=== 0.91.1 / 2010-04-19 21:13 UTC This release fixes a denial-of-service vector for deployments exposed directly to untrusted clients. The HTTP parser in Unicorn <= 0.97.0 would trip an assertion (killing the associated worker process) on invalid Content-Length headers instead of raising an exception. Since Rainbows! and Zbatery supports multiple clients per worker process, all clients connected to the worker process that hit the assertion would be aborted. Deployments behind nginx are _not_ affected by this bug, as nginx will reject clients that send invalid Content-Length headers. The status of deployments behind other HTTP-aware proxies is unknown. Deployments behind a non-HTTP-aware proxy (or no proxy at all) are certainly affected by this DoS. Users are strongly encouraged to upgrade as soon as possible, there are no other changes besides this bug fix from Rainbows! 0.91.0 nor Unicorn 0.97.0 This bug affects all previously released versions of Rainbows! and Zbatery. === 0.91.0 / 2010-03-01 10:03 UTC Unicorn 0.97.0 has a bunch of internal cleanups and small fixes and this is mainly to resync with those changes. keepalive_timeout now defaults to 5 seconds (from 2 seconds previous). This should help out clients on slower connections. Some small fixes and cleanups: * Rainbows::Fiber::IO objects may leak if a rare app uses them explicitly with FiberSpawn/FiberPool-only (not RevFiberSpawn) * quiet down ENOTCONN handling, there's nothing we can do about this error so we won't fill our logs with it. === 0.90.2 / 2010-02-13 09:11 UTC This release depends on Unicorn 0.96.1 for an updated Unicorn::HttpParser to avoid leaking memory. The HttpParser in Unicorn <= 0.96.0 did not setup the parser object properly to be freed by the garbage collector. While this bug did not affect Unicorn itself, Rainbows! allocates a new Unicorn::HttpParser object for every new client connection and Unicorn did not properly setup the parser object to be freed by the Ruby garbage collector. There are also minor cosmetic cleanups and fixes: Eric Wong (10): http_response: disallow blank, multi-value headers Fix "rainbows -h" and "rainbows -v" Update docs + tests to reflect Rev 0.3.2 release local.mk.sample: bump Rack dependency Merge branch 'rack-1.1' add Cramp integration tests Rakefile: autoload Gem t/bin/*: encoding should be the first line after shebang gemspec: bump dependency on Unicorn to avoid leak Rainbows! 0.90.2 === 0.90.1 / 2009-12-30 10:24 UTC This release contains minor bugfixes/compatibility improvements for ThreadSpawn, ThreadPool and EventMachine users. Excessive error messages from spurious wakeups using ThreadSpawn/ThreadPool under most platforms are silenced. Only Ruby 1.9 users under Linux were unaffected by this bug. EventMachine users may now use EM::Deferrable objects in responses, vastly improving compatibility with existing async_sinatra apps. === 0.90.0 / 2009-12-22 21:54 UTC This release should fix ThreadSpawn green thread blocking issues under MRI 1.8. Excessive socket closing is avoided when using Thread* models with Sunshowers (or clients disconnecting during uploads). There is a new RevFiberSpawn concurrency model which combines Rev with the traditional FiberSpawn model. === 0.9.0 / 2009-12-13 22:51 UTC This release introduces compatibility with Sunshowers, a library for Web Sockets, see http://rainbows.rubyforge.org/sunshowers for more information. Several small cleanups and fixes. Eric Wong (20): add RevThreadPool to README rev: do not initialize a Rev::Loop in master process rainbows.1: update headers do not log IOError raised during app processing move "async.callback" constant to EvCore larger thread pool default sizes ({Rev,}ThreadPool) ev_core: no need to explicitly close TmpIOs EventMachine: allow usage as a base class NeverBlock: resync with recent our EM-related expansion RevThread*: move warning message to a saner place EventMachineDefer: preliminary (and) broken version TODO: add EM Deferrables RevThread*: remove needless nil assignment README: HTML5 Web Sockets may not be supported, yet... env["hack.io"] for Fiber*, Revactor, Thread* models EventMachineDefer is experimental README: add Sunshowers reference Rakefile: resync with Unicorn doc/comparison: add Web Sockets to comparison README updates === 0.8.0 / 2009-12-02 08:55 UTC This release fixes a memory leak in our existing Revactor concurrency model. A new RevThreadPool concurrency model has been added as well as small