ruby handler has been made more robust. Previously, it was possible for applications to corrupt connections by returning incorrect Rack responses. This may cause connections to get stuck. The Rack handler has been hardened to ensure that connections will never get corrupted or stuck. Closes GH-1512.
 * The Ruby handler now closes the Rack response body even when the socket connection is hijacked by the application. The Rack specification is unclear about what to do in this case, and different Ruby app servers do different things. We have found that by closing the body object anyway, we maximize compatibility with existing Rack middlewares and apps, such as Rack::Lock. Background information about this issue can be found at https://github.com/ngauthier/tubesock/issues/10#issuecomment-72539461.
 * Fixes a crash that could occur if some HTTP request headers are present, but have the empty value. Closes GH-1524.
 * Fixes a permission problem that prevents the web server from communicating with Passenger when user switching is off. Closes GH-1520.
 * Fixes a few small one-time memory leaks in the Passenger agent. This wraps up the workitems discovered in valgrind runs on earlier versions.
 * Fixes use of uninitialized metrics. This could happen for a brief moment after spawning.
 * [Apache] If you pass the `--apxs2-path` parameter to `passenger-install-apache2-module`, and the apxs2 path that you specified is not in PATH, then the installer would think that Apache installation is broken. This has been fixed.
 * [Apache] A `Connection: close` header that was used for internal communication between Passenger processes was being leaked to the client, which breaks HTTP keep-alive connections. This has been fixed. Closes GH-1516.
 * [Nginx] The preferred Nginx version is now 1.8.0. It was previously 1.6.3.
 * [Nginx] Passenger now passes to the application the raw URI as sent by the client, as long as Nginx didn't modify the URI (e.g. as part of rewrite rules). This means that escaped slashes (%2F) in the URI now work correctly and out-of-the-box as long as there are no applicable rewrite rules.
 * [Nginx] Fixes that crash that would occur if Nginx is configured to log to syslog. And to prevent log messages from disappearing into a black hole, Passenger will now ask you to set `passenger_log_file` if Nginx is configured to log to syslog. Closes GH-1514.
 * [Standalone] Prevents an existing instance from being shut down if starting a new instance fails.


Release 5.0.8
-------------

 * We now supply Debian 8 and Ubuntu 15.04 packages. Closes GH-1494 and GH-1400.
 * We now supply Red Hat 6, Red Hat 7, CentOS 6 and CentOS 7 packages.
 * We no longer supply Ubuntu 10.04 packages because Ubuntu 10.04 is no longer supported by Canonical.
 * Fixes a Passenger crash (SIGSEGV) that occurs occasionally when out-of-band garbage collection is enabled. Closes GH-1469.
 * Fixes a Passenger crash (SIGSEGV) that occurs occasionally with redirects to relative URLs. Closes GH-1513.
 * Fixes cases when Passenger shuts down more processes than is allowed by the `min_instances` limit. Closes GH-1500.
 * Fixes "Bad Gateway" errors that would occur when an application sets the X-Sendfile or X-Accel-Redirect header, together with a non-empty response body. Closes GH-1498.
 * Fixes the fact that Passenger agent processes don't lower their privilege when user switching is turned off.
 * Fixes autodetection of Apache on Gentoo. Closes GH-1510.
 * Fixes compilation problems on Solaris. Closes GH-1508.
 * [Standalone] Adds the `--pool-idle-time` command line parameter.
 * [Standalone] Adds the `--auto` command line parameter for running non-interactively. This supresses prompts. Closes GH-1511.


Release 5.0.7
-------------

 * Supports changed way of specifying settings for (non-bundled) Meteor apps. Closes GH-1403.
 * Fixes an integer-to-string conversion bug in the code responsible for buffering chunked request bodies. This bug could cause the PassengerAgent to crash due to an exception. Thanks to Marcus Rückert of SUSE for reporting this.
 * Request-specific environment variables are no longer cached. This fixes a number of issues, such as Shibboleth not working properly and conflicts between HTTPS and non-HTTPS virtual hosts. Closes GH-1472.
 * Fixes a memory corruption bug that would be triggered when using `passenger_base_uri`. The memory corruption bug resided in the code for resolving symlinks. Closes GH-1388.
 * Re-introduced signal catchers during shutdown, to allow clean shutdown in Foreman. Closes GH-1454.
 * `passenger-status --show=xml` no longer outputs the non-XML header by default. This fixes a regression as reported in a comment in GH-1136.
 * Passenger now prefers to load Rack and Bundler from RubyGems instead of from `vendor_ruby`. This solves some issues with Rack and Bundler on Debian systems. Closes GH-1480 and GH-1478.
 * The turbocache no longer caches responses that contain the `X-Sendfile` or the `X-Accel-Redirect` header.
 * The preferred Nginx version has been upgraded to 1.6.3.
 * The logging agent no longer aborts with an error if one of the Passenger root directory's parent directories is not world-executable. Closes GH-1487.
 * [Standalone] It is now possible to configure the Ruby, Node.js and Python executable to use in Passenger Standalone through the command line options --ruby, --nodejs and --python. Closes GH-1442.
 * [Standalone] Running `passenger start --engine=builtin --daemonize` would fail with a timeout error. This has been fixed.
 * [Standalone] Running `passenger start --nginx-version=XXX` would crash. This has been fixed. Closes GH-1490.
 * [Apache] Fixed some issues with X-Sendfile. Closes GH-1376.
 * [Apache] If the installer fails to autodetect Apache while the installer is running as a normal user, it will now ask you to give it root privileges. Closes GH-1289.
 * [Apache] The installer now validates your Apache configuration file to check for common problems. The validator can also be accessed separately by running `passenger-config validate-install --validate-apache2`.
 * [Nginx] Introduces the `passenger_read_timeout` option for rare cases when server needs more than the default 10 minute timeout. Contributed by pkmiec. Closes [GH-PR-34](https://github.com/phusion/passenger/pull/34).
 * [Nginx] The Nginx module now looks for index.html if the path ends in / so that it works intuitively, without needing to use try_files.
 * Fixes wrong memory address display in crash dumps. Thanks to thoughtpolice for pointing it out.
 * Fixes an ugly backtrace that would be shown if an invalid request is made to an application process using the private HTTP interface. Contributed by jbergler. Closes GH-1311.
 * Various documentation improvements. Closes [GH-PR-1332](https://github.com/phusion/passenger/pull/1332), [GH-PR-1354](https://github.com/phusion/passenger/pull/1354), [GH-PR-1216](https://github.com/phusion/passenger/pull/1216), [GH-PR-1385](https://github.com/phusion/passenger/pull/1385), [GH-PR-1302](https://github.com/phusion/passenger/pull/1302).


Release 5.0.6
-------------

 * The turbocache no longer caches responses for which the Cache-Control header contains "no-cache". Please note that "no-cache" does not mean "do not cache this response". Instead, it means "any caching servers may only serve the cached response after validating it". Since the turbocache does not support validation, we've chosen to skip caching instead.

   Coincidentally, this change "fixes" problems with applications that erroneously use "no-cache" as a flag for "do not cache this response". What these applications should actually use is "no-store". We recommend the developers of such applications to change their caching headers in this manner, because even if Passenger doesn't unintentionally cache the response, any intermediate proxies that visitors are behind may still cache the response.
 * Fixes a number of memory leaks. Memory was leaked upon processing a request with multiple headers, upon processing a response with multiple headers, and upon processing a response with Set-Cookie headers. Every time such a request or response was processed, 512 bytes of memory was leaked due to improperly dereferencing relevant memory buffers. Closes GH-1455.
 * Fixes various bugs related to Union Station data collection.

   Union Station is our upcoming application analytics and performance monitoring SaaS platform. It is opt-in: no data is collected unless you turn the feature on.
 * Fixes a Union Station-related file descriptor leak. Closes GH-1439.
 * Fixes some bugs w.r.t. use of uninitialized memory.
 * More informative error message if a support binary is not found, including a resolution hint. Closes GH-1395.
 * [Apache] `SetEnv` variables are now passed as Rack/CGI/request variables. This was also the case in Passenger 4, but not in Passenger 5.0.0-5.0.5. We've restored the old behavior because the behavior in 5.0.0-5.0.5 breaks certain Apache modules such as Shibboleth. Closes GH-1446.
 * [Standalone] PID and log files now correctly created if user specifies relative path.


Release 5.0.5
-------------

 * Fixes various crashes due to use of uninitialized memory. One such crash is documented in GH-1431.
 * Fixes a connection stall in the Apache module. Closes GH-1425.
 * Fixes a potential read-past-buffer bug in string-to-integer conversion routines. Thanks to dcb314 for spotting this. Closes GH-1441.
 * Fixes a compilation problem on Solaris. This problem was caused by the fact that `tm_gmtoff` is not supported on that platform. Closes GH-1435.
 * There is now an API endpoint for force disconnecting a client: `passenger-config admin-command DELETE /server/<client name>.json`. Closes GH-1246.
 * Fixes some file descriptor leaks. These leaks were caused by the fact that keep-alive connections with application processes were not being closed properly. Closes GH-1439.
 * In order to more easily debug future file descriptor leaks, we've introduced the `PassengerFileDescriptorLogFile` (Apache) and `passenger_file_descriptor_log_file` (Nginx) config options. This allows Passenger to log all file descriptor open/close activity to a specific log file.
 * The `PassengerDebugLogFile` (Apache) and `passenger_debug_log_file` (Nginx) configuration options have been renamed to `PassengerLogFile` and `passenger_log_file`, respectively. The old name is support supported for backward compatibility reasons.
 * [Enterprise] Fixes a bug in Flying Passenger's `--instance-registry-dir` command line parameter. This command line parameter didn't do anything.
 * [Enterprise] The Flying Passenger daemon no longer supports the `--max-preloader-idle-time` config option. This is because the config option never worked. The correct way to set the max preloader idle time is through the Nginx config option, but this was wrongly documented, so the documentation has been fixed.


Release 5.0.4
-------------

 * Fixes a compilation problem introduced in 5.0.3.


Release 5.0.3
-------------

 * [Standalone] When using the builtin engine, `passenger start` may crash during startup due to an initialization race condition. This has been fixed.
 * [Enterprise] Fixes a bug in passenger-irb. Running passenger-irb without a PID parameter worked, but running it with a PID parameter didn't.
 * Fixes an integer overflow that resulted in a file descriptor leak and stalled client connections. Closes GH-1412.
 * Truncates Passenger source code paths in logs (to 3 chars) to reduce redundant info. Closes GH-1383.
 * Fixes invalid JSON output for non-finite double values (e.g. from the HTTP JSON API). Closes GH-1408.
 * All hooks now set the `PASSENGER_HOOK_NAME` environment variable. This variable is set to the name of the hook that is being called.
 * The Ruby handler no longer tries to call #force_encoding on response body strings, which fixes an incompatibility with apps/libraries that return frozen body strings. Closes GH-1414.
 * If the Ruby handler crashes while processing a Rack response body, it will now no longer stall the connection.
 * Fixes env.SERVER_PORT containing 80 instead of 443 when using https on default port. Closes GH-1421.
 * We now handle errors in the `poll()` system call better. This might fix some crashes during shutdown which manifest on FreeBSD.


Release 5.0.2
-------------

 * Fixes a connection freeze that could occur when processing large responses. This would manifest itself under the error message "This website is under heavy load" or "Request queue is full, returning an error". Closes GH-1404.
 * Debian and Ubuntu packages have been reintroduced.
 * When `passenger-config restart-app` is run interactively, if Passenger is not serving any applications, then the command now prints an error message instead of showing a menu with only a "Cancel" option.
 * Fixes a compilation problem on FreeBSD 10 (contributed by: clemensg). Closes GH-1401.
 * [Standalone] Fixes a crash that would occur if you use the `--ctl` parameter.
 * [Enterprise] The `--max-request-time` option has been added to Passenger Standalone.
 * [Enterprise] The `max_request_time_reached` hook has been introduced. This hook allows you to run diagnostics on a process that that took too long to respond to a request.


Release 5.0.1
-------------

 * The `passenger-config restart-app` command is now more user friendly. When run in a terminal, it will show an interactive menu, allowing you to select the app to restart. Closes GH-1387.
 * Fixed a crash bug in the handling of sticky session cookies.
 * Log failed program in error message, not its command line (contributed by: paisleyrob). Closes GH-1397.
 * [Nginx] Fixes cases in which Passenger overrides the Nginx handler function even when it shouldn't, for example when Passenger is disabled. Closes GH-1393.
 * [Enterprise] The `sticky_sessions` and `envvars` options in Passengerfile.json is now also supported in mass deployment mode.


