puma 6.0.0 → 6.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c8a1a6014d9e1130e8ba06d5f74d472216448df3dbce4c15c4c24c91fbfe5e30
-  data.tar.gz: f1be3485e37cd230f6c35854aeb959ffeab1dac0162bf482799a4755222bc498
+  metadata.gz: 1df130ccb43143b23de48c5dc2f0890165e078eba4f09432b0a73411b5b54a94
+  data.tar.gz: e562fc40625877488fd13719e9620f2401394a33a74bee46e5a4731becfab6ae
 SHA512:
-  metadata.gz: bbdd201a97e5dffccbbb8d8f336693746b87763313422a94ac21f73641ca712b9d2461051cc0bd02771b51af606ce595c2dd09bff0c716146cf9ac56e7ae51f4
-  data.tar.gz: e378848b22d1139559edd6736a9164a5cd98064c6232f0b2cc108122f79c93429ec33b156baa17e6ff82e9b3c77dbddbd22b2a0525a16f749129cf6f70c006da
+  metadata.gz: e436db46a9761b73dc370a38e1e59a0e2ac1e385ecf578fc631fc4671329b9cbcfd634e9bed73e17657c13eaf53387a55726d9c986739f6f9ccdb4223fea026e
+  data.tar.gz: db4526766e567440a95129831ef30cea038a98e9d613dc76308c96d0d81913d4e15fbb9c1c8d111ce395af0d908268316cb65c04511dbfbd8361fab31a62634a

data/History.md

@@ -1,4 +1,35 @@
-## 6.0.0 / 2022-10-XX
+## 6.1.0 / 2022-02-12
+
+* Features
+  * WebSocket support via partial hijack ([#3058], [#3007])
+  * Add built-in systemd notify support ([#3011])
+  * Periodically send status to systemd ([#3006], [#2604])
+  * Introduce the ability to return 413: payload too large for requests ([#3040])
+  * Log loaded extensions when `PUMA_DEBUG` is set ([#3036], [#3020])
+
+* Bugfixes
+  * Fix issue with rack 3 compatibility re: rackup ([#3061], [#3057])
+  * Allow setting TCP low_latency with SSL listener ([#3065])
+
+* Performance
+  * Reduce memory usage for large file uploads ([#3062])
+
+## 6.0.2 / 2023-01-01
+
+* Refactor
+  * Remove use of etc and time gems in Puma ([#3035], [#3033])
+  * Refactor const.rb - freeze ([#3016])
+
+## 6.0.1 / 2022-12-20
+ 
+* Bugfixes
+  * Handle waking up a closed selector in Reactor#add ([#3005])
+  * Fixup response processing, enumerable bodies ([#3004], [#3000])
+  * Correctly close app body for all code paths ([#3002], [#2999])
+* Refactor 
+  * Add IOBuffer to Client, remove from ThreadPool thread instances ([#3013])
+
+## 6.0.0 / 2022-10-14
 
 * Breaking Changes
   * Dropping Ruby 2.2 and 2.3 support (now 2.4+) ([#2919])
@@ -9,6 +40,9 @@
   * Prefix all environment variables with `PUMA_` ([#2924], [#2853])
   * Removed some constants ([#2957], [#2958], [#2959], [#2960])
   * The following classes are now part of Puma's private API: `Client`, `Cluster::Worker`, `Cluster::Worker`, `HandleRequest`. ([#2988])
+  * Configuration constants like `DefaultRackup` removed ([#2928])
+  * Extracted `LogWriter` from `Events` ([#2798])
+  * Only accept the standard 8 HTTP methods, others rejected with 501. ([#2932])
 
 * Features
   * Increase throughput on large (100kb+) response bodies by 3-10x ([#2896], [#2892])
@@ -34,7 +68,6 @@
 
 * Refactor
   * log_writer.rb - add internal_write method ([#2888])
-  * [WIP] Refactor: Split out LogWriter from Events (no logic change) ([#2798])
   * Extract prune_bundler code into it's own class. ([#2797])
   * Refactor Launcher#run to increase readability (no logic change) ([#2795])
   * Ruby 3.2 will have native IO#wait_* methods, don't require io/wait ([#2903])
@@ -1915,6 +1948,27 @@ be added back in a future date when a java Puma::MiniSSL is added.
 * Bugfixes
   * Your bugfix goes here <Most recent on the top, like GitHub> (#Github Number)
 
