jun-puma 1.0.0-java → 1.0.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e6683b8acec0bb81cd1bf2f4a232e6944fe3a89e214c8d4956a28862042249e5
-  data.tar.gz: 3a9dec8bfe42969355a323f4aa7a84624d6e3dd363d5367a25393e33892c09ed
+  metadata.gz: 0f07d6ca63cbdbe816c25b8c6abd651bbbbef00f7306f13301f1975b2ec726e3
+  data.tar.gz: 39b63d4115cb66dc290a43593f37e4a2efa1901c1359edad4e7ffd2650771395
 SHA512:
-  metadata.gz: b4137d5ade45a5e7c86886ac9e3fd775e39311371530b702413d7fb6715f3db02fbb57e920e3be03196de7c29621a66fd448b8473a13ec548b2a6b25adf994d2
-  data.tar.gz: e7be8a01d20f2baa4c52eb11f014a1a4d0f8335d3534bd59f419b8230ba0e26dfa4dcdadd1be7e220880804514205cb16979be45b21fca3f7e5f51eea6033b06
+  metadata.gz: 5fe0f30ad119052885c8dea934f836631f056e5d41d6b4790d15f991e6ed86c37fbc757abf88194d619065b55a633287afa2dd686aac0d3cdab803545580d08d
+  data.tar.gz: 6ef6f27d740b44717ed185013faccfc7d75f963dec165b2e7befc6c41e993fc54ef681691d4f1f969ff35e6852d4831fcf6cec6ce30fffdf2032101e91af2bd0

data/History.md

@@ -1,42 +1,20 @@
-## 6.4.3 / 2024-09-19
-
-* Security
-  * Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). ([CVE-2024-45614](https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4)/GHSA-9hf4-67fc-4vf4)
-
-## 6.4.2 / 2024-01-08
-
-* Security
-  * Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. ([GHSA-c2f4-cvqm-65w2](https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2))
-
-## 6.4.1 / 2024-01-03
+## 6.4.1 / 2023-10-18
 
 * Bugfixes
   * DSL#warn_if_in_single_mode - fixup when workers set via CLI ([#3256])
-  * Fix `idle-timeout` not working in cluster mode ([#3235], [#3228], [#3282], [#3283])
+  * Fix `idle-timeout` not working in cluster mode ([#3235], [#3228])
   * Fix worker 0 timing out during phased restart ([#3225], [#2786])
   * context_builder.rb - require openssl if verify_mode != 'none' ([#3179])
-  * Make puma cluster process suitable as PID 1 ([#3255])
-  * Improve Puma::NullIO consistency with real IO ([#3276])
-  * extconf.rb - fixup to detect openssl info in Ruby build ([#3271], [#3266])
-  * MiniSSL.java - set serialVersionUID, fix RaiseException deprecation ([#3270])
-  * dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set ([#3265], [#3264])
+  * Fix bug in tests re: TestPuma::HOST4 ([#3254])
 
 * Maintenance
   * LOTS of test refactoring to make tests more stable and easier to write - thanks to @MSP-Greg!
-  * Fix bug in tests re: TestPuma::HOST4 ([#3254])
-  * Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed ([#3245])
-  * fix define_method calls, use Symbol parameter instead of String ([#3293])
-
-* Docs
-  * README.md - add the puma-acme plugin ([#3301])
-  * Remove `--keep-file-descriptors` flag from systemd docs ([#3248])
-  * Note symlink mechanism in restart documentation for hot restart ([#3298])
 
 ## 6.4.0 / 2023-09-21
 
 * Features
   * on_thread_exit hook ([#2920])
-  * on_thread_start_hook ([#3195])
+  * on_thread_start_hook ([#3195]) 
   * Shutdown on idle ([#3209], [#2580])
   * New error message when control server port taken ([#3204])
 
@@ -46,13 +24,13 @@
 
 * Bugfixes
   * Bring the cert_pem: parameter into parity with the cert: parameter to ssl_bind. ([#3174])
-  * Fix using control server with IPv6 host ([#3181])
+  * Fix using control server with IPv6 host ([#3181]) 
   * control_cli.rb - add require_relative 'log_writer' ([#3187])
   * Fix cases where fallback Rack response wasn't sent to the client ([#3094])
-
+  
 ## 6.3.1 / 2023-08-18
 
-* Security
+* Security 
   * Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields ([GHSA-68xg-gqqm-vgj8](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8))
 