cleaups to exit handling in workers. === 0.7.0 / 2009-11-30 04:21 UTC keepalive_timeout (default: 2 seconds) is now supported to disconnect idle connections. Several new concurrency models added include: NeverBlock, FiberSpawn and FiberPool; all of which have only been lightly tested. RevThreadSpawn loses streaming input support to become simpler and faster for the general cases. AppPool middleware is now compatible with all Fiber-based models including Revactor and NeverBlock. A new document gives a summary of all the options we give you: http://rainbows.rubyforge.org/Summary.html If you're using any of the Rev-based concurrency models, the latest iobuffer (0.1.3) gem will improve performance. Also, RevThreadSpawn should become usable under MRI 1.8 with the next release of Rev (0.3.2). === 0.6.0 / 2009-11-15 23:29 UTC Client shutdowns/errors when streaming "rack.input" into the Rack application are quieter now. Rev and EventMachine workers now shutdown correctly when the master dies. Worker processes now fail gracefully if log reopening fails. ThreadSpawn and ThreadPool models now load Unicorn classes in a thread-safe way. There's also an experimental RevThreadSpawn concurrency model which may be heavily reworked in the future... Eric Wong (30): Threaded models have trouble with late loading under 1.9 cleanup worker heartbeat and master deathwatch tests: allow use of alternative sha1 implementations rev/event_machine: simplify keepalive checking a bit tests: sha1.ru now handles empty bodies rev: split out further into separate files for reuse rev: DeferredResponse is independent of parser state remove unnecessary class variable ev_core: cleanup handling of APP constant rev: DeferredResponse: always attach to main loop initial cut of the RevThreadSpawn model rev_thread_spawn/revactor: fix TeeInput for short reads rev_thread_spawn: make 1.9 TeeInput performance tolerable tests: add executable permissions to t0102 tests: extra check to avoid race in reopen logs test rev_thread_spawn: 16K chunked reads work better tests: ensure proper accounting of worker_connections tests: heartbeat-timeout: simplify and avoid possible race tests: ensure we process "START" from FIFO when starting http_response: don't "rescue nil" for body.close cleanup error handling pieces tests: more stringent tests for error handling revactor/tee_input: unnecessary error handling gracefully exit workers if reopening logs fails revactor/tee_input: raise ClientDisconnect on EOFError bump versions since we depend on Unicorn::ClientShutdown revactor/tee_input: share error handling with superclass RevThreadSpawn is still experimental Revert "Threaded models have trouble with late loading under 1.9" Rakefile: add raa_update task === 0.5.0 / 2009-11-05 10:27 UTC We depend on the just-released Unicorn 0.94.0 for the fixed trailer handling. As with `unicorn', the `rainbows' executable now sets and respects ENV["RACK_ENV"]. Also small fixes and cleanups including better FreeBSD 7.2 compatibility and less likely to over-aggressively kill slow/idle workers when a very low timeout is set. Eric Wong (20): rev: split out heartbeat class bump Unicorn dependency to (consistently) pass tests tests: avoid single backquote in echo event_machine: avoid slurping when proxying tests: make timeout tests reliable under 1.9 thread_pool: comment for potential SMP issue under 1.9 Allow 'use "model"' as a string as well as symbol Rev model is the only user of deferred_bodies ev_core: use Tempfile instead of Unicorn::Util::tmpio ev_core: ensure quit is triggered on all errors rainbows: set and use process-wide ENV["RACK_ENV"] http_server: add one second to any requested timeout thread_pool: update fchmod heartbeat every second t0004: tighten up timeout test ev_core: remove Tempfile usage once again cleanup: remove unused t????.ru test files tests: staggered trailer upload test ensure RACK_ENV is inherited from the parent env t0100: more precise `expr` usage === 0.4.0 / 2009-10-27 08:44 UTC Basic single-threaded EventMachine support is now included. It supports async_synatra[1] via the "async.callback" Rack environment[2]. For EventMachine, we rely on the updated attach/watch API in EventMachine 0.12.10. As Revactor 0.1.5 is now available, our Revactor support now depends on it as it adds the ability to listen on UNIX domain sockets. Of course, all dependencies (besides Unicorn and Rack) are soft and only loaded if your configured concurrency model