+[#3058]:https://github.com/puma/puma/pull/3058     "PR by @dentarg, merged 2023-01-29"
+[#3007]:https://github.com/puma/puma/issues/3007   "Issue by @MSP-Greg, closed 2023-01-29"
+[#3011]:https://github.com/puma/puma/pull/3011     "PR by @joaomarcos96, merged 2023-01-03"
+[#3006]:https://github.com/puma/puma/pull/3006     "PR by @QWYNG, merged 2023-02-09"
+[#2604]:https://github.com/puma/puma/issues/2604   "Issue by @dgoetz, closed 2023-02-09"
+[#3040]:https://github.com/puma/puma/pull/3040     "PR by @shayonj, merged 2023-01-02"
+[#3036]:https://github.com/puma/puma/pull/3036     "PR by @MSP-Greg, merged 2023-01-13"
+[#3020]:https://github.com/puma/puma/issues/3020   "Issue by @dentarg, closed 2023-01-13"
+[#3061]:https://github.com/puma/puma/pull/3061     "PR by @MSP-Greg, merged 2023-02-12"
+[#3057]:https://github.com/puma/puma/issues/3057   "Issue by @mmarvb8h, closed 2023-02-12"
+[#3065]:https://github.com/puma/puma/pull/3065     "PR by @MSP-Greg, merged 2023-02-11"
+[#3062]:https://github.com/puma/puma/pull/3062     "PR by @willkoehler, merged 2023-01-29"
+[#3035]:https://github.com/puma/puma/pull/3035     "PR by @MSP-Greg, merged 2022-12-24"
+[#3033]:https://github.com/puma/puma/issues/3033   "Issue by @jules-w2, closed 2022-12-24"
+[#3016]:https://github.com/puma/puma/pull/3016     "PR by @MSP-Greg, merged 2022-12-24"
+[#3005]:https://github.com/puma/puma/pull/3005     "PR by @JuanitoFatas, merged 2022-11-04"
+[#3004]:https://github.com/puma/puma/pull/3004     "PR by @MSP-Greg, merged 2022-11-24"
+[#3000]:https://github.com/puma/puma/issues/3000   "Issue by @dentarg, closed 2022-11-24"
+[#3002]:https://github.com/puma/puma/pull/3002     "PR by @MSP-Greg, merged 2022-11-03"
+[#2999]:https://github.com/puma/puma/issues/2999   "Issue by @aymeric-ledorze, closed 2022-11-03"
+[#3013]:https://github.com/puma/puma/pull/3013     "PR by @MSP-Greg, merged 2022-11-13"
 [#2919]:https://github.com/puma/puma/pull/2919     "PR by @MSP-Greg, merged 2022-08-30"
 [#2652]:https://github.com/puma/puma/issues/2652   "Issue by @Roguelazer, closed 2022-09-04"
 [#2653]:https://github.com/puma/puma/pull/2653     "PR by @Roguelazer, closed 2022-03-07"
@@ -1928,7 +1982,10 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#2958]:https://github.com/puma/puma/pull/2958     "PR by @JuanitoFatas, merged 2022-09-16"
 [#2959]:https://github.com/puma/puma/pull/2959     "PR by @JuanitoFatas, merged 2022-09-16"
 [#2960]:https://github.com/puma/puma/pull/2960     "PR by @JuanitoFatas, merged 2022-09-16"
-[#2988]:https://github.com/puma/puma/issues/2988   "Issue by @MSP-Greg, merged 2022-10-12"
+[#2988]:https://github.com/puma/puma/pull/2988     "PR by @MSP-Greg, merged 2022-10-12"
+[#2928]:https://github.com/puma/puma/pull/2928     "PR by @nateberkopec, merged 2022-09-10"
+[#2798]:https://github.com/puma/puma/pull/2798     "PR by @johnnyshields, merged 2022-02-05"
+[#2932]:https://github.com/puma/puma/pull/2932     "PR by @mrzasa, merged 2022-09-12"
 [#2896]:https://github.com/puma/puma/pull/2896     "PR by @MSP-Greg, merged 2022-09-13"
 [#2892]:https://github.com/puma/puma/pull/2892     "PR by @guilleiguaran, closed 2022-09-13"
 [#2923]:https://github.com/puma/puma/pull/2923     "PR by @nateberkopec, merged 2022-09-09"
@@ -1949,11 +2006,9 @@ be added back in a future date when a java Puma::MiniSSL is added.
 [#2904]:https://github.com/puma/puma/pull/2904     "PR by @kares, merged 2022-08-27"
 [#2884]:https://github.com/puma/puma/pull/2884     "PR by @kares, merged 2022-05-30"
 [#2897]:https://github.com/puma/puma/pull/2897     "PR by @Edouard-chin, merged 2022-08-27"
-[#2932]:https://github.com/puma/puma/pull/2932     "PR by @mrzasa, merged 2022-09-12"
 [#1441]:https://github.com/puma/puma/issues/1441   "Issue by @nirvdrum, closed 2022-09-12"
 [#2956]:https://github.com/puma/puma/pull/2956     "PR by @MSP-Greg, merged 2022-09-15"
 [#2888]:https://github.com/puma/puma/pull/2888     "PR by @MSP-Greg, merged 2022-06-01"
-[#2798]:https://github.com/puma/puma/pull/2798     "PR by @johnnyshields, merged 2022-02-05"
 [#2797]:https://github.com/puma/puma/pull/2797     "PR by @johnnyshields, merged 2022-02-01"
 [#2795]:https://github.com/puma/puma/pull/2795     "PR by @johnnyshields, merged 2022-01-31"
 [#2903]:https://github.com/puma/puma/pull/2903     "PR by @MSP-Greg, merged 2022-08-27"