Release 5.0.0 release candidate 2
---------------------------------

 * Fixes an installation problem with the Ruby gem due to incorrect Makefile generation. Closes GH-1382.
 * More helpful message when request queue is full. Closes GH-1375.


Release 5.0.0 release candidate 1
---------------------------------

 * Fixed Date headers not being formatted in the GMT timezone. Closes GH-1367.
 * Fixed Passengerfile.json/passenger-standalone.json not being properly loaded in Passenger Standalone.
 * Fixed support for sticky sessions.
 * Fixed an infinite loop if the ApplicationPool garbage collector fails due to an exception. Closes GH-1360.
 * Fixed Passenger Standalone exiting prematurely when the HelperAgent crashes. Exiting prematurely is not supposed to happen because the watchdog will restart the HelperAgent. Closes GH-1339.
 * Fixed a crash that occurs when using a non-standard startup file value. Closes GH-1378.
 * When dumping system metrics during error page generation, the `passenger-config` command is now invoked under the same Ruby interpreter as the app, instead of the one in PATH. Closes GH-1381.
 * When a Ruby process crashes due to an uncaught exception, this fact is now properly logged.
 * Specifying 0 for the `max_pool_size` config option no longer results in a crash. Closes GH-1334.
 * The timeouts when downloading Passenger Standalone binaries and source files are now customizable. Closes GH-1295.
 * The `envvars` option is now supported in Passengerfile.json, for passing environment variables to the application. Closes GH-1377.
 * Introduced `hook_queue_full_error` for request queue overflows. Closes GH-1358.
 * [Ruby] Fixed handling of "transfer-encoding chunked" response bodies which contain zero-sized chunks.
 * [Nginx] It is no longer necessary to re-specify `passenger_enabled` in `location` contexts. Closes GH-1338.
 * [Enterprise] Fixed a bug in mass deployment reloading.
 * [Enterprise] Fixed a bug in mass deployment daemonization.
 * [Enterprise] Fixed passenger-irb. Closes GH-1350.
 * [Enterprise] The mass deployment mode now supports the `app_type` and `startup_file` configuration options in Passengerfile.json/passenger-standalone.json. Closes GH-1366.


Release 5.0.0 beta 3
--------------------

 * The turbocache has received major updates and fixes based on excellent feedback Chris Heald and the community. First, several bugs w.r.t. the handling of caching headers have been fixed. Second, the turbocache has become slightly more conservative for security reasons. In previous versions, default cacheable responses (as defined by RFC 7234) were cached unless caching headers tell us not to. Now, default cacheable responses are only cached if caching headers explicitly tell us to. This change was introduced because there are many applications that set incorrect caching headers on private responses. This new behavior is currently not configurable, but there are plans to make it configurable in 5.0.0 release candidate 1.
 * Introduced a new configuration option, `passenger_response_buffer_high_watermark` (Nginx) and `PassengerResponseBufferHighWatermark` (Apache), for configuring the behavior of the response buffering system. Closes GH-1300.
 * Fixed more cookie handling issues. Closes GH-1310.
 * Fixed various WebSocket issues. Closes GH-1306.
 * Fixed some crashes caused by race conditions. Closes GH-1326.
 * Fixed issues with handling POST data. Closes GH-1331.
 * Fixed some issues on Heroku. Closes GH-1329.
 * Fixed some integer overflows. Fix contributed by Go Maeda. Closes GH-1357.
 * Fixed the `passenger-status --show=union_station` command. Closes GH-1336.
 * Nginx versions earlier than 1.6 are no longer supported.
 * Improved state introspection.


Release 5.0.0 beta 2
--------------------

 * Fixed handling of multiple Set-Cookie headers. Closes GH-1296.
 * `passenger-config system-metrics` now works properly if the agent is installed in ~/.passenger. Closes GH-1304.
 * Documentation enhancements by Igor Vuk. Closes GH-1318.
 * Fixed some crasher bugs.
 * [Standalone] User switching is now correctly disabled.
 * [Standalone] Fixed the `--thread-count` parameter.
 * [Apache] IPs set by mod_remoteip are now respected. Closes GH-1284.
 * [Apache] Fixed support for gzipped chunked responses. Closes GH-1309.


Release 5.0.0 beta 1
--------------------

Version 5.0.0 beta 1 contains major changes. It's mostly compatible with version 4, but there are a few minor breakages, which are described below. Major changes and notable breakages are:

 * Performance has been much improved. This is thanks to months of optimization work. You can learn more at www.rubyraptor.org.
 * We've published a [server optimization guide](https://www.phusionpassenger.com/documentation/ServerOptimizationGuide.html) for those who are interested in tuning Phusion Passenger.
 * Support for Rails 1.2 - 2.2 has been removed, for performance reasons. Rails 2.3 is still supported.
 * Phusion Passenger now supports integrated HTTP caching, which we call turbocaching. If your app sets the right HTTP headers then Phusion Passenger can tremendously accelerate your app. It is enabled by default, but you can disable it with `--disable-turbocaching` (Standalone), `PassengerTurbocaching off` (Apache), or 'passenger_turbocaching off' (Nginx).
 * Touching restart.txt will no longer restart your app immediately. This is because, for performance reasons, the stat throttle rate now defaults to 10. You can still get back the old behavior by setting `PassengerStatThrottleRate 0` (Apache) or `passenger_stat_throttle_rate 0` (Nginx), but this is not encouraged. Instead, we encourage you to use the `passenger-config restart-app` tool to initiate restarts, which has immediate effect.
 * Websockets are now properly disconnected on application restarts.
 * The Phusion Passneger log levels have been completely revamped. If you were setting a log level before (e.g. through `passenger_log_level`), please read the latest documentation to learn about the new log levels.
 * If you use out-of-band garbage collection, beware that the `X-Passenger-Request-OOB-Work` header has now been renamed to `!~Request-OOB-Work`.
 * When using Rack's full socket hijacking, you must now output an HTTP status line.
 * [Nginx] The `passenger_set_cgi_param` option has been removed and replaced by `passenger_set_header` and `passenger_env_var`.
 * [Nginx] `passenger_show_version_in_header` is now only valid in the `http` context.
 * [Apache] The `PassengerStatThrottleRate` option is now global.

Minor changes:

 * The minimum required Nginx version is now 1.6.0.
 * The instance directory is now touched every hour instead of every 6 hours. This should hopefully prevent more problems with /tmp cleaner daemons.
 * Applications are not grouped not only on the application root path, but also on the environment. For example, this allows you to run the same app in both production and staging mode, with only a single directory, without further configuration. Closes GH-664.
 * The `passenger_temp_dir` option (Nginx) and the `PassengerTempDir` option (Apache) have been replaced by two config options. On Nginx they are `passenger_instance_registry_dir` and `passenger_data_buffer_dir`. On Apache they are `PassengerInstanceRegistryDir` and `PassengerDataBufferDir`. On Apache, `PassengerUploadBufferDir` has been replaced by `PassengerDataBufferDir`.
 * Command line tools no longer respect the `PASSENGER_TEMP_DIR` environment variable. Use `PASSENGER_INSTANCE_REGISTRY_DIR` instead.
 * `passenger-status --show=requests` has been deprecated in favor of `passenger-status --show=connections`.
 * Using the SIGUSR1 signal to restart a Ruby app without dropping connections, is no longer supported. Instead, use `passenger-config detach-process`.
 * Introduced the `passenger-config reopen-logs` command, which instructs all Phusion Passenger agent processes to reopen their log files. You should call this after having rotated the web server logs.
 * [Standalone] The Phusion Passenger Standalone config template has changed. Users are encouraged to update it.
 * [Standalone] `passenger-standalone.json` has been renamed to `Passengerfile.json`.
 * [Standalone] `passenger-standalone.json`/`Passengerfile.json` no longer overrides command line options. Instead, command line options now have the highest priority.


Release 4.0.60
--------------

Note that 4.0.60 is a source-only maintenance release. There will not be any binaries, Debian or RPM packages for this release.

 * Adds OS X El Capitan support.
 * Updates preferred Nginx version from 1.6.2 to 1.6.3.
 * Fixes a header collision vulnerability (CVE-2015-7519, medium severity). Please see our blog for detailed vulnerability description and advisory. Thanks to the SUSE security team for reporting this issue.
 * Fixes the password protection of internal Phusion Passenger processes.

   For security reasons, Phusion Passenger limits access to internal processes, by using Unix file permissions and randomly generated passwords that only authorized internal processes know. It turns out that this password wasn't set correctly, which has now been fixed. There was no security vulnerability, because the file permissions already provide sufficient security. The password only serves as an extra layer of security just in case there is a problem with the former.

   This issue is not at all related to any application-level security or application-level passwords. Any database passwords, keys, or secrets used and generated by applications have got nothing to do with the nature of this issue. This issue only relates to some randomly generated passwords that Passenger uses internally, for its internal operations.


Release 4.0.59
--------------

 * [Enterprise] Fixed support for free-style Node.js apps.


Release 4.0.58
--------------

 * [Enterprise] Fixed a bug in the Debian packages which caused Flying Passenger to break when used with non-system Rubies.
 * The Debian packages no longer require Ruby 1.9. Closes GH-1353.


Release 4.0.57
--------------

 * Fixed a native extension compatibility problem with Ruby 2.2. Closes [ruby-core:67152](https://bugs.ruby-lang.org/issues/10656).
 * Fixed compatibility with Nginx 1.7.9. Closes GH-1335.


Release 4.0.56
--------------

 * Fixed a file descriptor leak that manifests when an error page is shown. Contributed by Paul Bonaud, closes GH-1325.
 * Improved Node.js request load balancing. Closes GH-1322. Thanks to Charles Vallières for the analysis.


Release 4.0.55
--------------

 * Supports Ruby 2.2. Closes GH-1314.
 * Fixed Linux OS name detection.


Release 4.0.54
--------------

 * Contains a licensing-related hot fix for Enterprise customers.


Release 4.0.53
--------------

 * Upgraded the preferred Nginx version to 1.6.2.
 * Improved RVM gemset autodetection.
 * Fixed some Ruby 2.2 compatibility issues.


Release 4.0.52
--------------

 * Fixed a null termination bug when autodetecting application types.
 * Node.js apps can now also trigger the inverse port binding mechanism by passing `'/passenger'` as argument. This was introduced in order to be able to support the Hapi.js framework. Please read http://stackoverflow.com/questions/20645231/phusion-passenger-error-http-server-listen-was-called-more-than-once/20645549 for more information regarding Hapi.js support.
 * It is now possible to abort Node.js WebSocket connections upon application restart. Please refer to https://github.com/phusion/passenger/wiki/Phusion-Passenger:-Node.js-tutorial#restarting_apps_that_serve_long_running_connections for more information. Closes GH-1200.
 * Passenger Standalone no longer automatically resolves symlinks in its paths.
 * `passenger-config system-metrics` no longer crashes when the system clock is set to a time in the past. Closes GH-1276.
 * `passenger-status`, `passenger-memory-stats`, `passenger-install-apache2-module` and `passenger-install-nginx-module` no longer output ANSI color codes by default when STDOUT is not a TTY. Closes GH-487.
 * `passenger-install-nginx-module --auto` is now all that's necessary to make it fully non-interactive. It is no longer necessary to provide all the answers through command line parameters. Closes GH-852.
 * Minor contribution by Alessandro Lenzen.


Release 4.0.50
--------------

 * Fixed a potential heap corruption bug.
 * Added Union Station support for Rails 4.1.


Release 4.0.49
--------------

 * Upgraded the preferred Nginx version to 1.6.1.
 * Fixed a crash that may be triggered by the `passenger_max_requests` feature.
 * Introduced the `spawn_failed` hook, which is called when an application
   process fails to spawn. You could use this hook to setup an error
   notification system. Closes GH-1252.
 * Fonts, RSS and XML are now gzip-compressed by default in Phusion Passenger
   Standalone. Thanks to Jacob Elder. Closes GH-1254.
 * Fixed some user and group information lookup issues. Closes GH-1253.
 * Fixed some request handling crashes. Closes GH-1250.
 * Fixed some compilation problems on Gentoo. Closes GH-1261.
 * Fixed some compilation problems on Solaris. Closes GH-1260.


Release 4.0.48
--------------

 * Fixed a race condition while determining what user an application should
   be executed as. This bug could lead to applications being run as the wrong
   user. Closes GH-1241.
 * [Standalone] Improved autodetection of Rails asset pipeline files. This
   prevents Standalone from incorrectly setting caching headers on non-asset
   pipeline files. Closes GH-1225.
 * Fixed compilation problems on CentOS 5. Thanks to J. Smith. Closes GH-1247.
 * Fixed compilation problems on OpenBSD.
 * Fixed compatibility with Ruby 1.8.5.