 ## 6.3.0 / 2023-05-31
@@ -126,12 +104,12 @@
   * Refactor const.rb - freeze ([#3016])
 
 ## 6.0.1 / 2022-12-20
-
+ 
 * Bugfixes
   * Handle waking up a closed selector in Reactor#add ([#3005])
   * Fixup response processing, enumerable bodies ([#3004], [#3000])
   * Correctly close app body for all code paths ([#3002], [#2999])
-* Refactor
+* Refactor 
   * Add IOBuffer to Client, remove from ThreadPool thread instances ([#3013])
 
 ## 6.0.0 / 2022-10-14
@@ -160,12 +138,12 @@
   * Allow header values to be arrays (Rack 3) ([#2936], [#2931])
   * Export Puma/Ruby versions in /stats ([#2875])
   * Allow configuring request uri max length & request path max length ([#2840])
-  * Add a couple of public accessors ([#2774])
+  * Add a couple of public accessors ([#2774]) 
   * Log entire backtrace when worker start fails ([#2891])
   * [jruby] Enable TLSv1.3 support ([#2886])
   * [jruby] support setting TLS protocols + rename ssl_cipher_list ([#2899])
   * [jruby] Support a truststore option ([#2849], [#2904], [#2884])
-
+  
 * Bugfixes
   * Load the configuration before passing it to the binder ([#2897])
   * Do not raise error raised on HTTP methods we don't recognize or support, like CONNECT ([#2932], [#1441])
@@ -178,22 +156,9 @@
   * Ruby 3.2 will have native IO#wait_* methods, don't require io/wait ([#2903])
   * Various internal API refactorings ([#2942], [#2921], [#2922], [#2955])
 
-## 5.6.9 / 2024-09-19
-
-* Security
-  * Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). ([CVE-2024-45614](https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4)/GHSA-9hf4-67fc-4vf4)
-* JRuby
-  * Must use at least Java >= 9 to compile. You can no longer build from source on Java 8.
-
-
-## 5.6.8 / 2024-01-08
-
-* Security
-  * Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. ([GHSA-c2f4-cvqm-65w2](https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2))
-
 ## 5.6.7 / 2023-08-18
 
-* Security
+* Security 
   * Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields ([GHSA-68xg-gqqm-vgj8](https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8))
 