data/README.md

@@ -365,6 +365,7 @@ Community guides:
 * [puma-metrics](https://github.com/harmjanblok/puma-metrics) — export Puma metrics to Prometheus
 * [puma-plugin-statsd](https://github.com/yob/puma-plugin-statsd) — send Puma metrics to statsd
 * [puma-plugin-systemd](https://github.com/sj26/puma-plugin-systemd) — deeper integration with systemd for notify, status and watchdog
+* [puma-plugin-telemetry](https://github.com/babbel/puma-plugin-telemetry) - telemetry plugin for Puma offering various targets to publish
 
 ### Monitoring
 

data/docs/nginx.md

@@ -2,7 +2,7 @@
 
 This is a very common setup using an upstream. It was adapted from some Capistrano recipe I found on the Internet a while ago.
 
-```
+```nginx
 upstream myapp {
   server unix:///myapp/tmp/puma.sock;
 }

data/docs/systemd.md

@@ -24,8 +24,7 @@ After=network.target
 
 [Service]
 # Puma supports systemd's `Type=notify` and watchdog service
-# monitoring, if the [sd_notify](https://github.com/agis/ruby-sdnotify) gem is installed,
-# as of Puma 5.1 or later.
+# monitoring, as of Puma 5.1 or later.
 # On earlier versions of Puma or JRuby, change this to `Type=simple` and remove
 # the `WatchdogSec` line.
 Type=notify

data/lib/puma/binder.rb

@@ -158,10 +158,10 @@ module Puma
             ios_len = @ios.length
             params = Util.parse_query uri.query
 
-            opt = params.key?('low_latency') && params['low_latency'] != 'false'
+            low_latency = params.key?('low_latency') && params['low_latency'] != 'false'
             backlog = params.fetch('backlog', 1024).to_i
 
-            io = add_tcp_listener uri.host, uri.port, opt, backlog
+            io = add_tcp_listener uri.host, uri.port, low_latency, backlog
 
             @ios[ios_len..-1].each do |i|
               addr = loc_addr_str i
@@ -251,7 +251,8 @@ module Puma
           else
             ios_len = @ios.length
             backlog = params.fetch('backlog', 1024).to_i
-            io = add_ssl_listener uri.host, uri.port, ctx, optimize_for_latency = true, backlog
+            low_latency = params['low_latency'] != 'false'
+            io = add_ssl_listener uri.host, uri.port, ctx, low_latency, backlog
 
             @ios[ios_len..-1].each do |i|
               addr = loc_addr_str i

data/lib/puma/client.rb

@@ -9,6 +9,7 @@ class IO
 end
 
 require_relative 'detect'
+require_relative 'io_buffer'
 require 'tempfile'
 require 'forwardable'
 