Release 4.0.47
--------------

 * [Enterprise] Fixed a bug in Flying Passenger's `--max-preloader-idle-time`
   option.


Release 4.0.46
--------------

 * Further improved Node.js and Socket.io compatibility.
 * Sticky session cookies have been made more reliable.
 * Fixed WebSocket upgrade issues on Firefox. Closes GH-1232.
 * The Python application loader now inserts the application root into `sys.path`.
   The fact that this was not done previously caused a lot of confusion amongst
   Python users, who wondered why their `passenger_wsgi.py` could not import any
   modules from the same directory.
 * Fixed a compatibility problem with Django, which could cause Django apps to
   freeze indefinitely. Closes GH-1215.
 * Logging of application spawning errors has been much improved. Full details
   about the error, such as environment variables, are saved to a private log file.
   In the past, these details were only viewable in the browser. This change also
   fixes a bug on Phusion Passenger Enterprise, where enabling Deployment Error
   Resistance causes error messages to get lost. Closes GH-1021 and GH-1175.
 * Fixed a regression in Node.js support. When a Node.js app is deployed on
   a HTTPS host, the `X-Forwarded-Proto` header wasn't set in 4.0.45.
   Closes GH-1231.
 * Passenger Standalone no longer, by default, loads shell startup files before
   loading the application. This is because Passenger Standalone is often invoked
   from the shell anyway. Indeed, loading shell startup files again can interfere
   with any environment variables already set in the invoking shell. You can
   still tell Passenger Standalone to load shell startup files by passing
   `--load-shell-envvars`. Passenger for Apache and Passenger for Nginx still
   load shell startup files by default.
 * Passenger Standalone now works properly when the HOME environment variable
   isn't set. Closes GH-713.
 * Passenger Standalone's `package-runtime` command has been removed. It has
   been broken for a while and has nowadays been obsolete by our automatic
   [binary generation system](https://github.com/phusion/passenger_autobuilder).
   Closes GH-1133.
 * The `passenger_startup_file` option now also works on Python apps. Closes GH-1233.
 * If you are a [Union Station](https://www.unionstationapp.com) customer, then
   Phusion Passenger will now also log application spawning errors to Union Station.
   This data isn't shown in the Union Station interface yet, but it will be
   implemented in the future.
 * Fixed compilation problems on OmniOS and OpenIndiana. Closes GH-1212.
 * Fixed compilation problems when Nginx is configured with OpenResty.
   Thanks to Yichun Zhang. Closes GH-1226.
 * Fixed Nginx HTTP POST failures on ARM platforms. Thanks to nocelic for the fix.
   Closes GH-1151.
 * Documentation contributions by Tim Bishop and Tugdual de Kerviler.
 * Minor Nginx bug fix by Feng Gu. Closes GH-1235.


Release 4.0.45
--------------

 * Major improvements in Node.js and Meteor compatibility. Older Phusion Passenger
   versions implemented Node.js support by emulating Node.js' HTTP library.
   This approach was found to be unsustainable, so we've abandoned that approach
   and replaced it with a much simpler approach that does not involve emulating
   the HTTP library.
 * Introduced support for sticky sessions. Sticky sessions are useful -- or even
   required -- for apps that store state inside process memory. Prominent examples
   include SockJS, Socket.io, faye-websocket and Meteor. Sticky sessions are
   required to make the aforementioned examples work in multi-process scenarios.
   By introducing sticky sessions support, we've much improved WebSocket support
   and support for the aforementioned libraries and frameworks.
 * Due to user demand, GET requests with request bodies are once again supported.
   Support for these kinds of requests was removed in 4.0.42 in an attempt to
   increase the strictness and robustness of our request handling code. It has
   been determined that GET requests with request bodies can be adequately
   supported without degrading robustness in Phusion Passenger. However, GET
   requests with both request bodies and WebSocket upgrade headers are
   unsupported. Fixes issue #1092.
 * [Enterprise] The [Flying Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#flying_passenger)
   feature is now also available on Apache.
 * Fixed some issues with RVM mixed mode support, issue #1121.
 * Fixed Passenger Standalone complaining about not finding PassengerHelperAgent
   during startup.
 * Fixed various minor issues such as #1190 and #1197.
 * The download timeout for passenger-install-nginx-module has been increased.
   Patch by 亀田 義裕.


Release 4.0.44
--------------

 * The issue tracker has now been moved from Google Code to Github.
   Before version 4.0.44 (May 29 2014, commit 3dd0964c9f4), all
   issue numbers referred to Google Code. From now on, all issue
   numbers will refer to Github Issues.
 * Fixed compilation problems on OS X Lion and OS X Mountain Lion.
 * On Ruby, fixed `nil` being frozen on accident in some cases.
   See issue #1192.


Release 4.0.43
--------------

 * Introduced a new command `passenger-config list-instances`, which prints all
   running Phusion Passenger instances.
 * Introduced a new command `passenger-config system-metrics, which displays
   metrics about the system such as the total CPU and memory usage.
 * Fixed some compilation problems caused by the compiler capability autodetector.
 * System metrics such as total CPU usage and memory usage, are now sent to
   [Union Station](https://www.unionstationapp.com) in preparation for future
   features.


Release 4.0.42
--------------

 * [Nginx] Upgraded the preferred Nginx version to 1.6.0.
 * [Nginx] Fixed compatibility with Nginx 1.7.0.
 * [Standalone] The MIME type for .woff files has been changed to application/font-woff.
   Fixes issue #1071.
 * There are now APT packages for Ubuntu 14.04. At the same time, packages for
   Ubuntu 13.10 have been abandoned.
 * Introduced a new command, `passenger-config build-native-support`, for ensuring
   that the native_support library for the current Ruby interpreter is built. This
   is useful in system provisioning scripts.
 * For security reasons, friendly error pages (those black/purple pages that shows
   the error message, backtrace and environment variable dump when an application
   fails to start) are now disabled by default when the application environment is
   set to 'staging' or 'production'. Fixes issue #1063.
 * Fixed some compilation warnings on Ubuntu 14.04.
 * Fixed some compatibility problems with Rake 10.2.0 and later.
   See [Rake issue 274](https://github.com/jimweirich/rake/issues/274).
 * Improved error handling in [Union Station](https://www.unionstationapp.com) support.
 * Data is now sent to Union Station on a more frequent basis, in order to make new
   data show up more quickly.
 * Information about the code revision is now sent to Union Station, which will be
   used in the upcoming deployment tracking feature in Union Station 2.


Release 4.0.41
--------------

 * Fixed some issues with printing UTF-8 log files on Heroku.
 * Added a new flag `--ignore-app-not-running` to `passenger-config restart-app`.
   When this flag is given, `passenger-config restart-app` will exit successfully
   when the specified application is not running, instead of exiting with
   an error.
 * Our precompiled Passenger Standalone binaries have been upgraded to use
   OpenSSL 1.0.1g, which fixes [the OpenSSL Heartbleed vulnerability](http://heartbleed.com/).
   Users who are using Passenger Standalone with SSL enabled are vulnerable,
   and should upgrade immediately. Users who do not use Passenger Standalone,
   users who use Passenger Standalone without SSL, or users who use Passenger
   Standalone with SSL behind another SSL-enabled reverse proxy, are not
   vulnerable.


Release 4.0.40
--------------

 * Upgraded preferred Nginx version to 1.4.7. This Nginx version fixes
   a buffer overflow. Users are strongly urged to upgrade Nginx as soon
   as possible.


Release 4.0.39
--------------

 * Fixed a crash that could happen if the client disconnects while a chunked
   response is being sent. Fixes issue #1062.
 * In Phusion Passenger Standalone, it is now possible to customize the Nginx
   configuration file on Heroku. It is now also possible to permanently apply
   changes to the Nginx configuration file, surviving upgrades. Please refer
   to the "Advanced configuration" section of the Phusion Passenger Standalone
   manual for more information.
 * The programming language selection menu in passenger-install-apache2-module
   and passenger-install-nginx-module only works on terminals that support
   UTF-8 and that have a UTF-8 capable font. To cater to users who cannot meet
   these requirements (e.g. PuTTY users using any of the default Windows fonts),
   it is now possible to switch the menu to a plain text mode by pressing '!'.
   Fixes issue #1066.
 * Fixed printing UTF-8 characters in log files in Phusion Passenger Standalone.
 * It is now possible to dump live backtraces of Python apps through the
   'SIGABRT' signal.
 * Fixed closing of file descriptors on OS X 10.9.
 * Fixed compilation problems with Apple Clang 503.0.38 on OS X.
 * Fixed compilation of native_support on Rubinius.


Release 4.0.38
--------------

 * Added support for the new Ruby 2.1.0 out-of-band garbage collector.
   This can much improve garbage collection performance, and drastically
   reduce request times.
 * Fixed a symlink-related security vulnerability.

   Urgency: low
   Scope: local exploit
   Summary: writing files to arbitrary directory by hijacking temp directories
   Affected versions: 4.0.37
   Fixed versions: 4.0.38
   CVE-2014-1832

   Description:
   This issue is related to CVE-2014-1831 (the security issue as mentioned in
   the 4.0.37 release notes). The previous fix was incomplete, and still has a
   (albeit smaller) small attack time window in between two filesystem
   checks. This attack window is now gone.
 * Passenger Standalone is now compatible with IPv6.
 * Fixed some compilation problems on Solaris. See issue #1047.
 * passenger-install-apache2-module and passenger-install-nginx-module
   now automatically run in `--auto` mode if stdin is not a TTY. Fixes
   issue #1030.
 * Fixed an issue with non-bundled Meteor apps not correctly running in
   production mode.
 * The `PassengerPreStart` option is now compatible with IPv6 server sockets.
 * When running Python WSGI apps, `wsgi.run_once` is now set to False.
   This should improve the performance of certain apps and frameworks.
 * When handling HTTP requests with chunked transfer encoding, the
   'Transfer-Encoding' header is no longer passed to the application.
   This is because the web server already buffers and dechunks the
   request body.
 * Fixed a possible hang in Phusion Passenger for Nginx when Nginx
   is instructed to reload or reopen log files. Thanks to Feng Gu,
   [pull request #97](https://github.com/phusion/passenger/pull/97).
 * The preferred Nginx version has been upgraded to 1.4.6.
 * Fixed a problem with running passenger-install-apache2-module and
   passenger-install-nginx-module on JRuby. They were not able to accept
   any terminal input after displaying the programming language menu.


Release 4.0.37
--------------

 * Improved Node.js compatibility. Calling on() on the request object
   now returns the request object itself. This fixes some issues with
   Express, Connect and Formidable. Furthermore, some WebSocket-related
   issues have been fixed.
 * Improved Meteor support. Meteor application processes are now shut down
   quicker. Previously, they linger around for 5 seconds while waiting for
   all connections to terminate, but that didn't work well because WebSocket
   connections were kept open indefinitely. Also, some WebSocket-related
   issues have been fixed.
 * Introduced a new tool `passenger-config detach-process` for gracefully
   detaching an application process from the process pool. Has a similar
   effect to killing the application process directly with `kill <PID>`,
   but killing directly may cause the HTTP client to see an error, while
   using this command guarantees that clients see no errors.
 * Fixed a crash that occurs when an application fails to spawn, but the HTTP
   client disconnects before the error page is generated. Fixes issue #1028.
 * Fixed a symlink-related security vulnerability.

   Urgency: low
   Scope: local exploit
   Summary: writing files to arbitrary directory by hijacking temp directories
   Affected versions: 4.0.5 and later
   Fixed versions: 4.0.37
   CVE-2014-1831

   Description:
   Phusion Passenger creates a "server instance directory" in /tmp during startup,
   which is a temporary directory that Phusion Passenger uses to store working files.
   This directory is deleted after Phusion Passenger exits. For various technical
   reasons, this directory must have a semi-predictable filename. If a local attacker
   can predict this filename, and precreates a symlink with the same filename that
   points to an arbitrary directory with mode 755, owner root and group root, then
   the attacker will succeed in making Phusion Passenger write files and create
   subdirectories inside that target directory. The following files/subdirectories
   are created:

    * control_process.pid
    * generation-X, where X is a number.

   If you happen to have a file inside the target directory called `control_process.pid`,
   then that file's contents are overwritten.

   These files and directories are deleted during Phusion Passenger exit. The target
   directory itself is not deleted, nor are any other contents inside the target
   directory, although the symlink is.

   Thanks go to Jakub Wilk for discovering this issue.