requires it. For developers/QA folks, the integration tests are completely revamped for easier maintenance when new concurrency models are introduced and should also produce TAP-compliant output. The test suite remains highly parallelizable using GNU make. There are immediate plans to expand support for both Rev and EventMachine to support use with threaded application dispatch. Eric Wong (41): rev: remove Revactor-specific workaround README: change ordering of concurrency model listing tests: more correct HTTP/0.9 test test-lib: avoid stalling due to bad FIFO handling rev: fix static file responses under HTTP/0.9 add news bodies to site NEWS.atom.xml tests: avoid needlessly remaking "rainbows" initial EventMachine support tests: hopefully fix stalls in input trailer tests tests: avoid race condition in reopen logs test tests: prefer "RUBY" to lowercased "ruby" tests: common setup and wait_start functions tests: add a TAP producer shell library tests: port all existing tests to TAP library tests: remove symlinks and small files, use Make t9000: bail if run with an unsupported/pointless model tests: allow "make $model" to run tests for that model rev: spell ECONNABORTED correctly rev/evma: move common code for event models into ev_core ev_core: do not drop deferred bodies on graceful quits eventmachine: get basic tests working rev: do not File.expand_path on result of body.to_path eventmachine 0.12.8 passes all tests tests: make large file memory tests more reliable eventmachine: require EM 0.12.10 update gem dependencies in comments/local.mk.sample rev: enforce Rev::VERSION >= 0.3.0 eventmachine: add async_sinatra support tests: only load Revactor tests under 1.9.1 tests: gracefully exit if EventMachine is not available tests: error out if socat + curl aren't reachable thread*: fix MRI 1.8.6 compatibility local.mk.sample: cleanups and minor reorg eventmachine: remove unnecessary ivar assignment eventmachine: document our support of "async_synatra" doc: Update TODO and README tests: generate all dependencies atomically app_pool: update RDoc test-lib: DWIM handling of temp UNIX sockets revactor: require 0.1.5, remove 0.1.4 workarounds gemspec: bump up Unicorn dep version to 0.93.4 [1] http://github.com/raggi/async_sinatra [2] this is not 100% Rack::Lint compatible, but we'll let it slide since there are already folks depending on the async_sinatra gem === 0.3.0 / 2009-10-19 18:21 UTC The major feature of this release is the new DeferredResponse middleware for the Rev-based concurrency model. It should be transparently compatible with non-Rev models, as well. As a pleasant side effect, this change also allows large files to be streamed to the client with Rev as the socket becomes writable instead of slurping the entire file into an IO::Buffer first. Bugfixes to graceful shutdowns support for all concurrency models. The Rev-based model also gets a working heartbeat mechanism (oops!) and fixed HTTP/1.1 pipelining support. Eric Wong (38): app_pool: note it being currently broken with Revactor Revactor tests can sleep more easily tests: sleep.ru handles "Expect: 100-continue" Fix graceful shutdown handling of Thread* models harder DRY setting of rack.multithread test-lib: dbgcat adds headers with key name use timeout correctly to join threads on SIGQUIT Rev: simplification to error handling tests: sleep.ru slurps rack.input stream refactor graceful shutdowns again, harder tests: introduce require_for_model function tests: add unbuffered tee(1)-like helper tests: rack.input trailer tests for all models tests: fix issues with non-portable shell constructs tests: fix random_blob dependency tests: factor out a common parser error "library" tests: DRY setting of the "model" environment var tests: DRY Ruby requires based on model test-lib: quiet down pipefail error message tests: DRY require tests for Rev/Revactor rev: handle fully-buffered, pipelined requests rev: avoid stack overflow through pipelining tests: common basic HTTP tests for all models tests: rack.input hammer concurrency testing tests: for log reopening for all concurrency models http_response: filter out X-Rainbows-* headers rev: fix heartbeat timeouts revactor: switch to a 1 second heartbeat rev: async response bodies with DevFdResponse middleware tests: more reliable error checking tests: DWIM FIFO creation tests: predictable and simpler tempfile management rev: AsyncResponse => DeferredResponse API cleanup rev: update documentation for this model TUNING: update documentation notes TODO: update with new items local.mk.sample: sync with BDFL's version Rainbows! 