 ## 5.6.6 / 2023-06-21
@@ -2079,24 +2044,10 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#3256]:https://github.com/puma/puma/pull/3256     "PR by @MSP-Greg, merged 2023-10-16"
 [#3235]:https://github.com/puma/puma/pull/3235     "PR by @joshuay03, merged 2023-10-03"
 [#3228]:https://github.com/puma/puma/issues/3228   "Issue by @davidalejandroaguilar, closed 2023-10-03"
-[#3282]:https://github.com/puma/puma/issues/3282   "Issue by @bensheldon, closed 2024-01-02"
-[#3283]:https://github.com/puma/puma/pull/3283     "PR by @joshuay03, merged 2024-01-02"
 [#3225]:https://github.com/puma/puma/pull/3225     "PR by @joshuay03, merged 2023-09-27"
 [#2786]:https://github.com/puma/puma/issues/2786   "Issue by @vitiokss, closed 2023-09-27"
 [#3179]:https://github.com/puma/puma/pull/3179     "PR by @MSP-Greg, merged 2023-09-26"
-[#3255]:https://github.com/puma/puma/pull/3255     "PR by @casperisfine, merged 2023-10-19"
-[#3276]:https://github.com/puma/puma/pull/3276     "PR by @casperisfine, merged 2023-11-16"
-[#3271]:https://github.com/puma/puma/pull/3271     "PR by @MSP-Greg, merged 2023-10-30"
-[#3266]:https://github.com/puma/puma/issues/3266   "Issue by @Dragonicity, closed 2023-10-30"
-[#3270]:https://github.com/puma/puma/pull/3270     "PR by @MSP-Greg, merged 2023-10-30"
-[#3265]:https://github.com/puma/puma/pull/3265     "PR by @MSP-Greg, merged 2023-10-25"
-[#3264]:https://github.com/puma/puma/issues/3264   "Issue by @dentarg, closed 2023-10-25"
 [#3254]:https://github.com/puma/puma/pull/3254     "PR by @casperisfine, merged 2023-10-11"
-[#3245]:https://github.com/puma/puma/pull/3245     "PR by @olleolleolle, merged 2023-10-02"
-[#3293]:https://github.com/puma/puma/pull/3293     "PR by @MSP-Greg, merged 2023-12-21"
-[#3301]:https://github.com/puma/puma/pull/3301     "PR by @benburkert, merged 2023-12-29"
-[#3248]:https://github.com/puma/puma/pull/3248     "PR by @dentarg, merged 2023-10-04"
-[#3298]:https://github.com/puma/puma/pull/3298     "PR by @til, merged 2023-12-26"
 [#2920]:https://github.com/puma/puma/pull/2920     "PR by @biinari, merged 2023-07-11"
 [#3195]:https://github.com/puma/puma/pull/3195     "PR by @binarygit, merged 2023-08-15"
 [#3209]:https://github.com/puma/puma/pull/3209     "PR by @joshuay03, merged 2023-09-04"
@@ -2281,7 +2232,7 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#2563]:https://github.com/puma/puma/pull/2563     "PR by @MSP-Greg, merged 2021-03-06"
 [#2504]:https://github.com/puma/puma/issues/2504   "Issue by @fsateler, closed 2021-03-06"
 [#2591]:https://github.com/puma/puma/pull/2591     "PR by @MSP-Greg, merged 2021-05-05"
-[#2572]:https://github.com/puma/puma/issues/2572   "Issue by @josef-krabath, closed 2021-05-05"
+[#2572]:https://github.com/puma/puma/issues/2572   "Issue by @josefbilendo, closed 2021-05-05"
 [#2613]:https://github.com/puma/puma/pull/2613     "PR by @smcgivern, merged 2021-04-27"
 [#2605]:https://github.com/puma/puma/pull/2605     "PR by @pascalbetz, merged 2021-04-26"
 [#2584]:https://github.com/puma/puma/issues/2584   "Issue by @kaorihinata, closed 2021-04-26"
@@ -2597,7 +2548,7 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#1110]:https://github.com/puma/puma/pull/1110     "PR by @montdidier, merged 2016-12-12"
 [#1135]:https://github.com/puma/puma/pull/1135     "PR by @jkraemer, merged 2016-11-19"
 [#1081]:https://github.com/puma/puma/pull/1081     "PR by @frodsan, merged 2016-09-08"
-[#1138]:https://github.com/puma/puma/pull/1138     "PR by @skull-squadron, merged 2016-12-13"
+[#1138]:https://github.com/puma/puma/pull/1138     "PR by @steakknife, merged 2016-12-13"
 [#1118]:https://github.com/puma/puma/pull/1118     "PR by @hiroara, merged 2016-11-20"
 [#1075]:https://github.com/puma/puma/issues/1075   "Issue by @pvalena, closed 2016-09-06"
 [#932]:https://github.com/puma/puma/issues/932     "Issue by @everplays, closed 2016-07-24"

data/README.md

@@ -12,7 +12,7 @@ Puma is a **simple, fast, multi-threaded, and highly parallel HTTP 1.1 server fo
 
 ## Built For Speed & Parallelism
 
-Puma is a server for [Rack](https://github.com/rack/rack)-powered HTTP applications written in Ruby.  It is:
+Puma is a server for [Rack](https://github.com/rack/rack)-powered HTTP applications written in Ruby.  It is: 
 * **Multi-threaded**. Each request is served in a separate thread. This helps you serve more requests per second with less memory use.
 * **Multi-process**. "Pre-forks" in cluster mode, using less memory per-process thanks to copy-on-write memory.
 * **Standalone**. With SSL support, zero-downtime rolling restarts and a built-in request bufferer, you can deploy Puma without any reverse proxy.
@@ -138,93 +138,51 @@ preload_app!
 
 Preloading can’t be used with phased restart, since phased restart kills and restarts workers one-by-one, and preloading copies the code of master into the workers.
 
-#### Clustered mode hooks
-
-When using clustered mode, Puma's configuration DSL provides `before_fork` and `on_worker_boot`
-hooks to run code when the master process forks and child workers are booted respectively.
-
-It is recommended to use these hooks with `preload_app!`, otherwise constants loaded by your
-application (such as `Rails`) will not be available inside the hooks.
+When using clustered mode, you can specify a block in your configuration file that will be run on boot of each worker:
 
 ```ruby
 # config/puma.rb
-before_fork do
-  # Add code to run inside the Puma master process before it forks a worker child.
-end
-
 on_worker_boot do
-  # Add code to run inside the Puma worker process after forking.
+  # configuration here
 end
 ```
 