Release 4.0.36
--------------

 * [Enterprise] Fixed some Mass Deployment bugs.
 * [Enterprise] Fixed a bug that causes an application group to be put into
   Deployment Error Resistance Mode if rolling restarting fails while
   deployment error resistance is off. Deployment Error Resistance Mode is
   now only activated if it's explicitly turned on.
 * Passenger Standalone now gzips JSON responses.
 * Fixed some cases in which Passenger Standalone does not to properly cleanup
   its temporary files.


Release 4.0.35
--------------

 * Fixed some unit tests.


Release 4.0.34
--------------

 * The Node.js loader code now sets the `isApplicationLoader` attribute on the
   bootstrapping module. This provides a way for apps and frameworks that check
   for `module.parent` to check whether the current file is loaded by Phusion
   Passenger, or by other software that work in a similar way.

   This change has been introduced to solve a compatibility issue with CompoundJS.
   CompoundJS users should modify their server.js, and change the following:

       if (!module.parent) {

   to:

       if (!module.parent || module.parent.isApplicationLoader) {

 * Improved support for Meteor in development mode. Terminating Phusion Passenger
   now leaves less garbage Meteor processes behind.
 * It is now possible to disable the usage of the Ruby native extension by setting
   the environment variable `PASSENGER_USE_RUBY_NATIVE_SUPPORT=0`.
 * Fixed incorrect detection of the Apache MPM on Ubuntu 13.10.
 * When using RVM, if you set PassengerRuby/passenger_ruby to the raw Ruby binary
   instead of the wrapper script, Phusion Passenger will now print an error.
 * Added support for RVM >= 1.25 wrapper scripts.
 * Fixed loading passenger_native_support on Ruby 1.9.2.
 * The Union Station analytics code now works even without native_support.
 * Fixed `passenger-install-apache2-module` and `passenger-install-nginx-module` in
   Homebrew.
 * Binaries are now downloaded from an Amazon S3 mirror if the main binary server
   is unavailable.
 * And finally, although this isn't really a change in 4.0.34, it should be noted.
   In version 4.0.33 we changed the way Phusion Passenger's own Ruby source files
   are loaded, in order to fix some Debian and RPM packaging issues. The following
   doesn't work anymore:

       require 'phusion_passenger/foo'

   Instead, it should become:

       PhusionPassenger.require_passenger_lib 'foo'

   However, we overlooked the fact that this change breaks Ruby apps which use
   our Out-of-Band GC feature, because such apps had to call
   `require 'phusion_passenger/rack/out_of_band_gc'`. Unfortunately we're not able
   to maintain compatibility without reintroducing the Debian and RPM packaging
   issues. Users should modify the following:

       require 'phusion_passenger/rack/out_of_band_gc'

   to:

       if PhusionPassenger.respond_to?(:require_passenger_lib)
         # Phusion Passenger >= 4.0.33
         PhusionPassenger.require_passenger_lib 'rack/out_of_band_gc'
       else
         # Phusion Passenger < 4.0.33
         require 'phusion_passenger/rack/out_of_band_gc'
       end

Release 4.0.33
--------------

 * Fixed a compatibility problem in passenger-install-apache2-module with Ruby 1.8.
   The language selection menu didn't work properly.


Release 4.0.32
--------------

 * Fixed compatibility problems with old Ruby versions that didn't include RubyGems.


Release 4.0.31
--------------

 * Introduced a new tool: `passenger-config restart-app`. With this command you
   can initiate an application restart without touching restart.txt.
   Unlike touching restart.txt, this tool initiates the restart immediately
   instead of on the next request.
 * Fixed some problems in process spawning and request handling.
 * Fixed some problems with the handling of HTTP chunked transfer encoding
   bodies. These problems only occurred in Ruby.
 * Fixed the HelperAgent, upon shutdown, not correctly waiting 5 seconds until
   all clients have disconnected. Fixes issue #884.
 * Fixed compilation problems on FreeBSD.
 * Fixed some C++ strict aliasing problems.
 * Fixed some problems with spawning applications that print messages without
   newline during startup. Fixes issue #1039.
 * Fixed potential hangs on JRuby when Ctrl-C is used to shutdown the server.
   Fixes issue #1035.
 * When Phusion Passenger is installed through the Debian package,
   passenger-install-apache2-module now checks whether the Apache
   module package (libapache2-mod-passenger) is properly installed,
   and installs it using apt-get if it's not installed. Fixes
   issue #1031.
 * The `passenger-status --show=xml` command no longer prints the non-XML
   preamble, such as the version number and the time. Fixes issue #1037.
 * The Ruby native extension check whether it's loaded against the right Ruby
   version, to prevent problems when people upgrade Ruby without recompiling
   their native extensions.
 * Various other minor Debian packaging improvements.


Release 4.0.30
--------------

 * Fixed wrong autogeneration of HTTP Date header. If the web app does
   not supply a Date header, then Passenger will add one. Unfortunately
   due to the use of the wrong format string, December 30 2013 is
   formatted as December 30 2014. As a result, cookies that expire before
   2014 would expire on December 30 2013 and December 31 2013. Details can
   be found at [Github pull request 93](https://github.com/phusion/passenger/pull/93).

   This issue only affects Phusion Passenger for Nginx and Phusion Passenger
   Standalone, and does not affect Phusion Passenger for Apache.

   You can work around this problem in your application by setting a
   Date header. For example, in Rails you can do:

       before_filter { response.date = Time.now.utc }

   Many thanks to Jeff Michael Dean (zilkey) and many others for bringing this to our attention and for providing workarounds and feedback.


Release 4.0.29
--------------

 * Fixed a compilation problem on OS X Mavericks.


Release 4.0.28
--------------

 * Introduced a workaround for a GCC 4.6 bug. This bug could cause Phusion
   Passsenger to crash during startup. Affected operating systems include
   Ubuntu 12.04 and Amazon Linux 2013.09.01, though not every machine with
   this OS installed exhibits the problem. See issue #902.
 * Improved Node.js support: the Sails framework is now supported.
 * Improved Node.js support: the streams2 API is now supported.
 * Introduced support for hooks, allowing users to easily extend Phusion
   Passenger's behavior.
 * Fixed a bug in the `passenger start -R` option. It was broken because of a
   change introduced in 4.0.25.
 * Fixed a bug in PassengerMaxInstancesPerApp. Fixes issue #1016.
 * Fixed compilation problems on Solaris.
 * Fixed an encoding problem in the Apache autodetection code. Fixes
   issue #1026.
 * The Debian packages no longer depend on libruby.
 * Application stdout and stderr are now printed without normal
   Phusion Passenger debugging information, making them easier to read.


Release 4.0.27
--------------

 * [Apache] Fixed a bug in the Apache module which could lock up the Apache
   process or thread. This is a regression introduced in version 4.0.24.
 * Node.js application processes now have friendly process titles.


Release 4.0.26
--------------

 * Introduced the `PassengerBufferUpload` option for Apache. This option allows one
   to disable upload buffering, e.g. in order to be able to track upload progress.
 * [Nginx] The `HTTPS` variable is now set correctly for HTTPS connections, even
   without setting `ssl on`. Fixes issue #401.
 * [Standalone] It is now possible to listen on both a normal HTTP and an HTTPS port.
 * [Enterprise] The `passenger-status` tool now displays rolling restart status.


Release 4.0.25
--------------

 * The `PassengerAppEnv`/`passenger_app_env`/`--environment` option now also sets NODE_ENV,
   so that Node.js frameworks like Connect can properly respond to the environment.
 * Fixed a bug in our Debian/Ubuntu packages causing `passenger-install-nginx-module`
   not to be able to compile Nginx.
 * Arbitrary Node.js application structures are now supported.
 * [Nginx] Introduced the `passenger_restart_dir` option.
 * [Nginx] Upgraded preferred Nginx version to 1.4.4 because of CVE-2013-4547.


Release 4.0.24
--------------

 * Introduced the `PassengerNodejs` (Apache) and `passenger_nodejs` (Nginx)
   configuration options.
 * [Apache] Introduced the `PassengerErrorOverride` option, so that HTTP error
   responses generated by applications can be intercepted by Apache and customized
   using the `ErrorDocument` directive.
 * [Standalone] It is now possible to specify some configuration options in
   a configuration file `passenger-standalone.json`. When Passenger Standalone
   is used in Mass Deployment mode, this configuration file can be used to customize
   settings on a per-application basis.
 * [Enterprise] Fixed a potential crash when a rolling restart is triggered
   while a process is already shutting down.
 * [Enterprise] Fixed Mass Deployment support for Node.js and Meteor.


Release 4.0.23
--------------

 * Fixed compilation problems on GCC 4.8.2 (e.g. Arch Linux 2013-10-27).
 * Fixed a compatibility problem with Solaris /usr/ccs/bin/make: issue #999.
 * Support for the Meteor Javascript framework has been open sourced.


Release 4.0.22
--------------

 * [Enterprised] Fixed compilation problems on OS X Mavericks.


Release 4.0.21
--------------

 * [Nginx] Upgraded the preferred Nginx version to 1.4.3.
 * Node.js support has been open sourced.
 * Prelimenary OS X Mavericks support.
 * Work around an Apache packaging bug in CentOS 5.
 * Various user friendliness improvements in the documentation and the
   installers.
 * Fixed a bug in the always_restart.txt support. Phusion Passenger was
   looking for it in the wrong directory.
 * Many Solaris and Sun Studio compatibility fixes. Special thanks to
   "mark" for his extensive assistance.
 * [Standalone] The --temp-dir command line option has been introduced.


Release 4.0.20
--------------

 * Fixed a bug in Phusion Passenger Standalone's daemon mode. When in daemon
   mode, the Nginx temporary directory was deleted prematurely, causing some
   POST requests to fail. This was a regression that was introduced in 4.0.15
   as part of an optimization.
 * Fixed compilation problems on Solaris 10 with Sun Studio 12.3.
 * Improved detection of RVM problems.
 * It is now possible to log the request method to Union Station.
 * Introduced a new option, `PassengerLoadShellEnvvars` (Apache) and
   `passenger_load_shell_envvars` (Nginx). This allows enabling or disabling
   the loading of bashrc before spawning the application.
 * [Enterprise] Fixed a packaging problem which caused the flying-passenger
   executable not to be properly included in the bin path.
 * [Enterprise] Fixed a race condition which sometimes causes the Flying
   Passenger socket to be deleted after a restart. Fixes issue #939.
 * [Enterprise] The `byebug` gem is now supported for debugging on Ruby 2.0.
   The byebug gem requires a patch before this works:
   https://github.com/deivid-rodriguez/byebug/pull/29


Release 4.0.19
--------------

 * Fixed a problem with response buffering. Application processes are now
   properly marked available for request processing immediately after they're
   done sending the response, instead of after having sent the entire response
   to the client.
 * The "processed" counter in `passenger-status` is now bumped after the process
   has handled a request, not at the beginning.
 * [Enterprise] Fixed an off-by-one bug in the `passenger_max_processes` setting.


Release 4.0.18
--------------

 * The Enterprise variant of Phusion Passenger Standalone now supports
   customizing the concurrency model and thread count from the command line.
 * On Nginx, the Enterprise license is now only checked if Phusion Passenger
   is enabled in Nginx. This allows you to deploy Nginx binaries, that have
   Phusion Passenger Enterprise compiled in, to servers that are not
   actually running Phusion Passenger Enterprise.
 * Fixed a performance bug in the Union Station support code. In certain cases
   where a lot of data must be sent to Union Station, the code is now over
   100 times faster.
 * `passenger-status --show=union_station` now displays all clients that
   are connected to the LoggingAgent.
 * Added a workaround for Heroku so that exited processes are properly detected
   as such.
 * When using Phusion Passenger Standalone with Foreman, pressing Ctrl-C
   in Foreman no longer results in runaway Nginx processes.
 * Fixed backtraces in the Apache module.


Release 4.0.17
--------------

 * Fixed compilation problems on GCC 4.8 systems, such as Arch Linux 2013.04.
   Fixes issue #941.
 * Fixed some deprecation warnings when compiling the Ruby native extension
   on Ruby 2.0.0.
 * Fixed some Union Station-related stability issues.


Release 4.0.16
--------------

 * Allow Phusion Passenger to work properly on systems where the user's GID
   does not have a proper entry in /etc/group, such as Heroku.