@@ -65,6 +66,7 @@ module Puma
     def initialize(io, env=nil)
       @io = io
       @to_io = io.to_io
+      @io_buffer = IOBuffer.new
       @proto_env = env
       @env = env ? env.dup : nil
 
@@ -84,6 +86,9 @@ module Puma
       @requests_served = 0
       @hijacked = false
 
+      @http_content_length_limit = nil
+      @http_content_length_limit_exceeded = false
+
       @peerip = nil
       @peer_family = nil
       @listener = nil
@@ -93,12 +98,14 @@ module Puma
       @body_remain = 0
 
       @in_last_chunk = false
+
+      @read_buffer = +""
     end
 
     attr_reader :env, :to_io, :body, :io, :timeout_at, :ready, :hijacked,
-                :tempfile
+                :tempfile, :io_buffer, :http_content_length_limit_exceeded
 
-    attr_writer :peerip
+    attr_writer :peerip, :http_content_length_limit
 
     attr_accessor :remote_addr_header, :listener
 
@@ -138,6 +145,7 @@ module Puma
 
     def reset(fast_check=true)
       @parser.reset
+      @io_buffer.reset
       @read_header = true
       @read_proxy = !!@expect_proxy_proto
       @env = @proto_env.dup
@@ -148,6 +156,7 @@ module Puma
       @body_remain = 0
       @peerip = nil if @remote_addr_header
       @in_last_chunk = false
+      @http_content_length_limit_exceeded = false
 
       if @buffer
         return false unless try_to_parse_proxy_protocol
@@ -207,6 +216,17 @@ module Puma
     end
 
     def try_to_finish
+      if env[CONTENT_LENGTH] && above_http_content_limit(env[CONTENT_LENGTH].to_i)
+        @http_content_length_limit_exceeded = true
+      end
+
+      if @http_content_length_limit_exceeded
+        @buffer = nil
+        @body = EmptyBody
+        set_ready
+        return true
+      end
+
       return read_body if in_data_phase
 
       begin
@@ -236,6 +256,10 @@ module Puma
 
       @parsed_bytes = @parser.execute(@env, @buffer, @parsed_bytes)
 
+      if @parser.finished? && above_http_content_limit(@parser.body.bytesize)
+        @http_content_length_limit_exceeded = true
+      end
+
       if @parser.finished?
         return setup_body
       elsif @parsed_bytes >= MAX_HEADER
@@ -411,7 +435,7 @@ module Puma
       end
 
       begin
-        chunk = @io.read_nonblock(want)
+        chunk = @io.read_nonblock(want, @read_buffer)
       rescue IO::WaitReadable
         return false
       rescue SystemCallError, IOError
@@ -443,7 +467,7 @@ module Puma
     def read_chunked_body
       while true
         begin
-          chunk = @io.read_nonblock(4096)
+          chunk = @io.read_nonblock(4096, @read_buffer)
         rescue IO::WaitReadable
           return false
         rescue SystemCallError, IOError
@@ -591,5 +615,9 @@ module Puma
       @requests_served += 1
       @ready = true
     end
+
+    def above_http_content_limit(value)
+      @http_content_length_limit&.< value
+    end
   end
 end

data/lib/puma/cluster/worker.rb

@@ -115,6 +115,11 @@ module Puma
 
         while restart_server.pop
           server_thread = server.run
+
+          if @log_writer.debug? && index == 0
+            debug_loaded_extensions "Loaded Extensions - worker 0:"
+          end
+
           stat_thread ||= Thread.new(@worker_write) do |io|
             Puma.set_thread_name "stat pld"
             base_payload = "p#{Process.pid}"

data/lib/puma/cluster.rb

@@ -6,8 +6,6 @@ require_relative 'plugin'
 require_relative 'cluster/worker_handle'
 require_relative 'cluster/worker'
 
-require 'time'
-
 module Puma
   # This class is instantiated by the `Puma::Launcher` and used
   # to boot and serve a Ruby application when puma "workers" are needed
@@ -252,18 +250,18 @@ module Puma
       old_worker_count = @workers.count { |w| w.phase != @phase }
       worker_status = @workers.map do |w|
         {
-          started_at: w.started_at.utc.iso8601,
+          started_at: utc_iso8601(w.started_at),
           pid: w.pid,
           index: w.index,
           phase: w.phase,
           booted: w.booted?,
-          last_checkin: w.last_checkin.utc.iso8601,
+          last_checkin: utc_iso8601(w.last_checkin),
           last_status: w.last_status,
         }
       end
 