-In addition, there is an `on_refork` hook which is used only in [`fork_worker` mode](docs/fork_worker.md),
-when the worker 0 child process forks a grandchild worker:
+This code can be used to setup the process before booting the application, allowing
+you to do some Puma-specific things that you don't want to embed in your application.
+For instance, you could fire a log notification that a worker booted or send something to statsd. This can be called multiple times.
+
+Constants loaded by your application (such as `Rails`) will not be available in `on_worker_boot`
+unless preloading is enabled.
+
+You can also specify a block to be run before workers are forked, using `before_fork`:
 
 ```ruby
-on_refork do
-  # Used only when fork_worker mode is enabled. Add code to run inside the Puma worker 0
-  # child process before it forks a grandchild worker.
+# config/puma.rb
+before_fork do
+  # configuration here
 end
 ```
 
-Importantly, note the following considerations when Ruby forks a child process: 
-
-1. File descriptors such as network sockets **are** copied from the parent to the forked
-   child process. Dual-use of the same sockets by parent and child will result in I/O conflicts
-   such as `SocketError`, `Errno::EPIPE`, and `EOFError`.
-2. Background Ruby threads, including threads used by various third-party gems for connection
-   monitoring, etc., are **not** copied to the child process. Often this does not cause
-   immediate problems until a third-party connection goes down, at which point there will
-   be no supervisor to reconnect it.
-
-Therefore, we recommend the following:
-
-1. If possible, do not establish any socket connections (HTTP, database connections, etc.)
-   inside Puma's master process when booting.
-2. If (1) is not possible, use `before_fork` and `on_refork` to disconnect the parent's socket
-   connections when forking, so that they are not accidentally copied to the child process.
-3. Use `on_worker_boot` to restart any background threads on the forked child.
-
-#### Master process lifecycle hooks
-
-Puma's configuration DSL provides master process lifecycle hooks `on_booted`, `on_restart`, and `on_stopped`
-which may be used to specify code blocks to run on each event:
+You can also specify a block to be run after puma is booted using `on_booted`:
 
 ```ruby
 # config/puma.rb
 on_booted do
-  # Add code to run in the Puma master process after it boots,
-  # and also after a phased restart completes.
-end
-
-on_restart do
-  # Add code to run in the Puma master process when it receives
-  # a restart command but before it restarts.
-end
-
-on_stopped do
-  # Add code to run in the Puma master process when it receives
-  # a stop command but before it shuts down.
+  # configuration here
 end
 ```
 
 ### Error handling
 
-If Puma encounters an error outside of the context of your application, it will respond with a 400/500 and a simple
+If puma encounters an error outside of the context of your application, it will respond with a 500 and a simple
 textual error message (see `Puma::Server#lowlevel_error` or [server.rb](https://github.com/puma/puma/blob/master/lib/puma/server.rb)).
 You can specify custom behavior for this scenario. For example, you can report the error to your third-party
 error-tracking service (in this example, [rollbar](https://rollbar.com)):
 
 ```ruby
-lowlevel_error_handler do |e, env, status|
-  if status == 400
-    message = "The server could not process the request due to an error, such as an incorrectly typed URL, malformed syntax, or a URL that contains illegal characters.\n"
-  else
-    message = "An error has occurred, and engineers have been informed. Please reload the page. If you continue to have problems, contact support@example.com\n"
-    Rollbar.critical(e)
-  end
-
-  [status, {}, [message]]
+lowlevel_error_handler do |e|
+  Rollbar.critical(e)
+  [500, {}, ["An error has occurred, and engineers have been informed. Please reload the page. If you continue to have problems, contact support@example.com\n"]]
 end
 ```
 
@@ -291,7 +249,7 @@ $ puma -b ssl://localhost:9292 -b tcp://localhost:9393 -C config/use_local_host.
 
 #### Controlling SSL Cipher Suites
 
-To use or avoid specific SSL ciphers for TLSv1.2 and below, use `ssl_cipher_filter` or `ssl_cipher_list` options.
+To use or avoid specific SSL cipher suites, use `ssl_cipher_filter` or `ssl_cipher_list` options.
 