Release 4.0.15
--------------

 * Out-of-band work has been much improved. The number of processes which
   may perform out-of-band work concurrently has been limited to 1.
   Furthermore, processes which are performing out-of-band work are now
   included in the max pool size constraint calculation. However, this
   means that in order to use out-of-band work, you need to have at least
   2 application processes running. Out-of-band work will never be triggered
   if you just have 1 process. Partially fixes issue #892.
 * Phusion Passenger now displays an error message to clients if too many
   requests are queued up. By default, "too many" is 100. You may customize
   this with `PassengerMaxRequestQueueSize` (Apache) or
   `passenger_max_request_queue_size` (Nginx).
 * A new configuration option, `PassengerStartTimeout` (Apache) and
   `passenger_start_timeout` (Nginx), has been added. This option allows you
   to specify a timeout for application startup. The startup timeout has exited
   since version 4.0.0, but before version 4.0.15 it was hardcoded at a value
   of 90 seconds. Now it is customizable. Fixes issue #936.
 * [Enterprise] The `PassengerMaxRequestTime`/`passenger_max_request_time`
   feature is now available for Python and Node.js as well, and is no longer
   limited to just Ruby. Fixes issue #938.
 * [Nginx] Introduced a configuration option `passenger_intercept_errors`,
   which decides if Nginx will intercept responses with HTTP status codes of
   400 and higher. Its effect is similar to `proxy_intercept_errors`.
 * [Standalone] Memory usage optimization: when `passenger start` is run with
   `--daemonize`, the frontend exits after starting the Nginx core. This saves
   ~20 MB of memory per `passenger start` instance.
 * [Standalone] Phusion Passenger Standalone is now also packaged in the
   Debian packages.
 * [Standalone] Fix a problem with the `passenger stop` command on Ruby 1.8.7.
   The 'thread' library was not properly required, causing a crash.
 * [Standalone] There is now builtin support for SSL.
 * Fix a crash when multiple `passenger_pass_header` directives are set.
   Fixes issue #934.
 * Permissions on the server instance directory are now explicitly set
   with chmod, so that permissions are correct on systems with a non-default
   umask. Fixes issue #928.
 * Fix permission problems when running `passenger start` with `--user`.
 * `passenger-config --detect-apache2` now correctly detects the eror log
   filename on Amazon Linux. Fixes issue #933.
 * An environment variable `PASSENGER_THREAD_LOCAL_STORAGE` has been added
   to the build system for forcefully disabling the use of thread-local
   storage within the Phusion Passenger codebase. This flag useful on systems
   that have broken support for thread-local storage, despite passing our build
   system's check for proper thread-local storage support. At the time of
   writing, one user has reported that Ubuntu 12.04 32-bit has broken
   thread-local storage report although neither the reporter nor us were able
   to reproduce the problem on any other systems running Ubuntu 12.04 32-bit.
   Note that this flag has no effect on non-Phusion Passenger code. Fixes
   issue #937.
 * It is now possible to preprocess events before they are sent to Union
   Station. This is useful for removing confidential data as demonstrated in
   this example `config/initializers/passenger.rb` file:

       if defined?(PhusionPassenger)
           event_preprocessor = lambda do |e|
               e.payload[:sql].gsub!("secret","PASSWORD") if e.payload[:sql]
           end
           PhusionPassenger.install_framework_extensions!(:event_preprocessor => event_preprocessor)
       end

Release 4.0.14
--------------

 * Fixed a bug in Passenger Standalone's source compiler, for the specific
   case when the downloaded Nginx binary doesn't work, and compilation
   of the Nginx binary did not succeed the first time (e.g. because of
   missing dependencies).
 * Precompiled Ruby native extensions are now automatically downloaded.


Release 4.0.13
--------------

 * Updated preferred Nginx version to 1.4.2.
 * Worked around the fact that FreeBSD 9.1 has a broken C++ runtime. Patch
   contributed by David Keller.
 * Autogenerated HTTP Date headers are now in UTC instead of local time.
   This could cause cookies to have the wrong expiration time. Fixes issue #913.
 * Fixed compatibility problems with Ruby 1.8.6 (issue #924).
 * Introduced a tool, `passenger-config --detect-apache2`, which autodetects
   all Apache installations on the system along with their parameters (which
   apachectl command to run, which log file to read, which config file to edit).
   The tool advises users about how to use that specific Apache installation.
   Useful if the user has multiple Apache installations but don't know about
   it, or when the user doesn't know how to work with multiple Apache
   installations.
 * Added an API for better Rack socket hijacking support.
 * Added a hidden configuration option for customizing the application start
   timeout. A proper configuration option will be introduced in the future.
 * Added autodetection support for Amazon Linux.
 * Fixed process metrics collection on some operating systems. Some systems'
   'ps' command expect no space between -p and the list of PIDs.


Release 4.0.10
--------------

 * Fixed a crash in PassengerWatchdog which occurs on some OS X systems.
 * Fixed exception reporting to Union Station.
 * Improved documentation.


Release 4.0.9
-------------

 * [Enterprise] Fixed a problem with passenger-irb.


Release 4.0.8
-------------

 * Fixed a problem with graceful web server restarts. When you gracefully
   restart the web server, it would cause Phusion Passenger internal sockets
   to be deleted, thus causing Phusion Passenger to go down. This problem
   was introduced in 4.0.6 during the attempt to fix issue #910.
 * The PassengerRestartDir/passenger_restart_dir now accepts relative
   filenames again, just like in Phusion Passenger 3.x. Patch
   contributed by Ryan Schwartz.
 * Documentation updates contributed by Gokulnath Manakkattil.
 * [Enterprise] Fixed a license key checking issue on some operating systems,
   such as CentOS 6.


Release 4.0.7
-------------

 * There was a regression in 4.0.6 that sometimes prevents
   PassengerLoggingAgent from starting up. Unfortunately this slipped
   our release testing. This regression has been fixed and we've updated
   our test suite to check for these kinds of regressions.


Release 4.0.6
-------------

 * Fixed a potential 100% CPU lock up in the crash handler, which only occurs
   on OS X. Fixes issue #908.
 * Fixed a crash in request handling, when certain events are trigger after
   the client has already disconnected. Fixes issue #889.
 * Phusion Passenger will no longer crash when the Phusion Passenger
   native_support Ruby extension cannot be compiled, e.g. because the Ruby
   development headers are not installed or because the current user has no
   permission to save the native extension file. Fixes issue #890.
 * Fixed OS X 10.9 support. Fixes issue #906.
 * Removed dependency on bash, so that Phusion Passenger works out of the box
   on BSD platforms without installing/configuring bash. Fixes issue #911.
 * Fix 'PassengerPoolIdleTime 0' not being respected correctly. Issue #904.
 * Admin tools improvement: it is now possible to see all currently running
   requests by invoking `passenger-status --show=requests`.
 * A new feature called Flying Passenger allows you to decouple the life time
   of Phusion Passenger from the web server, so that both can be restarted
   indepedently from each other. Please refer to
   http://blog.phusion.nl/2013/07/03/technology-preview-introducing-flying-passenger/
   for an introduction.
 * [Apache] Fixed compatibility with Apache pipe logging. Previously this
   would cause Phusion Passenger to lock up with 100% CPU during Apache
   restart.
 * [Nginx] The Nginx configure script now checks whether 'ruby' is in $PATH.
   Previously, if 'ruby' is not in $PATH, then the compilation process fails
   with an obscure error.
 * [Nginx] passenger-install-nginx-module now works properly even when Phusion
   Passenger is installed through the Debian packages. Before, the installer
   would tell you to install Phusion Passenger through the gem or tarball
   instead.
 * [Enterprise] Added pretty printing helpers to the Live IRB Console.
 * Fixed permissions on a subdirectory in the server instance directory. The
   server instance directory is a temporary directory that Phusion Passenger
   uses to store working files, and is deleted after Phusion Passenger exits.
   A subdirectory inside it is world-writable (but not world-readable) and is
   used for storing Unix domain sockets created by different apps, which may
   run as different users. These sockets had long random filenames to prevent
   them from being guessed. However because of a typo, this subdirectory was
   created with the setuid bit, when it should have sticky bit (to prevent
   existing files from being deleted or renamed by a user that doesn't own the
   file). This has now been fixed.
 * If the server instance directory already exists, it will now be removed
   first in order get correct directory permissions. If the directory still
   exists after removal, Phusion Passenger aborts to avoid writing to a
   directory with unexpected permissions. Fixes issue #910.
 * The installer now checks whether the system has enough virtual memory, and
   prints a helpful warning if it doesn't.
 * Linux/AArch64 compatibility fixes. Patch contributed by Dirk Mueller.
 * Improved documentation.


Release 4.0.5
-------------

 * [Standalone] Fixed a regression that prevented Passenger Standalone
   from starting. Fixes issue #899.
 * Fixed security vulnerability CVE-2013-2119.

   Urgency: low
   Scope: local exploit
   Summary: denial of service and arbitrary code execution by hijacking temp files
   Affected versions: all versions
   Fixed versions: 3.0.21 and 4.0.5

   Description:
   Phusion Passenger's code did not always create temporary files and directories in a secure manner. Temporary files and directories were sometimes created with a predictable filename. A local attacker can pre-create temporary files, resulting in a denial of service. In addition, this vulnerability allows a local attacker to run arbitrary code as another user, by hijacking temporary files.

   By pre-creating certain temporary files with certain permissions, attackers can prevent Passenger Standalone from starting (denial of service).

   By pre-creating certain temporary files with certain other permissions, attackers can trick `passenger start` and the build system (which is invoked by `passenger-install-apache2-module`/`passenger-install-nginx-module`) to run arbitrary code. The user that the code is run as, is equal to the user that ran `passenger start` or the build system. Attacks of this nature have to be timed exactly right. The attacker must overwrite the file contents right after Phusion Passenger has created the file contents, but right before the file is used. In the context of `passenger start`, the vulnerable window begins right after Passenger Standalone has created the Nginx config file, and ends when Nginx has read the config file. Once Nginx has started and initialized, the system is no longer vulnerable. `passenger stop` and other Passenger Standalone commands besides `start` are not vulnerable. In the context of the build system, the vulnerable window begins when `passenger-install-apache2-module`/`passenger-install-nginx-module` prints its first dependency checking message, and ends when it prints the first compiler command.

   Only the `passenger start` command, the `passenger-install-apache2-module` command and the `passenger-install-nginx-module` commands are vulnerable. Phusion Passenger for Apache and Phusion Passenger for Nginx (once they are installed) are not vulnerable.

   Fixed versions:
   3.0.21 and 4.0.5 have been released to address this issue.

   Workaround:
   You can use this workaround if you are unable to upgrade. Before invoking any Phusion Passenger command, set the `TMPDIR` environment variable to a directory that is not world-writable. Special care must be taken when you use sudo: sudo resets all environment variables, so you should either invoke sudo with `-E`, or you must set the environment variable after gaining root privileges with sudo.


Release 4.0.4
-------------

 * Fixed autodetection of noexec-mount /tmp directory. Fixes issue #850
   and issue #625.
 * Fixed a WSGI bug. wsgi.input was a file object opened in text mode,
   but should be opened in binary mode. Fixes issue #881.
 * Fixed a potential crash in Out-of-Band Work. Fixes issue #894.
 * Fixed a potential crash in rolling restarting, which only occurs if a
   process was also being spawned at the same time. Fixes issue #896.
 * [Apache] The RailsBaseURI and RackBaseURI directives have been unified.
   For a long time, RailsBaseURI told Phusion Passenger that the given
   sub-URI belongs to a **Rails 2** application. Attempt to use this
   directive with Rails 3 or with Rack applications would result in an
   error. Because this confused users, RailsBaseURI and RackBaseURI
   have now been unified and can now be used interchangably. Phusion
   Passenger will automatically detect what kind of application it is.
   The Nginx version already worked like this. Fixes issue #882.
 * [Standalone] The Passenger Standalone temp directory and
   PassengerWatchdog server instance directory have been unified.
   PassengerWatchdog already automatically updates the timestamps of
   all files in its server instance directory every 6 hours to prevent
   /tmp cleaners from deleting the directory. Therefore this
   unification prevents the Passenger Standalone temp directory to be
   deleted by /tmp cleaners as well. Fixes issue #654.
 * [Standalone] types_hash_max_size has been increased from 1024 to
   2048. This solves a problem that causes Nginx not to start on some
   platforms. Contributed by Jan-Willem Koelewijn.


Release 4.0.3
-------------

 * Better protection is now provided against application processes that
   are stuck and refuse to shut down cleanly. Since version 4.0.0,
   Phusion Passenger already forcefully shuts down all processes during
   web server shutdown. In addition to this, 4.0.3 now also forcefully
   shuts down processes that take more than 1 minute to shut down, even
   outside the context of web server shutdowns. This feature does not,
   however, protect against requests that take too long. Use
   PassengerMaxRequestTime (Apache) or passenger_max_request_time (Nginx)
   for that.
 * Fixed a crash in the HelperAgent which results in frequent process
   restarts in some traffic patterns. Fixes issue #862.
 * Fixed a problem that prevents processes from being spawned correctly
   if the user's bashrc changes working directory. Fixes issue #851.
 * passenger-status now also displays CPU usage.
 * The installer now checks for checksums when automatically downloading
   PCRE and Nginx. Contributed by Joshua Lund.
 * An error is now printed when trying to daemonize Phusion Passenger
   Standalone on Ruby implementations that don't support forking.
   Contributed by Benjamin Fleischer.
 * Although Phusion Passenger already supported JRuby, *installing*
   Phusion Passenger with JRuby was not possible. This has been fixed.
 * Various other minor bug fixes.