       {
-        started_at: @started_at.utc.iso8601,
+        started_at: utc_iso8601(@started_at),
         workers: @workers.size,
         phase: @phase,
         booted_workers: worker_status.count { |w| w[:booted] },
@@ -469,6 +467,7 @@ module Puma
                   @events.fire(:ping!, w)
                   if !booted && @workers.none? {|worker| worker.last_status.empty?}
                     @events.fire_on_booted!
+                    debug_loaded_extensions("Loaded Extensions - master:") if @log_writer.debug?
                     booted = true
                   end
                 end
@@ -478,6 +477,7 @@ module Puma
             end
             if in_phased_restart && workers_not_booted.zero?
               @events.fire_on_booted!
+              debug_loaded_extensions("Loaded Extensions - master:") if @log_writer.debug?
               in_phased_restart = false
             end
 

data/lib/puma/configuration.rb

@@ -167,6 +167,7 @@ module Puma
       worker_shutdown_timeout: 30,
       worker_timeout: 60,
       workers: 0,
+      http_content_length_limit: nil
     }
 
     def initialize(user_options={}, default_options = {}, &block)

data/lib/puma/const.rb

@@ -5,7 +5,6 @@ module Puma
   class UnsupportedOption < RuntimeError
   end
 
-
   # Every standard HTTP code mapped to the appropriate message.  These are
   # used so frequently that they are placed directly in Puma for easy
   # access rather than Puma::Const itself.
@@ -100,10 +99,10 @@ module Puma
   # too taxing on performance.
   module Const
 
-    PUMA_VERSION = VERSION = "6.0.0".freeze
-    CODE_NAME = "Sunflower".freeze
+    PUMA_VERSION = VERSION = "6.1.0"
+    CODE_NAME = "The Way Up"
 
-    PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze
+    PUMA_SERVER_STRING = ["puma", PUMA_VERSION, CODE_NAME].join(" ").freeze
 
     FAST_TRACK_KA_TIMEOUT = 0.2
 
@@ -112,28 +111,28 @@ module Puma
     WRITE_TIMEOUT = 10
 
     # The original URI requested by the client.
-    REQUEST_URI= 'REQUEST_URI'.freeze
-    REQUEST_PATH = 'REQUEST_PATH'.freeze
-    QUERY_STRING = 'QUERY_STRING'.freeze
-    CONTENT_LENGTH = "CONTENT_LENGTH".freeze
+    REQUEST_URI= "REQUEST_URI"
+    REQUEST_PATH = "REQUEST_PATH"
+    QUERY_STRING = "QUERY_STRING"
+    CONTENT_LENGTH = "CONTENT_LENGTH"
 
-    PATH_INFO = 'PATH_INFO'.freeze
+    PATH_INFO = "PATH_INFO"
 
-    PUMA_TMP_BASE = "puma".freeze
+    PUMA_TMP_BASE = "puma"
 
     ERROR_RESPONSE = {
       # Indicate that we couldn't parse the request
-      400 => "HTTP/1.1 400 Bad Request\r\n\r\n".freeze,
+      400 => "HTTP/1.1 400 Bad Request\r\n\r\n",
       # The standard empty 404 response for bad requests.  Use Error4040Handler for custom stuff.
-      404 => "HTTP/1.1 404 Not Found\r\nConnection: close\r\nServer: Puma #{PUMA_VERSION}\r\n\r\nNOT FOUND".freeze,
+      404 => "HTTP/1.1 404 Not Found\r\nConnection: close\r\nServer: Puma #{PUMA_VERSION}\r\n\r\nNOT FOUND",
       # The standard empty 408 response for requests that timed out.
-      408 => "HTTP/1.1 408 Request Timeout\r\nConnection: close\r\nServer: Puma #{PUMA_VERSION}\r\n\r\n".freeze,
+      408 => "HTTP/1.1 408 Request Timeout\r\nConnection: close\r\nServer: Puma #{PUMA_VERSION}\r\n\r\n",
       # Indicate that there was an internal error, obviously.
-      500 => "HTTP/1.1 500 Internal Server Error\r\n\r\n".freeze,
+      500 => "HTTP/1.1 500 Internal Server Error\r\n\r\n",
       # Incorrect or invalid header value
-      501 => "HTTP/1.1 501 Not Implemented\r\n\r\n".freeze,
+      501 => "HTTP/1.1 501 Not Implemented\r\n\r\n",
       # A common header for indicating the server is too busy.  Not used yet.
-      503 => "HTTP/1.1 503 Service Unavailable\r\n\r\nBUSY".freeze
+      503 => "HTTP/1.1 503 Service Unavailable\r\n\r\nBUSY"
     }.freeze
 