 ##### Ruby:
 
@@ -305,14 +263,6 @@ $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ssl_cipher_fil
 $ puma -b 'ssl://127.0.0.1:9292?keystore=path_to_keystore&keystore-pass=keystore_password&ssl_cipher_list=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA'
 ```
 
-To configure the available TLSv1.3 ciphersuites, use `ssl_ciphersuites` option (not available for JRuby).
-
-##### Ruby:
-
-```
-$ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&ssl_ciphersuites=TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256'
-```
-
 See https://www.openssl.org/docs/man1.1.1/man1/ciphers.html for cipher filter format and full list of cipher suites.
 
 Disable TLS v1 with the `no_tlsv1` option:
@@ -329,7 +279,7 @@ To enable verification flags offered by OpenSSL, use `verification_flags` (not a
 $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&verification_flags=PARTIAL_CHAIN'
 ```
 
-You can also set multiple verification flags (by separating them with a comma):
+You can also set multiple verification flags (by separating them with coma):
 
 ```
 $ puma -b 'ssl://127.0.0.1:9292?key=path_to_key&cert=path_to_cert&verification_flags=PARTIAL_CHAIN,CRL_CHECK'
@@ -460,7 +410,6 @@ Community guides:
 * [puma-plugin-statsd](https://github.com/yob/puma-plugin-statsd) — send Puma metrics to statsd
 * [puma-plugin-systemd](https://github.com/sj26/puma-plugin-systemd) — deeper integration with systemd for notify, status and watchdog. Puma 5.1.0 integrated notify and watchdog, which probably conflicts with this plugin. Puma 6.1.0 added status support which obsoletes the plugin entirely.
 * [puma-plugin-telemetry](https://github.com/babbel/puma-plugin-telemetry) - telemetry plugin for Puma offering various targets to publish
-* [puma-acme](https://github.com/anchordotdev/puma-acme) - automatic SSL/HTTPS certificate provisioning and setup
 
 ### Monitoring
 

data/docs/fork_worker.md

@@ -22,14 +22,10 @@ The `fork_worker` option allows your application to be initialized only once for
 
    You can trigger a refork by sending the cluster the `SIGURG` signal or running the `pumactl refork` command at any time. A refork will also automatically trigger once, after a certain number of requests have been processed by worker 0 (default 1000). To configure the number of requests before the auto-refork, pass a positive integer argument to `fork_worker` (e.g., `fork_worker 1000`), or `0` to disable.
 
-### Usage Considerations
-
-- `fork_worker` introduces a new `on_refork` configuration hook. If you were using the `before_fork` hook previously, we generally recommend to copy its logic to `on_refork`. Note that `fork_worker` triggers the `before_fork` configuration hook *only* when initially forking the master process to worker 0, and triggers the `on_refork` hook on all subsequent forks from worker 0 to additional workers.
-
 ### Limitations
 
 - This mode is still very experimental so there may be bugs or edge-cases, particularly around expected behavior of existing hooks. Please open a [bug report](https://github.com/puma/puma/issues/new?template=bug_report.md) if you encounter any issues.
 
 - In order to fork new workers cleanly, worker 0 shuts down its server and stops serving requests so there are no open file descriptors or other kinds of shared global state between processes, and to maximize copy-on-write efficiency across the newly-forked workers. This may temporarily reduce total capacity of the cluster during a phased restart / refork.
 
-- In a cluster with `n` workers, a normal phased restart stops and restarts workers one by one while the application is loaded in each process, so `n-1` workers are available serving requests during the restart. In a phased restart in fork-worker mode, the application is first loaded in worker 0 while `n-1` workers are available, then worker 0 remains stopped while the rest of the workers are reloaded one by one, leaving only `n-2` workers to be available for a brief period of time. Reloading the rest of the workers should be quick because the application is preloaded at that point, but there may be situations where it can take longer (slow clients, long-running application code, slow worker-fork hooks, etc).
+  In a cluster with `n` workers, a normal phased restart stops and restarts workers one by one while the application is loaded in each process, so `n-1` workers are available serving requests during the restart. In a phased restart in fork-worker mode, the application is first loaded in worker 0 while `n-1` workers are available, then worker 0 remains stopped while the rest of the workers are reloaded one by one, leaving only `n-2` workers to be available for a brief period of time. Reloading the rest of the workers should be quick because the application is preloaded at that point, but there may be situations where it can take longer (slow clients, long-running application code, slow worker-fork hooks, etc).

data/docs/restart.md

@@ -27,7 +27,6 @@ Any of the following will cause a Puma server to perform a hot restart:
 
 ### Additional notes
 
-* The newly started Puma process changes its current working directory to the directory specified by the `directory` option. If `directory` is set to symlink, this is automatically re-evaluated, so this mechanism can be used to upgrade the application.
 * Only one version of the application is running at a time.
 * `on_restart` is invoked just before the server shuts down. This can be used to clean up resources (like long-lived database connections) gracefully. Since Ruby 2.0, it is not typically necessary to explicitly close file descriptors on restart. This is because any file descriptor opened by Ruby will have the `FD_CLOEXEC` flag set, meaning that file descriptors are closed on `exec`. `on_restart` is useful, though, if your application needs to perform any more graceful protocol-specific shutdown procedures before closing connections.
 

data/docs/signals.md

@@ -17,13 +17,13 @@ $ ps aux | grep tail
 schneems        87152   0.0  0.0  2432772    492 s032  S+   12:46PM   0:00.00 tail -f my.log
 ```
 