0.3.0 === 0.2.0 / 2009-10-15 08:01 UTC This release adds preliminary Rev support for network concurrency under Ruby 1.8 and Ruby 1.9. There are caveats to this model and reading the RDoc for Rainbows::Rev is recommended. Rainbows::AppPool Rack middleware is now available to limit application concurrency on a per-process basis independently of network concurrency. See the RDoc for this class for further details. Per-client timeouts have been removed, see http://mid.gmane.org/20091013062602.GA13128@dcvr.yhbt.net for the reasoning. Rack environment changes: * "rack.multithread" is now only true for models with "Thread" in their name. Enabling thread-safe (but not reentrant) code may actually be harmful for Revactor. * "rainbows.model" is now exposed so the application can easily figure out which network concurrency model is in use. Bugfixes include better shutdown and error handling for all existing models, OpenBSD compatibility for the per-process heartbeat (same as found in unicorn v0.93.3). Eric Wong (54): add SIGNALS doc to RDoc SIGNALS: add Rainbows!-specific notes doc: better "Rainbows!" RDoc examples and linkage tests: generate random_blob once for all tests tests: move trash files to their own trash/ directory t0000: basic test includes keepalive + pipelining tests: simplify temporary file management tests: add dbgcat() utility method fchmod heartbeat flips between 0/1 tests: add revactor pipelining/keepalive test thread_spawn: trap EAGAIN on accept_nonblock thread_spawn: more robust loop thread_spawn: non-blocking accept() shouldn't EINTR tests: enable pipefail shell option if possible README for test suite tests: TEST_OPTS => SH_TEST_OPTS tests: update TRACER examples in makefile tests: create a bad exit code by default thread_spawn: clean up nuking of timed-out threads factor out common listen loop error handling graceful exit on trap TypeError from IO.select expand and share init_worker_process revactor: break on EBADF in the accepting actors revactor: cleanups and remove redundancy No need to be halving timeout, already done for us revactor: graceful death of keepalive clients revactor: continue fchmod beat in graceful exit cleanup thread models, threads no longer time out revactor: fix graceful shutdown timeouts Fix graceful shutdowns for threaded models SIGINT/SIGTERM shuts down instantly in workers tests: check for common exceptions with "Error" DEPLOY: update with notes on DoS potential tests: add reopen logs test for revactor vs Unicorn: use diagrams for concurrency models vs Unicorn: fix wording to be consistent with diagrams vs Unicorn: fix copy+paste errors and grammar fail README: alter reply conventions for the mailing list preliminary Rev support local.mk.sample: use ksh93 as default $(SHELL) rack.multithread is only true for Thread* models Rev: general module documentation + caveats Rev: fix error handling for parser errors t3003: set executable bit documentation updates (mostly on network models) rack: expose "rainbows.model" in Rack environment tests: enforce rack.multithread and rainbows.model README: update URLs README: update with Rev model caveats Add Rainbows::AppPool Rack middleware t4003: chmod +x local.mk.sample: use rev 0.3.1 instead README: link to AppPool and extra note about Rev model Rainbows! 0.2.0 === 0.1.1 / 2009-10-06 03:51 UTC Fixed Ruby 1.8 support (and all 1.9 systems without Revactor). Process-wide timeout handling for the ThreadSpawn concurrency model should now work properly. Small cleanups everywhere. Eric Wong (16): Rakefile: add publish_news target Fix NEWS generation on single-paragraph tag messages README: move RDoc links down to fix gem description README: add install instructions summary: s/slow apps/sleepy apps/g Avoid naming names in LICENSE/README files rainbows/base: cleanup constant include tests: quiet down bin installation Add top-level "test" target for make local.mk.sample: sync to my current version tests: allow "make V=2" to set TEST_OPTS += -x cleanup temporary file usage in tests local.mk.sample: fix revactor dependency Thread* models: cleanup timeout management thread_spawn: fix timeout leading to worker death less error-prone timeouts for Thread models === 0.1.0 / 2009-10-05 10:44 UTC Initial release This release is currently highly experimental and is still missing a lot of test coverage.