     # The basic max request size we'll try to read.
@@ -146,95 +145,88 @@ module Puma
     # Maximum request body size before it is moved out of memory and into a tempfile for reading.
     MAX_BODY = MAX_HEADER
 
-    REQUEST_METHOD = "REQUEST_METHOD".freeze
-    HEAD = "HEAD".freeze
-    GET = "GET".freeze
-    POST = "POST".freeze
-    PUT = "PUT".freeze
-    DELETE = "DELETE".freeze
-    OPTIONS = "OPTIONS".freeze
-    TRACE = "TRACE".freeze
-    PATCH = "PATCH".freeze
-    SUPPORTED_HTTP_METHODS = [HEAD, GET, POST, PUT, DELETE, OPTIONS, TRACE, PATCH].freeze
+    REQUEST_METHOD = "REQUEST_METHOD"
+    HEAD = "HEAD"
+    SUPPORTED_HTTP_METHODS = %w[HEAD GET POST PUT DELETE OPTIONS TRACE PATCH].freeze
     # ETag is based on the apache standard of hex mtime-size-inode (inode is 0 on win32)
-    LINE_END = "\r\n".freeze
-    REMOTE_ADDR = "REMOTE_ADDR".freeze
-    HTTP_X_FORWARDED_FOR = "HTTP_X_FORWARDED_FOR".freeze
-    HTTP_X_FORWARDED_SSL = "HTTP_X_FORWARDED_SSL".freeze
-    HTTP_X_FORWARDED_SCHEME = "HTTP_X_FORWARDED_SCHEME".freeze
-    HTTP_X_FORWARDED_PROTO = "HTTP_X_FORWARDED_PROTO".freeze
+    LINE_END = "\r\n"
+    REMOTE_ADDR = "REMOTE_ADDR"
+    HTTP_X_FORWARDED_FOR = "HTTP_X_FORWARDED_FOR"
+    HTTP_X_FORWARDED_SSL = "HTTP_X_FORWARDED_SSL"
+    HTTP_X_FORWARDED_SCHEME = "HTTP_X_FORWARDED_SCHEME"
+    HTTP_X_FORWARDED_PROTO = "HTTP_X_FORWARDED_PROTO"
 
-    SERVER_NAME = "SERVER_NAME".freeze
-    SERVER_PORT = "SERVER_PORT".freeze
-    HTTP_HOST = "HTTP_HOST".freeze
-    PORT_80 = "80".freeze
-    PORT_443 = "443".freeze
-    LOCALHOST = "localhost".freeze
-    LOCALHOST_IPV4 = "127.0.0.1".freeze
-    LOCALHOST_IPV6 = "::1".freeze
-    UNSPECIFIED_IPV4 = "0.0.0.0".freeze
-    UNSPECIFIED_IPV6 = "::".freeze
+    SERVER_NAME = "SERVER_NAME"
+    SERVER_PORT = "SERVER_PORT"
+    HTTP_HOST = "HTTP_HOST"
+    PORT_80 = "80"
+    PORT_443 = "443"
+    LOCALHOST = "localhost"
+    LOCALHOST_IPV4 = "127.0.0.1"
+    LOCALHOST_IPV6 = "::1"
+    UNSPECIFIED_IPV4 = "0.0.0.0"
+    UNSPECIFIED_IPV6 = "::"
 
-    SERVER_PROTOCOL = "SERVER_PROTOCOL".freeze
-    HTTP_11 = "HTTP/1.1".freeze
+    SERVER_PROTOCOL = "SERVER_PROTOCOL"
+    HTTP_11 = "HTTP/1.1"
 