-You can send a signal in Ruby using the [Process module](https://ruby-doc.org/3.2.2/Process.html#method-c-kill):
+You can send a signal in Ruby using the [Process module](https://www.ruby-doc.org/core-2.1.1/Process.html#kill-method):
 
 ```
 $ irb
 > puts pid
 => 87152
-Process.detach(pid) # https://ruby-doc.org/3.2.2/Process.html#method-c-detach
+Process.detach(pid) # https://ruby-doc.org/core-2.1.1/Process.html#method-c-detach
 Process.kill("TERM", pid)
 ```
 

data/docs/systemd.md

@@ -99,11 +99,9 @@ ListenStream=0.0.0.0:9293
 # ListenStream=/run/puma.sock
 
 # Socket options matching Puma defaults
+NoDelay=true
 ReusePort=true
 Backlog=1024
-# Enable this if you're using Puma with the "low_latency" option, read more in Puma DSL docs and systemd docs:
-# https://www.freedesktop.org/software/systemd/man/latest/systemd.socket.html#NoDelay=
-# NoDelay=true
 
 [Install]
 WantedBy=sockets.target
@@ -241,13 +239,6 @@ cap $stage puma:start --dry-run
 cap $stage puma:stop  --dry-run
 ~~~~
 
-### Disabling Puma Systemd Integration
-
-If you would like to disable Puma's systemd integration, for example if you handle it elsewhere
-in your code yourself, simply set the the environment variable `PUMA_SKIP_SYSTEMD` to any value.
-
-
-
 [Restart]: https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
 [#1367]: https://github.com/puma/puma/issues/1367
 [#1499]: https://github.com/puma/puma/issues/1499

data/ext/puma_http11/extconf.rb

@@ -10,13 +10,14 @@ end
 
 unless ENV["PUMA_DISABLE_SSL"]
   # don't use pkg_config('openssl') if '--with-openssl-dir' is used
-  has_openssl_dir = dir_config('openssl').any? ||
-    RbConfig::CONFIG['configure_args']&.include?('openssl')
-
-  found_pkg_config = !has_openssl_dir && pkg_config('openssl')
+  has_openssl_dir = dir_config('openssl').any?
+  # macOS TruffleRuby problem
+  found_pkg_config = RUBY_ENGINE == 'truffleruby' &&
+      RUBY_PLATFORM.include?('darwin') && ENV['GITHUB_ACTIONS'] == 'true' ?
+    false : !has_openssl_dir && pkg_config('openssl')
 
   found_ssl = if !$mingw && found_pkg_config
-    puts '──── Using OpenSSL pkgconfig (openssl.pc) ────'
+    puts 'using OpenSSL pkgconfig (openssl.pc)'
     true
   elsif have_library('libcrypto', 'BIO_read') && have_library('libssl', 'SSL_CTX_new')
     true
@@ -31,27 +32,22 @@ unless ENV["PUMA_DISABLE_SSL"]
   if found_ssl
     have_header "openssl/bio.h"
 
-    ssl_h = "openssl/ssl.h".freeze
-
-    puts "\n──── Below are yes for 1.0.2 & later ────"
-    have_func "DTLS_method"                            , ssl_h
-    have_func "SSL_CTX_set_session_cache_mode(NULL, 0)", ssl_h
-
-    puts "\n──── Below are yes for 1.1.0 & later ────"
-    have_func "TLS_server_method"                      , ssl_h
-    have_func "SSL_CTX_set_min_proto_version(NULL, 0)" , ssl_h
+    # below is  yes for 1.0.2 & later
+    have_func "DTLS_method"                            , "openssl/ssl.h"
+    have_func "SSL_CTX_set_session_cache_mode(NULL, 0)", "openssl/ssl.h"
 
-    puts "\n──── Below is yes for 1.1.0 and later, but isn't documented until 3.0.0 ────"
-    # https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L1159
-    have_func "SSL_CTX_set_dh_auto(NULL, 0)"           , ssl_h
+    # below are yes for 1.1.0 & later
+    have_func "TLS_server_method"                      , "openssl/ssl.h"
+    have_func "SSL_CTX_set_min_proto_version(NULL, 0)" , "openssl/ssl.h"
 
-    puts "\n──── Below is yes for 1.1.1 & later ────"
-    have_func "SSL_CTX_set_ciphersuites(NULL, \"\")"   , ssl_h
+    have_func "X509_STORE_up_ref"
+    have_func "SSL_CTX_set_ecdh_auto(NULL, 0)"         , "openssl/ssl.h"
 
-    puts "\n──── Below is yes for 3.0.0 & later ────"
-    have_func "SSL_get1_peer_certificate"              , ssl_h