Release 4.0.2
-------------

 * Bumped the preferred Nginx version to 1.4.1 because of a critical
   Nginx security vulnerability, CVE-2013-2028. Users are advised to
   upgrade immediately.


Release 4.0.1
-------------

 * Fixed a crasher bug in the Deployment Error Resistance feature.
 * Fixed a bug in PassengerDefaultUser and PassengerDefaultGroup.
 * Fixed a bug which could cause application processes to exit before
   they've finished their request.
 * Fixed some small file descriptor leaks.
 * Bumped the preferred Nginx version to 1.4.0.
 * Editing the Phusion Passenger Standalone Nginx config template
   is no longer discouraged.
 * Improved documentation.


Release 4.0.0 release candidate 6
---------------------------------

 * WebSocket support on Nginx. Requires Nginx >= 1.3.15.
 * Improved RVM support.
 * Performance optimizations.
 * Various bug fixes.


Release 4.0.0 release candidate 5
---------------------------------

 * The default config snippet for Apache has changed! It must now contain a
   `PassengerDefaultRuby` option. The installer has been updated to output
   this option. The `PassengerRuby` option still exists, but it's only used
   for configuring different Ruby interpreters in different contexts. Please
   refer to the manual for more information.
 * We now provide GPG digital signatures for all file releases by Phusion.
   More information can be found in the manual.
 * `passenger-status` now displays process memory usage and time when it
   was last used. The latter fixes issue #853.
 * Exceptions in Rack application objects are now caught to prevent
   application processes from exiting.
 * The `passenger-config` tool now supports the `--ruby-command` argument,
   which helps the user with figuring out the correct Ruby command to use
   in case s/he wants to use multiple Ruby interpreters. The manual has
   also been updated to mention this tool.
 * Fixed streaming responses on Apache.
 * Worked around an OS X Unix domain socket bug. Fixes issue #854.
 * Out-of-Band Garbage Collection now works properly when the application
   has disabled garbage collection. Fixes issue #859.
 * Fixed support for /usr/bin/python on OS X. Fixes issue #855.
 * Fixed looping-without-sleeping in the ApplicationPool garbage collector
   if PassengerPoolIdleTime is set to 0. Fixes issue #858.
 * Fixed some process memory usage measurement bugs.
 * Fixed process memory usage measurement on NetBSD. Fixes issue #736.
 * Fixed a file descriptor leak in the Out-of-Band Work feature. Fixes issue #864.
 * The PassengerPreStart helper script now uses the default Ruby
   interpreter specified in the web server configuration, and no longer
   requires a `ruby` command to be in `$PATH`.
 * Updated preferred PCRE version to 8.32.
 * Worked around some RVM bugs.
 * The ngx_http_stub_status_module is now enabled by default.
 * Performance optimizations.


Release 4.0.0 release candidate 4
---------------------------------

 * Fixed compilation on systems where /tmp is mounted noexec.
 * Fixed some memory corruption bugs.
 * Improved debugging messages.
 * Phusion Passenger Standalone now sets underscores_in_headers.
   Fixes issue #708.
 * Fixed some process spawning compatibility problems, as
   reported in issue #842.
 * The Python WSGI loader now correctly shuts down client sockets
   even when there are child processes that keep the socket open.
 * A new configuration option PassengerPython (Apache) and
   passenger_python (Nginx) has been added so that users can
   customize the Python interpreter on a per-application basis.
   Fixes issue #852.
 * The Apache module now supports file uploads larger than 2 GB
   when on 32-bit systems. Fixes issue #838.
 * The Nginx version now supports the `passenger_temp_dir` option.
 * Environment variables set in the Nginx configuration file
   (through the `env` config option) are now correctly passed to
   all application processes. Fixes issue #371.
 * Fixed support for RVM mixed mode installations. Fixes issue #828.
 * Phusion Passenger now outputs the Date HTTP header in case the
   application didn't already do that (and was violating the HTTP spec).
   Fixes issue #485.
 * Phusion Passenger now checks whether /dev/urandom isn't broken.
   Fixes issue #516.


Release 3.9.5 (4.0.0 release candidate 3)
-----------------------------------------

 * Fixed Rake autodetection.


Release 3.9.4 (4.0.0 release candidate 2)
-----------------------------------------

 * More bug fixes.
 * More documentation updates.
 * Better crash diagnostics.


Release 3.9.3 (4.0.0 release candidate 1)
-----------------------------------------

 * The Nginx version now supports the `passenger_app_root` configuration option.
 * The Enterprise memory limiting feature has been extended to work with non-Ruby applications as well.
 * Application processes that have been killed are now automatically detected within 5 seconds. Previously Phusion Passenger needed to send a request to the process before detecting that it's gone. This change means that when you kill a process by sending it a signal, Phusion Passenger will automatically respawn it within 5 seconds (provided that the process limit settings allow respawning).
 * Phusion Passenger Standalone's HTTP client body limit has been raised from 50 MB to 1 GB.
 * Python 3 support has been added.
 * The build system has been made compatible with JRuby and Ruby 2.0.
 * The installers now print a lot more information about detected system settings so that the user can see  whether something has been wrongly detected.
 * Some performance optimizations. These involve further extending the zero-copy architecture, and the use of hash table maps instead of binary tree maps.
 * Many potential crasher and freezer bugs have been fixed.
 * Error diagnostics have been further improved.
 * Many documentation improvements.


Release 3.9.2 (4.0.0 beta 2)
----------------------------

 * New feature: JRuby and Rubinius support.
 * New feature: Out of Band Work.
 * Sending SIGBART to a Ruby process will now trigger the same behavior
   as SIGQUIT - that is, it will print a backtrace. This is necessary
   for proper JRuby support because JRuby cannot catch SIGQUIT.
 * Rolling restarts and depoyment error resistance are now also available
   in Phusion Passenger Standalone in the Enterprise version.
 * System call failure simulation framework.
 * Improved crash reporting.
 * Many documentation improvements.
 * Many bug fixes.


Release 3.9.1 (4.0.0 beta 1)
----------------------------

This is the first beta of Phusion Passenger 4. The changes are numerous.

 * Support for multiple Ruby versions.
 * The internals now use evented I/O.
 * Real-time response buffering.
 * Improved zero-copy architecture.
 * Rewritten ApplicationPool and process spawning subsystem.
 * Multithreading within Ruby apps (Phusion Passenger Enterprise only).
 * Python WSGI support lifted to "beta" status.
 * More protection against stuck processes.
 * Automatically picks up environment variables from your bashrc.
 * Allows setting environment variables directly in Apache.
 * Automatic asset pipeline support in Standalone.
 * Deleting restart.txt no longer triggers a restart.
 * More stable Union Station support.
 * Many internal robustness improvements.
 * Better relocatability without wasting space.


Release 3.0.21
--------------

 * Rebootstrapped the libev configure to fix compilation problems on Solaris 11.
 * Fixed support for RVM mixed mode installations. Fixes issue #828.
 * Fixed encoding problems in Phusion Passenger Standalone.
 * Changed preferred Nginx version to 1.2.9.
 * Catch exceptions raised by Rack application objects.
 * Fix for CVE-2013-2119. Details can be found in the announcement for version 4.0.5.
 * Version 3.0.20 was pulled because its fixes were incomplete.


Release 3.0.19
--------------

 * Nginx security fix: do not display Nginx version when
   server_tokens are off.
 * Fixed compilation problems on some systems.
 * Fixed some Union Station-related bugs.


Release 3.0.18
--------------

 * Fixed compilation problems on Fedora 17.
 * Fixed Union Station compatibility with Rails 3.2.
 * Phusion Passenger Enterprise Standalone now supports rolling
   restarts and deployment error resistance.


Release 3.0.17
--------------

 * Fixed a Ruby 1.9 encoding-related bug in the memory measurer.
   (Phusion Passenger Enterprise)
 * Fixed OOM adjustment bugs on Linux.
 * Fixed compilation problems on Fedora 18 and 19.
 * Fixed compilation problems on SunOS.
 * Fixed compilation problems on AIX. Contribution by Perry Smith.
 * Fixed various compilation warnings.
 * Upgraded preferred Nginx version to 1.2.3.

3.0.16 was an unofficial hotfix release, and so its announcement had been skipped.


Release 3.0.15
--------------

 * Updated documentation.
 * Updated website links.


Release 3.0.14
--------------

 * [Apache] Fixed a long-standing mod_rewrite-related problem.
   Some mod_rewrite rules would not work, but it depends on the exact
   mod_rewrite configuration so it would work for some people but not
   for others. Issue #563. Thanks a lot to cedricmaion for providing
   information on the nature of the bug and to peter.nash55 for
   providing a VM that allowed us to reproduce the problem.
 * [Nginx] Preferred Nginx version to 1.2.2.
   The previously preferred version was 1.2.1.
 * Cleared some confusing terminology in the documentation.
 * Fixed some Ruby 1.9 encoding problems.


Release 3.0.13
--------------

 * [Nginx] Preferred Nginx version upgraded to 1.2.1.
 * Fixed compilation problems on FreeBSD 6.4. Fixes issue #766.
 * Fixed compilation problems on GCC >= 4.6.
 * Fixed compilation problems on OpenIndiana and Solaris 11. Fixes issue #742.
 * Union Station-related bug fixes.
 * Sending the soft termination signal twice to application processes no longer makes them crash. Patch contributed by Ian Ehlert.


Release 3.0.12
--------------

 * [Apache] Support Apache 2.4. The event MPM is now also supported.
 * [Nginx] Preferred Nginx version upgraded to 1.0.15.
 * [Nginx] Preferred PCRE version upgraded to 8.30.
 * [Nginx] Fixed compatibility with Nginx < 1.0.10.
 * [Nginx] Nginx is now installed with http_gzip_static_module by default.
 * [Nginx] Fixed a memory disclosure security problem.
   The issue is documented at http://www.nginx.org/en/security_advisories.html
   and affects more modules than just Phusion Passenger. Users are advised
   to upgrade as soon as possible. Patch submitted by Gregory Potamianos.
 * [Nginx] passenger_show_version_in_header now hides the Phusion Passenger version number from the 'Server:' header too.
   Patch submitted by Gregory Potamianos.
 * Fixed a /proc deprecation warning on Linux kernel >= 3.0.


Release 3.0.11
--------------

 * Fixed a compilation problem on platforms without alloca.h, such as FreeBSD 7.
 * Improved performance and solved some warnings on Xen systems by compiling
   with `-mno-tls-direct-seg-refs`. Patch contributed by Michał Pokrywka.


Release 3.0.10
--------------

 * [Nginx] Dropped support for Nginx versions older than 1.0.0
 * [Nginx] Fixed support for Nginx 1.1.4+
 * [Nginx, Standalone] Upgraded default Nginx version to 1.0.10
   The previously default version was 1.0.5.
 * [Nginx] New option passenger_max_requests
   This is equivalent to the PassengerMaxRequests option in the Apache
   version: Phusion Passenger will automatically shutdown a worker process
   once it has processed the specified number of requests.
   Contributed by Paul Kmiec.
 * [Apache] New option PassengerBufferResponse
   The Apache version did not buffer responses. This could block the Ruby
   worker process in case of slow clients. We now enable response buffering
   by default. It can be turned off through this option. Feature contributed
   by Ryo Onodera.
 * Fixed remaining Ruby 1.9.3 compatibility problems
   We already supported Ruby 1.9.3 since 3.0.8, but due to bugs in Ruby
   1.9.3's build system Phusion Passenger would fail to detect Ruby 1.9.3
   features on some systems. Fixes issue #714.
 * Fixed a bug in PassengerPreStart
   A regression was introduced in 3.0.8, causing the prespawn script to
   connect to the host name instead of to 127.0.0.1. Fix contributed by
   Andy Allan.
 * Fixed compatibility with GCC 4.6
   Affected systems include Ubuntu 11.10.
 * Fixed various compilation problems.
 * Fixed some Ruby 1.9 encoding problems.
 * Fixed some Ruby 1.9.3 deprecation warnings.