-    SERVER_SOFTWARE = "SERVER_SOFTWARE".freeze
-    GATEWAY_INTERFACE = "GATEWAY_INTERFACE".freeze
-    CGI_VER = "CGI/1.2".freeze
+    SERVER_SOFTWARE = "SERVER_SOFTWARE"
+    GATEWAY_INTERFACE = "GATEWAY_INTERFACE"
+    CGI_VER = "CGI/1.2"
 
-    STOP_COMMAND = "?".freeze
-    HALT_COMMAND = "!".freeze
-    RESTART_COMMAND = "R".freeze
+    STOP_COMMAND = "?"
+    HALT_COMMAND = "!"
+    RESTART_COMMAND = "R"
 
-    RACK_INPUT = "rack.input".freeze
-    RACK_URL_SCHEME = "rack.url_scheme".freeze
-    RACK_AFTER_REPLY = "rack.after_reply".freeze
-    PUMA_SOCKET = "puma.socket".freeze
-    PUMA_CONFIG = "puma.config".freeze
-    PUMA_PEERCERT = "puma.peercert".freeze
+    RACK_INPUT = "rack.input"
+    RACK_URL_SCHEME = "rack.url_scheme"
+    RACK_AFTER_REPLY = "rack.after_reply"
+    PUMA_SOCKET = "puma.socket"
+    PUMA_CONFIG = "puma.config"
+    PUMA_PEERCERT = "puma.peercert"
 
-    HTTP = "http".freeze
-    HTTPS = "https".freeze
+    HTTP = "http"
+    HTTPS = "https"
 
-    HTTPS_KEY = "HTTPS".freeze
+    HTTPS_KEY = "HTTPS"
 
-    HTTP_VERSION = "HTTP_VERSION".freeze
-    HTTP_CONNECTION = "HTTP_CONNECTION".freeze
-    HTTP_EXPECT = "HTTP_EXPECT".freeze
-    CONTINUE = "100-continue".freeze
+    HTTP_VERSION = "HTTP_VERSION"
+    HTTP_CONNECTION = "HTTP_CONNECTION"
+    HTTP_EXPECT = "HTTP_EXPECT"
+    CONTINUE = "100-continue"
 
-    HTTP_11_100 = "HTTP/1.1 100 Continue\r\n\r\n".freeze
-    HTTP_11_200 = "HTTP/1.1 200 OK\r\n".freeze
-    HTTP_10_200 = "HTTP/1.0 200 OK\r\n".freeze
+    HTTP_11_100 = "HTTP/1.1 100 Continue\r\n\r\n"
+    HTTP_11_200 = "HTTP/1.1 200 OK\r\n"
+    HTTP_10_200 = "HTTP/1.0 200 OK\r\n"
 
-    CLOSE = "close".freeze
-    KEEP_ALIVE = "keep-alive".freeze
+    CLOSE = "close"
+    KEEP_ALIVE = "keep-alive"
 
-    CONTENT_LENGTH2 = "content-length".freeze
-    CONTENT_LENGTH_S = "Content-Length: ".freeze
-    TRANSFER_ENCODING = "transfer-encoding".freeze
-    TRANSFER_ENCODING2 = "HTTP_TRANSFER_ENCODING".freeze
+    CONTENT_LENGTH2 = "content-length"
+    CONTENT_LENGTH_S = "Content-Length: "
+    TRANSFER_ENCODING = "transfer-encoding"
+    TRANSFER_ENCODING2 = "HTTP_TRANSFER_ENCODING"
 
-    CONNECTION_CLOSE = "Connection: close\r\n".freeze
-    CONNECTION_KEEP_ALIVE = "Connection: Keep-Alive\r\n".freeze
+    CONNECTION_CLOSE = "Connection: close\r\n"
+    CONNECTION_KEEP_ALIVE = "Connection: Keep-Alive\r\n"
 
-    TRANSFER_ENCODING_CHUNKED = "Transfer-Encoding: chunked\r\n".freeze
-    CLOSE_CHUNKED = "0\r\n\r\n".freeze
+    TRANSFER_ENCODING_CHUNKED = "Transfer-Encoding: chunked\r\n"
+    CLOSE_CHUNKED = "0\r\n\r\n"
 
-    CHUNKED = "chunked".freeze
+    CHUNKED = "chunked"
 