+    # below exists in 1.1.0 and later, but isn't documented until 3.0.0
+    have_func "SSL_CTX_set_dh_auto(NULL, 0)"           , "openssl/ssl.h"
 
-    puts ''
+    # below is yes for 3.0.0 & later
+    have_func "SSL_get1_peer_certificate"              , "openssl/ssl.h"
 
     # Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0
     if Random.respond_to?(:bytes)

data/ext/puma_http11/mini_ssl.c

@@ -229,7 +229,7 @@ VALUE
 sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
   SSL_CTX* ctx;
   int ssl_options;
-  VALUE key, cert, ca, verify_mode, ssl_cipher_filter, ssl_ciphersuites, no_tlsv1, no_tlsv1_1,
+  VALUE key, cert, ca, verify_mode, ssl_cipher_filter, no_tlsv1, no_tlsv1_1,
     verification_flags, session_id_bytes, cert_pem, key_pem, key_password_command, key_password;
   BIO *bio;
   X509 *x509 = NULL;
@@ -269,8 +269,6 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
 
   ssl_cipher_filter = rb_funcall(mini_ssl_ctx, rb_intern_const("ssl_cipher_filter"), 0);
 
-  ssl_ciphersuites = rb_funcall(mini_ssl_ctx, rb_intern_const("ssl_ciphersuites"), 0);
-
   no_tlsv1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1"), 0);
 
   no_tlsv1_1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1_1"), 0);
@@ -446,14 +444,6 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
     SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
   }
 
-#if HAVE_SSL_CTX_SET_CIPHERSUITES
-  // Only override OpenSSL default ciphersuites if config option is supplied.
-  if (!NIL_P(ssl_ciphersuites)) {
-    StringValue(ssl_ciphersuites);
-    SSL_CTX_set_ciphersuites(ctx, RSTRING_PTR(ssl_ciphersuites));
-  }
-#endif
-
 #if OPENSSL_VERSION_NUMBER < 0x10002000L
   // Remove this case if OpenSSL 1.0.1 (now EOL) support is no longer needed.
   ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
@@ -556,7 +546,7 @@ NORETURN(void raise_error(SSL* ssl, int result));
 
 void raise_error(SSL* ssl, int result) {
   char buf[512];
-  char msg[768];
+  char msg[512];
   const char* err_str;
   int err = errno;
   int mask = 4095;

data/ext/puma_http11/org/jruby/puma/Http11.java

@@ -99,8 +99,6 @@ public class Http11 extends RubyObject {
             int bite = b.get(i) & 0xFF;
             if(bite == '-') {
                 b.set(i, (byte)'_');
-            } else if(bite == '_') {
-                b.set(i, (byte)',');
             } else {
                 b.set(i, (byte)Character.toUpperCase(bite));
             }

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -47,7 +47,6 @@ import static javax.net.ssl.SSLEngineResult.Status;
 import static javax.net.ssl.SSLEngineResult.HandshakeStatus;
 
 public class MiniSSL extends RubyObject { // MiniSSL::Engine
-  private static final long serialVersionUID = -6903439483039141234L;
   private static ObjectAllocator ALLOCATOR = new ObjectAllocator() {
     public IRubyObject allocate(Ruby runtime, RubyClass klass) {
       return new MiniSSL(runtime, klass);
@@ -501,7 +500,7 @@ public class MiniSSL extends RubyObject { // MiniSSL::Engine
   }
 
   private static RaiseException newError(Ruby runtime, RubyClass errorClass, String message, Throwable cause) {
-    RaiseException ex = RaiseException.from(runtime, errorClass, message);
+    RaiseException ex = new RaiseException(runtime, errorClass, message, true);
     ex.initCause(cause);
     return ex;
   }

data/ext/puma_http11/puma_http11.c

@@ -461,9 +461,6 @@ void Init_mini_ssl(VALUE mod);
 
 void Init_puma_http11(void)
 {
-#ifdef HAVE_RB_EXT_RACTOR_SAFE
-  rb_ext_ractor_safe(true);
-#endif
 
   VALUE mPuma = rb_define_module("Puma");
   VALUE cHttpParser = rb_define_class_under(mPuma, "HttpParser", rb_cObject);

data/lib/puma/binder.rb

@@ -19,14 +19,13 @@ module Puma
 