Release 3.0.9
-------------

 * [Nginx] Fixed a NULL pointer crash that occurs on HTTP/1.0 requests
   when the Host header isn't given.
 * Fixed deprecation warnings on RubyGems >= 1.6.
 * Improved Union Station support stability.


Release 3.0.8
-------------

 * [Nginx] Upgraded preferred Nginx version to 1.0.5.
 * [Nginx] Fixed various compilation problems on various platforms.
 * [Nginx] We now ensure that SERVER_NAME is equal to HTTP_HOST without the port part.
   This is needed for Rack compliance. By default Nginx sets SERVER_NAME to
   whatever is specified in the server_name directive, but that's not necessarily
   the correct value. This fixes, for example, the use of the 'map' statement
   in config.ru.
 * [Nginx] Added the options passenger_buffer_size, passenger_buffers and passenger_busy_buffers_size.
   These options are similar to proxy_module's similarly named options. You can
   use these to e.g. increase the maximum header size limit.
 * [Nginx] passenger_pre_start now supports virtual hosts that listen on Unix domain sockets.
 * [Apache] Fixed the pcre.h compilation problem.
 * [Standalone] Fixed 'passenger stop'.
   It didn't work properly because it kept waiting for 'tail' to exit.
   We now properly terminate 'tail' as well.
 * Fixed compatibility with Rake 0.9.
 * Fixed various Ruby 1.9 compatibility issues.
 * Various documentation improvements.
 * New Union Station filter language features.
   It now supports status codes and response times.
   Please refer to https://engage.unionstationapp.com/help#filtering
   for more information.


Release 3.0.7
-------------

 * Fixed a bug passenger-install-apache2-module. It could crash on
   some systems due to a typo in the code.
 * Upgraded preferred Nginx version to 1.0.0.
 * Phusion Passenger Standalone now pre-starts application processes
   at startup instead of doing that at the first request.
 * When sending data to Union Station, the HTTP status code is now also
   logged.
 * Various Union Station-related stability improvements.
 * The Linux OOM killer was previously erroneously disabled for all
   Phusion Passenger processes, including application processes. The
   intention was to only disable it for the Watchdog. This has been
   fixed, and the Watchdog is now the only process for which the OOM
   killer is disabled.
 * Fixed some compilation problems on OpenBSD.
 * Due to a typo, the dependency on file-tail was not entirely removed
   in 3.0.6. This has now been fixed.


Release 3.0.6
-------------

 * Fixed various compilation problems such as XCode 4 support and OpenBSD support.
 * Fixed various Union Station-related stability issues.
 * Fixed an issue with host name detection on certain platforms.
 * Improved error logging in various parts.
 * The dependency on the file-tail library has been removed.
 * During installation, check whether /tmp is mounted with 'noexec'.
   Phusion Passenger's installer relies on /tmp *not* being mounted
   with 'noexec'. If it is then the installer will now show a helpful
   error message instead of bailing out in a confusing manner. Users
   can now tell the installer to use a different directory for storing
   temporary files by customizing the $TMPDIR environment variable.
 * Phusion Passenger Standalone can now run Rackup files that are not named 'config.ru'.
   The filename can be passed through the command line using the -R option.


Release 3.0.5
-------------

 * [Apache] Fixed Union Station process statistics collection
   Union Station users that are using Apache may notice that no process
   information show up in Union Station. This is because of a bug in
   Phusion Passenger's Apache version, which has now been fixed.
 * [Apache] PassengerAnalytics has been renamed to UnionStationSupport
   This option has been renamed for consistency reasons.
 * [Nginx] passenger_analytics has been renamed to union_station_support
   This option has been renamed for consistency reasons.
 * Fixed Union Station data sending on older libcurl versions
   Some Union Station users have reported that their data don't show up.
   Upon investigation this turned out to be a compatibility with older
   libcurl versions. Affected systems include all RHEL 5 based systems,
   such as RHEL 5.5 and CentOS 5.5. We've now fixed compatibility
   with older libcurl versions.
 * Added support for the Union Station filter language
   This language can be used to limit the kind of data that's sent to
   Union Station. Please read
   https://engage.unionstationapp.com/help#filtering for details.
 * Fixed a PassengerMaxPoolSize/passenger_max_pool_size violation bug
   People who host a lot of different applications on Phusion Passenger
   may notice that it sometimes spawns more processes than is allowed
   by PassengerMaxPoolSize/passenger_max_pool_size. This has been fixed.


Release 3.0.4
-------------

 * [Apache] Changed mod_dir workaround hook priority
   Phusion Passenger temporarily disables mod_dir on all Phusion
   Passenger-handled requests in order to avoid conflicts. In order to do this
   it registers some Apache hooks with the APR_HOOK_MIDDLE priority, but it
   turned out that this breaks some other modules like mod_python. The hook
   priority has been changed to APR_HOOK_LAST to match mod_dir's hook
   priorities. Issue reported by Jay Freeman.
 * Added support for Union Station: http://www.unionstationapp.com/
 * Some error messages have been improved.


Release 3.0.3
-------------

 * [Nginx] Preferred Nginx version upgraded to 0.8.54
   The previous preferred version was 0.8.53.
 * PATH_INFO and REQUEST_URI now contain the original escaped URI
   Phusion Passenger passes the URI, as reported by Apache/Nginx, to
   application processes through the PATH_INFO and REQUEST_URI variables.
   These variables are supposed to contain the original, unescaped URI, e.g.
   /clubs/%C3%BC. Both Apache and Nginx thought that it would be a good idea
   to unescape the URI before passing it to modules like Phusion Passenger,
   thereby causing PATH_INFO and REQUEST_URI to contain the unescaped URI,
   e.g. /clubs/ü. This causes all sorts of encoding problems. We now manually
   re-escape the URI when setting PATH_INFO and REQUEST_URI. Issue #404.
 * The installer no longer detects directories as potential commands
   Previously the installer would look in $PATH for everything that's
   executable, including directories. If one has /usr/lib in $PATH
   and a directory /usr/lib/gcc exists then the installer would recognize
   /usr/lib/gcc as the compiler. We now explicitly check whether the item
   is also a file.
 * PseudoIO now responds to #to_io
   Phusion Passenger sets STDERR to a PseudoIO object in order to capture
   anything written to STDERR during application startup. This breaks
   some libraries which expect STDERR to respond to #to_io. This has now
   been fixed. Issue #607.
 * Fixed various other minor bugs
   See the git commit log for details.


Release 3.0.2
-------------

 * [Nginx] Fixed compilation problems
   The Nginx compilation process was broken due to not correctly reverting
   the working directory of the Nginx configure script. This has been fixed:
   issue #595.
 * [Nginx] Fixed crash if passenger_root refers to a nonexistant directory
   Issue #599.
 * Fixed compilation problems on NetBSD
   There was a typo in a NetBSD-specific fcntl() call. It also turns out that
   NetBSD doesn't support some ISO C99 math functions like llroundl(); this
   has been worked around by using other functions. Issue #593.
 * Fixed file descriptor closing issues on FreeBSD
   Phusion Passenger child processes didn't correct close file descriptors
   on FreeBSD because it queries /dev/fd to do that. On FreeBSD /dev/fd
   only returns meaningful results if fdescfs is mounted, which it isn't
   by default. Issue #597.


Release 3.0.1
-------------

 * MUCH faster compilation
   We've applied code aggregation techniques, allowing Phusion Passenger
   to be compiled much quicker now. For example, compiling the Nginx
   component (not Nginx itself) on a MacBook Pro now takes only 29
   seconds instead of 51 seconds, an improvement of 75%! Compiling the
   Apache module on a slower Dell Inspiron now takes 39 seconds instead of
   1 minute 22 seconds, or 110% faster!
 * Fixed malfunction after web server restart
   On Linux systems that have a non-standard filesystem on /tmp, Phusion
   Passenger could malfunction after restarting the web server because of
   a bug that's only triggered on certain filesystems. Issue #569.
 * Boost upgraded to version 1.44.0.
   We were on 1.42.0.
 * Much improved startup error messages
   Phusion Passenger performs many extensive checks during startup to ensure
   integrity. However the error message in some situation could be vague.
   These startup error messages have now been improved dramatically, so that
   if something goes wrong during startup you will now more likely know why.
 * Curl < 7.12.1 is now supported
   The previous version fails to compile with Curl versions earlier than
   7.12.1. Issue #556.
 * passenger-make-enterprisey fixed
   This is the command that people can run after donating. It allows people
   to slightly modify Phusion Passenger's display name as a joke. In 3.0.0 it
   was broken because of a typo. This has been fixed.
 * Removed passenger-stress-test
   This tool was used during the early life of Phusion Passenger for stress
   testing websites. Its performance has never been very good and there are
   much better tools for stress testing, so this tool has now been removed.
 * [Apache] RailsEnv and RackEnv configuration options are now equivalent
   In previous versions, RailsEnv only had effect on Rails 1 and Rails 2 apps
   while RackEnv only had effect on Rack apps. Because Rails 3 apps are
   considered Rack apps, setting RailsEnv had no effect on Rails 3 apps.
   Because this is confusing to users, we've now made RailsEnv and RackEnv
   equivalent. Issue #579.
 * [Nginx] Fixed compilation problems on systems with unpowerful shells
   Most notably Solaris. Its default shell does not support some basic
   constructs that we used in the Nginx configure script.
 * [Nginx] Upgraded default Nginx version to to 0.8.53
   The previous default was 0.8.52.
 * [Nginx] passenger_enabled now only accepts 'on' or 'off' values
   Previously it would recognize any value not equal to 'on' as meaning
   'off'. This caused confusion among users who thought they could also
   specify 'true', so we now throw a proper error if the value is
   unrecognized. Fixes issue #583.


Release 3.0.0
-------------

This is a major release with many changes. Please read our blog for details.


Release 2.2.15
--------------

 * [Apache] Fixed incorrect temp dir cleanup by passenger-status
   On some systems, running passenger-status could print the following
   message:
   
      *** Cleaning stale folder /tmp/passenger.1234
   
   ...after which Phusion Passenger breaks because that directory is
   necessary for it to function properly. The cause of this problem
   has been found and has been fixed.
 * [Apache] Fixed some upload handling problems
   Previous versions of Phusion Passenger check whether the size of
   the received upload data matches the contents of the Content-Length
   header as received by the client. It turns out that there could
   be a mismatch e.g. because of mod_deflate input compression, so
   we can't trust Content-Length anyway and we're being too strict.
   The check has now been removed.
 * [Nginx] Fixed compilation issues with Nginx >= 0.7.66
   Thanks to Potamianos Gregory for reporting this issue. Issue #500.
 * [Nginx] Default Nginx version changed to 0.7.67
   The previous default version was 0.7.65.
 * Fixed more Bundler problems
   Previous versions of Phusion Passenger would preload some popular
   libraries such as mysql and sqlite3 in order to utilize copy-on-write
   optimizations better. However this behavior conflicts with Bundler
   so we've removed it.


Release 2.2.14
--------------

 * Added support for Rubinius
   Patch contributed by Evan Phoenix.
 * Fixed a mistake in the SIGQUIT backtrace message.
   Patch contributed by Christoffer Sawicki.
 * [Nginx] Fix a localtime() crash on FreeBSD
   This was caused by insufficient stack space for threads. Issue #499.


Release 2.2.13
--------------

 * Fixed some Rails 3 compatibility issues that were recently introduced.
 * Fixed a typo that causes config/setup_load_paths.rb not to be loaded
   correctly.


Release 2.2.12
--------------

 * Improved Bundler support.
   Previous versions might not be able to correctly load gems bundled
   by Bundler. We've also documented how our Bundler support works and
   how to override our support if you need special behavior.
   Please refer to the Phusion Passenger Users Guide, section
   "Bundler support".
 * Worked around some user account handling bugs in Ruby. Issue #192.
 * Fixed some Ruby 1.9 tempfile.rb compatibility problems.
 * Fixed some compilation problems on some ARM Linux platforms.
 * [Apache] Suppress bogus mod_xsendfile-related error messages.
   When mod_xsendfile is being used, Phusion Passenger might print
   bogus error messages like "EPIPE" or "Apache stopped forwarding
   the backend's response" to the log file. These messages are
   normal, are harmless and can be safely ignored, but they pollute
   the log file. So in this release we've added code to suppress
   these messages when mod_xsendfile is being used. Issue #474.
 * [Nginx] Fixed "passenger_user_switching off" permission problems
   If Nginx is running as root and passenger_user_switching is turned
   off, then Phusion Passenger would fail to initialize because of
   a permission problem. This has been fixed. Issue #458.
 * [Nginx] Nginx >= 0.8.38 is now supported.
   Thanks to Sergey A. Osokin for reporting the problem.
 * [Nginx] passenger-install-nginx-module upgraded
    It now defaults to installing Nginx 0.7.65 instead of 0.7.64.