-    COLON = ": ".freeze
+    COLON = ": "
 
-    NEWLINE = "\n".freeze
+    NEWLINE = "\n"
 
-    HIJACK_P = "rack.hijack?".freeze
-    HIJACK = "rack.hijack".freeze
-    HIJACK_IO = "rack.hijack_io".freeze
+    HIJACK_P = "rack.hijack?"
+    HIJACK = "rack.hijack"
+    HIJACK_IO = "rack.hijack_io"
 
-    EARLY_HINTS = "rack.early_hints".freeze
+    EARLY_HINTS = "rack.early_hints"
 
     # Illegal character in the key or value of response header
-    DQUOTE = "\"".freeze
+    DQUOTE = "\""
     HTTP_HEADER_DELIMITER = Regexp.escape("(),/:;<=>?@[]{}\\").freeze
     ILLEGAL_HEADER_KEY_REGEX = /[\x00-\x20#{DQUOTE}#{HTTP_HEADER_DELIMITER}]/.freeze
     # header values can contain HTAB?

data/lib/puma/dsl.rb

@@ -65,6 +65,7 @@ module Puma
 
       ca_additions = "&ca=#{Puma::Util.escape(opts[:ca])}" if ['peer', 'force_peer'].include?(verify)
 
+      low_latency_str = opts.key?(:low_latency) ? "&low_latency=#{opts[:low_latency]}" : ''
       backlog_str = opts[:backlog] ? "&backlog=#{Integer(opts[:backlog])}" : ''
 
       if defined?(JRUBY_VERSION)
@@ -114,7 +115,7 @@ module Puma
           end
 
         "ssl://#{host}:#{port}?#{cert_flags}#{key_flags}#{ssl_cipher_filter}" \
-          "#{reuse_flag}&verify_mode=#{verify}#{tls_str}#{ca_additions}#{v_flags}#{backlog_str}"
+          "#{reuse_flag}&verify_mode=#{verify}#{tls_str}#{ca_additions}#{v_flags}#{backlog_str}#{low_latency_str}"
       end
     end
 
@@ -250,6 +251,7 @@ module Puma
     #
     # * Set the socket backlog depth with +backlog+, default is 1024.
     # * Set up an SSL certificate with +key+ & +cert+.
+    # * Set up an SSL certificate for mTLS with +key+, +cert+, +ca+ and +verify_mode+.
     # * Set whether to optimize for low latency instead of throughput with
     #   +low_latency+, default is to not optimize for low latency. This is done
     #   via +Socket::TCP_NODELAY+.
@@ -259,6 +261,8 @@ module Puma
     #   bind 'unix:///var/run/puma.sock?backlog=512'
     # @example SSL cert
     #   bind 'ssl://127.0.0.1:9292?key=key.key&cert=cert.pem'
+    # @example SSL cert for mutual TLS (mTLS)
+    #   bind 'ssl://127.0.0.1:9292?key=key.key&cert=cert.pem&ca=ca.pem&verify_mode=force_peer'
     # @example Disable optimization for low latency
     #   bind 'tcp://0.0.0.0:9292?low_latency=false'
     # @example Socket permissions
@@ -1019,6 +1023,19 @@ module Puma
       @options[:mutate_stdout_and_stderr_to_sync_on_write] = enabled
     end
 
+    # Specify how big the request payload should be, in bytes.
+    # This limit is compared against Content-Length HTTP header.
+    # If the payload size (CONTENT_LENGTH) is larger than http_content_length_limit,
+    # HTTP 413 status code is returned.
+    #
+    # When no Content-Length http header is present, it is compared against the
+    # size of the body of the request.
+     #
+    # The default value for http_content_length_limit is nil.
+    def http_content_length_limit(limit)
+      @options[:http_content_length_limit] = limit
+    end
+
     private
 
     # To avoid adding cert_pem and key_pem as URI params, we store them on the

data/lib/puma/io_buffer.rb

@@ -22,6 +22,16 @@ module Puma
       read
     end
 
+    # Read & Reset - returns contents and resets
+    # @return [String] StringIO contents
+    def read_and_reset
+      rewind
+      str = read
+      truncate 0
+      rewind
+      str
+    end
+
     alias_method :clear, :reset
 
     # before Ruby 2.5, `write` would only take one argument