     RACK_VERSION = [1,6].freeze
 
-    def initialize(log_writer, conf = Configuration.new, env: ENV)
+    def initialize(log_writer, conf = Configuration.new)
       @log_writer = log_writer
       @conf = conf
       @listeners = []
       @inherited_fds = {}
       @activated_sockets = {}
       @unix_paths = []
-      @env = env
 
       @proto_env = {
         "rack.version".freeze => RACK_VERSION,
@@ -35,7 +34,7 @@ module Puma
         "rack.multiprocess".freeze => conf.options[:workers] >= 1,
         "rack.run_once".freeze => false,
         RACK_URL_SCHEME => conf.options[:rack_url_scheme],
-        "SCRIPT_NAME".freeze => env['SCRIPT_NAME'] || "",
+        "SCRIPT_NAME".freeze => ENV['SCRIPT_NAME'] || "",
 
         # I'd like to set a default CONTENT_TYPE here but some things
         # depend on their not being a default set and inferring
@@ -88,7 +87,7 @@ module Puma
     # @version 5.0.0
     #
     def create_activated_fds(env_hash)
-      @log_writer.debug "ENV['LISTEN_FDS'] #{@env['LISTEN_FDS'].inspect}  env_hash['LISTEN_PID'] #{env_hash['LISTEN_PID'].inspect}"
+      @log_writer.debug "ENV['LISTEN_FDS'] #{ENV['LISTEN_FDS'].inspect}  env_hash['LISTEN_PID'] #{env_hash['LISTEN_PID'].inspect}"
       return [] unless env_hash['LISTEN_FDS'] && env_hash['LISTEN_PID'].to_i == $$
       env_hash['LISTEN_FDS'].to_i.times do |index|
         sock = TCPServer.for_fd(socket_activation_fd(index))
@@ -184,7 +183,7 @@ module Puma
             io = inherit_unix_listener path, fd
             log_writer.log "* Inherited #{str}"
           elsif sock = @activated_sockets.delete([ :unix, path ]) ||
-              !abstract && @activated_sockets.delete([ :unix, File.realdirpath(path) ])
+              @activated_sockets.delete([ :unix, File.realdirpath(path) ])
             @unix_paths << path unless abstract || File.exist?(path)
             io = inherit_unix_listener path, sock
             log_writer.log "* Activated #{str}"

data/lib/puma/cli.rb

@@ -24,7 +24,7 @@ module Puma
     # Create a new CLI object using +argv+ as the command line
     # arguments.
     #
-    def initialize(argv, log_writer = LogWriter.stdio, events = Events.new, env: ENV)
+    def initialize(argv, log_writer = LogWriter.stdio, events = Events.new)
       @debug = false
       @argv = argv.dup
       @log_writer = log_writer
@@ -39,7 +39,7 @@ module Puma
       @control_url = nil
       @control_options = {}
 
-      setup_options env
+      setup_options
 
       begin
         @parser.parse! @argv
@@ -63,7 +63,7 @@ module Puma
         end
       end
 
-      @launcher = Puma::Launcher.new(@conf, env: ENV, log_writer: @log_writer, events: @events, argv: argv)
+      @launcher = Puma::Launcher.new(@conf, :log_writer => @log_writer, :events => @events, :argv => argv)
     end
 
     attr_reader :launcher
@@ -92,8 +92,8 @@ module Puma
     # Build the OptionParser object to handle the available options.
     #
 
-    def setup_options(env = ENV)
-      @conf = Configuration.new({}, {events: @events}, env) do |user_config, file_config|
+    def setup_options
+      @conf = Configuration.new({}, {events: @events}) do |user_config, file_config|
         @parser = OptionParser.new do |o|
           o.on "-b", "--bind URI", "URI to bind to (tcp://, unix://, ssl://)" do |arg|
             user_config.bind arg
@@ -157,10 +157,6 @@ module Puma
             user_config.pidfile arg
           end
 
-          o.on "--plugin PLUGIN", "Load the given PLUGIN. Can be used multiple times to load multiple plugins." do |arg|
-            user_config.plugin arg
-          end
-
           o.on "--preload", "Preload the app. Cluster mode only" do
             user_config.preload_app!
           end