Release 2.2.11
--------------

 * This release fixes a regression that appeared in 2.2.10 which only
   affects Apache. When under high load, Apache might freeze and stop
   responding to requests. It is caused by a race condition which is
   why it escaped our last release testing.
   
   This problem does not affect Nginx; you only have to upgrade if
   you're using Apache.
   
   http://groups.google.com/group/phusion-passenger/t/d5bb2f17c8446ea0


Release 2.2.10
--------------

 * Fixed some Bundler compatibility problems.
 * Fixed some file descriptor passing problems, which previously
   could lead to mysterious crashes.
 * Fixed some compilation problems on newer GCC versions. Issue #430.
 * Support #size method in rack.input.



Release 2.2.9
-------------

 * Fixed compatibility with Rails 3.
   Actually, previous Phusion Passenger releases were already compatible
   with Rails 3, depending on the spawn method that would be invoked. Here's
   the story:
   
   Since Phusion Passenger 2.2.8, when the file config.ru exists, Phusion
   Passenger will treat the app as a Rack app, not as a Rails app. This is
   in contrast to earlier versions which gave Rails detection more priority
   than Rack detection. Phusion Passenger loads Rack apps and Rails apps in
   different ways. The Rails loader was not compatible with Rails 3, which
   is what we've fixed in this release.
   
   That said, a Rails 3 app would have worked out-of-the-box on Phusion
   Passenger 2.2.8 as well because Rails 3 apps include a config.ru file
   by default, causing Phusion Passenger 2.2.8 to use the Rack loader.
   Earlier versions of Phusion Passenger would just completely bail out
   because they'd use the Rails loader.
   
   That said, with 2.2.9 there are still some caveats:
   - Smart spawning (the mechanism with which REE's 33% memory reduction
     is implemented) is *not* supported for Rack apps. This means that if
     you want to utilize smart spawning with Rails 3, then you should
     remove your config.ru file.
   - Rails 3 depends on Rack 1.1.0. You must have Rack 1.1.0 installed as
     a gem, even if you've bundled it with the gem bundler. This is because
     Phusion Passenger itself depends on Rack.
   
   Both of these caveats are temporary. We have plans to solve both of these
   properly in the future.
 * What's up with the Gem Bundler?
   There has been some reports that Phusion Passenger is not compatible with
   Yehuda Katz's gem bundler (http://github.com/wycats/bundler). This might
   have been true for an earlier version of the gem bundler, but the latest
   version seems to work fine. Please note that you need to insert the
   following snippet in config/preinitializer.rb, as instructed by the gem
   bundler's README:
   
     require "#{RAILS_ROOT}/vendor/gems/environment"
   
   The Rails::Boot monkey patching code as posted at
   http://yehudakatz.com/2009/11/03/using-the-new-gem-bundler-today/
   does not seem to be required anymore.
 * Fixed support for ActiveRecord subclasses that connect to another database.
   ActiveRecord subclasses that connect to a database other than the default
   one did not have their connection correctly cleared after forking.
   This can result in weird errors along the lines of "Lost connection to
   MySQL server during query". Issue #429.
 * [Nginx] Fixed PCRE URL.
   passenger-install-nginx-module downloads PCRE 7.8 if PCRE is not already
   installed. However PCRE 7.8 has been removed from their FTP server,
   so we've updated the URL to point to the latest version, 8.0.


Release 2.2.8
-------------

 * [Nginx] Fixed some signal handling problems.
   Restarting Nginx on OS X with SIGHUP can sometimes take a long time or
   even fail completely. This is because of some signal handling problems,
   which have now been fixed.
 * [Nginx] Added OpenSSL as dependency.
   OpenSSL is required in order to install Nginx, but this was not checked
   by passenger-install-nginx-module. As a result,
   passenger-install-nginx-module fails on e.g. out-of-the-box Ubuntu
   installations until the user manually installs OpenSSL. Issue #422.
 * [Nginx] Fixed support for internal redirects and subrequests.
   It is now possible to, for example, point X-Accel-Redirects to Phusion
   Passenger-served URLs. Patch contributed by W. Andrew Loe III: issue #433.
 * [Apache] Fixed a GnuTLS compatibility issue.
   mod_gnutls can cause Phusion Passenger to crash because of an unchecked
   NULL pointer. This problem has now been fixed: issue #391.
 * Fixed thread creation issue on Intel Itanium platforms.
   This fixes issue #427.
 * Fixed compilation problems on Linux running on the Renesas SH4 CPU.
   Patch contributed by iwamatsu: issue #428.
 * The Rack library has been unvendored.
   The original reason for vendoring was to work around broken Rails
   applications that explicitly specify Rack as a gem dependency. We've
   found a better workaround that does not require vendoring Rack.
   This also fixes a compatibility problem with Rails 3, because Rails
   3 depends on a newer Rack version than the one we had vendored.
   Issue #432.
 * Fixed compatibility with Ruby 1.9.1 patchlevel >= 152
   Ruby 1.9.1 patchlevel >= 152 has a bug in its tempfile library. If you've
   seen an error message along the lines of

      *** Exception IOError in Passenger RequestHandler (closed stream)
   
   then this is a Ruby bug at work. This bug has been fixed in Ruby 1.9.2,
   but Ruby 1.9.1 still contains this bug. We've added a workaround so that
   the bug is not triggered with this Ruby version. Issue #432.


Release 2.2.7
-------------

 * Removed forgotten debugging code in passenger-install-apache2-module,
   which caused it not to compile anything.


Release 2.2.6
-------------

 * Some /tmp cleaner programs such as tmpwatch try to remove subdirectories
   in /tmp/passenger.xxx after a while because they think those
   subdirectories are unused. This could cause Phusion Passenger to
   malfunction, requiring a web server restart. Measures have now been
   taken to prevent those tmp cleaner programs from removing anything
   in /tmp/passenger.xxx. Issue #365.
 * When autodetecting the application type, Rack is now given more priority
   than Rails. This allows one to drop a config.ru file in a Rails directory
   and have it detected as a Rack application instead of a Rails application.
   Patch contributed by Sam Pohlenz: issue #338.
 * The default socket backlog has been increased from 'SOMAXCONN' (which
   is 128 on most platforms) to 1024. This should fix most
   'helper_server.sock failed: Resource temporarily unavailable'
   errors.
 * Fixed compilation problems on Solaris. Issue #369 and issue #379.
 * Fixed crashes on PowerPC.
 * Some Ruby 1.9 compatibility fixes. Issue #398.
 * The installer now displays correct dependency installation instructions
   for Mandriva Linux.
 * [Apache] The location of the 'apxs' and 'apr-config' commands can now
   also be passed to the installer through the --apxs-path and
   --apr-config-path parameters, in addition to the $APXS2 and $APR_CONFIG
   environment variables. Issue #3.
 * [Nginx] Various problems that only occur on 64-bit platforms have been fixed.
 * [Nginx] The installer now installs Nginx 0.7.64 by default.


Release 2.2.5
-------------

 * [Apache] Small file uploads are now buffered; fixes potential DoS attack
   Phusion Passenger buffers large file uploads to temp files so that it
   doesn't block applications while an upload is in progress, but it sent
   small uploads directly to the application without buffering it. This could
   result in a potential DoS attack: the client can send many small, incomplete
   file uploads to the server, and this would block all application processes
   until a timeout occurs. In order to solve this problem, Phusion Passenger
   now buffers small file uploads in memory. Bug #356.

 * [Apache] Fixed support for mod_rewrite passthrough rules
   Mod_rewrite passthrough rules were not properly supported because of a bug
   fix for supporting encoded slashes (%2f) in URLs. Unfortunately, due to
   bugs/limitations in Apache, we can support either encoded slashes or
   mod_rewrite passthrough rules, but not both; supporting one will break the
   other.

   Support for mod_rewrite passthrough rules is now enabled by default; that
   is, support for encoded slashes is disabled by default. A new configuration
   option, "PassengerAllowEncodedSlashes", has been added. Turning this option
   on will enable support for encoded slashes and disable support for
   mod_rewrite passthrough rules.

   Issue #113 and issue #230.

 * [Apache] Added a configuration option for resolving symlinks in the document root path
   Phusion Passenger 2.2.0 and higher no longer resolves symlinks in
   the document root path in order to properly support Capistrano-style
   directory structures. The exact behavior is documented in the Users Guide,
   section "How Phusion Passenger detects whether a virtual host is a web
   application".

   However, some people relied on the old behavior. A new configuration option,
   PassengerResolveSymlinksInDocumentRoot, has been added to allow reverting
   back to the old behavior.

   Patch contributed by Locaweb (http://www.locaweb.com.br/).

 * [Apache] mod_env variables are now also passed through CGI environment headers
   Prior to version 2.2.3, environment variables set by mod_env are passed to
   the application as CGI environment headers, not through Ruby's ENV variable.
   In the last release we introduced support for setting ENV environment
   variables with mod_env, and got rid of the code for setting CGI environment
   headers. It turns out that some people relied on the old behavior, we so now
   environment variables set with mod_env are set in both ENV and in the CGI
   environment.
   
   Fixes bug #335.

 * [Apache] Fixed compilation problems on some Linux systems with older versions of Apache
   If you used to see compilation errors like this:

       ext/apache2/Configuration.cpp:554: error: expected primary-expression before '.' token

   then this version should compile properly.

 * [Apache] Fixed I/O timeouts for communication with backend processes
   Got rid of the code for enforcing I/O timeouts when reading from or writing to
   a backend process. This caused more problems than it solved.

 * [Nginx] Support for streaming responses (e.g. Comet or HTTP push)
   Buffering of backend responses is now disabled. This fixes support for
   streaming responses, something which the Apache version has supported
   for a while now. One can generate streaming responses in Ruby on Rails
   like this:

       render :text => lambda { |response, output|
           10_000.times do |i|
               output.write("hello #{i}!\n")
           end
       }

 * [Nginx] Installer now installs Nginx 0.7.61 by default
   Previously it installed 0.6.37 by default.

 * [Nginx] Fixed the installer's --extra-configure-flags flag when combined with --auto-download
   Arguments passed to --extra-configure-flags were not being passed to the
   Nginx configure script when --auto-download is given. This has been
   fixed: bug #349.

 * [Nginx] Fixed unnecessary download of PCRE
   The installer now checks whether PCRE is installed in /opt/local (e.g.
   MacPorts) as well before concluding that it isn't installed and going ahead
   with downloading PCRE.

 * Fixed STDERR capturing
   While spawning an application, Phusion Passenger captures any output written
   to STDERR so that it can show them later if the application failed to start.
   This turns out to be much more difficult than expected, with all kinds of
   corner cases that can mess up this feature.

   For example, if the Rails log file is not writable, then this can cause
   Rails to crash with a bizarre and unhelpful error message whenever it tries
   to write to STDERR:

       /!\ FAILSAFE /!\  Thu Aug 20 14:58:39 +1000 2009
       Status: 500 Internal Server Error
       undefined method `[]' for nil:NilClass

   Some applications reopen STDERR to a log file. This didn't work.

   Of all of these problems have been fixed now. (Bug #332)

 * Fixed some bugs in application sources preloading
   Rails >= 2.2 already preloads the application sources, in which case Phusion
   Passenger wasn't supposed to perform it's own preloading, but the Rails
   >= 2.2 detection code was bugged. This has been fixed.

   Rails < 2.2 doesn't preload the application sources by itself, but there
   should be a certain order with which the sources are preloaded, otherwise
   preloading could fail in some applications. We now enforce a specific load
   order: first models, then controllers, then helpers.

   Bug #359.
 
 * Fixed a few bugs in WSGI compliance
   PATH_INFO is supposed to be set to the request URI, but without the query
   string and without the base URI. This has been fixed: bug #360.

 * Fixed some Ruby 1.9-specific crashes caused by encoding issues. Bug #354.
 * Fixed loading of config/environment.rb on Ruby 1.9.2, because Ruby 1.9.2
   no longer has "." in the default load path. Patch by metaljastix, issue #368.
 * The Users Guide for Apache now mentions something about correct permissions
   for application directories.
 * Fixed compilation problems on IA-64 (bug #118). We also reduced the stack
   sizes for the threads by half, so Phusion Passenger should use even less
   virtual memory now.
 * Fixed compilation problems on Linux systems with ARM CPU.
 * Fixed a few compatibility problems with 64-bit OpenBSD.
 * Fixed a few typos and minor bugs.


Older releases
--------------
Please consult the blog posts on http://old.blog.phusion.nl/ for the information about older releases.