puma 3.12.1 → 3.12.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puma might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/History.md +6 -1
- data/docs/images/puma-connection-flow-no-reactor.png +0 -0
- data/docs/images/puma-connection-flow.png +0 -0
- data/docs/images/puma-general-arch.png +0 -0
- data/lib/puma/const.rb +8 -1
- data/lib/puma/server.rb +15 -1
- metadata +6 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8483f2a5087645c3b4a3f066a9ad804849c9c81d9df9c50ee17cc5a6594071bb
|
|
4
|
+
data.tar.gz: aee48433624d9efaeafe08c7747a38e8fd843645861ae82b3e2d8c59f1b7ecb5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 95aa82dbc1af85a87975c27f5061ccd55349950e3d17336ad62271788601821f835dc53b9f8542d008de0d6f7f4fc8b128a89cf5300488016f573c34e319ee62
|
|
7
|
+
data.tar.gz: e4e97b12c6c3d285fb327201760f2ffcd80dd716f67b52aee02670940d141832ba28044ddfda969df173ebe9bbe1b58068714e6308897d62d308ee6daebe3f29
|
data/History.md
CHANGED
|
@@ -4,7 +4,12 @@
|
|
|
4
4
|
|
|
5
5
|
* x bugfixes
|
|
6
6
|
|
|
7
|
-
## 3.12.
|
|
7
|
+
## 4.3.1 and 3.12.2 / 2019-12-05
|
|
8
|
+
|
|
9
|
+
* Security
|
|
10
|
+
* Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770.
|
|
11
|
+
|
|
12
|
+
## 3.12.1 / 2019-03-19
|
|
8
13
|
|
|
9
14
|
* 1 features
|
|
10
15
|
* Internal strings are frozen (#1649)
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
data/lib/puma/const.rb
CHANGED
|
@@ -100,7 +100,7 @@ module Puma
|
|
|
100
100
|
# too taxing on performance.
|
|
101
101
|
module Const
|
|
102
102
|
|
|
103
|
-
PUMA_VERSION = VERSION = "3.12.
|
|
103
|
+
PUMA_VERSION = VERSION = "3.12.2".freeze
|
|
104
104
|
CODE_NAME = "Llamas in Pajamas".freeze
|
|
105
105
|
PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze
|
|
106
106
|
|
|
@@ -118,6 +118,13 @@ module Puma
|
|
|
118
118
|
# sending data back
|
|
119
119
|
WRITE_TIMEOUT = 10
|
|
120
120
|
|
|
121
|
+
# How many requests to attempt inline before sending a client back to
|
|
122
|
+
# the reactor to be subject to normal ordering. The idea here is that
|
|
123
|
+
# we amortize the cost of going back to the reactor for a well behaved
|
|
124
|
+
# but very "greedy" client across 10 requests. This prevents a not
|
|
125
|
+
# well behaved client from monopolizing the thread forever.
|
|
126
|
+
MAX_FAST_INLINE = 10
|
|
127
|
+
|
|
121
128
|
# The original URI requested by the client.
|
|
122
129
|
REQUEST_URI= 'REQUEST_URI'.freeze
|
|
123
130
|
REQUEST_PATH = 'REQUEST_PATH'.freeze
|
data/lib/puma/server.rb
CHANGED
|
@@ -470,6 +470,8 @@ module Puma
|
|
|
470
470
|
clean_thread_locals = @options[:clean_thread_locals]
|
|
471
471
|
close_socket = true
|
|
472
472
|
|
|
473
|
+
requests = 0
|
|
474
|
+
|
|
473
475
|
while true
|
|
474
476
|
case handle_request(client, buffer)
|
|
475
477
|
when false
|
|
@@ -483,7 +485,19 @@ module Puma
|
|
|
483
485
|
|
|
484
486
|
ThreadPool.clean_thread_locals if clean_thread_locals
|
|
485
487
|
|
|
486
|
-
|
|
488
|
+
requests += 1
|
|
489
|
+
|
|
490
|
+
check_for_more_data = @status == :run
|
|
491
|
+
|
|
492
|
+
if requests >= MAX_FAST_INLINE
|
|
493
|
+
# This will mean that reset will only try to use the data it already
|
|
494
|
+
# has buffered and won't try to read more data. What this means is that
|
|
495
|
+
# every client, independent of their request speed, gets treated like a slow
|
|
496
|
+
# one once every MAX_FAST_INLINE requests.
|
|
497
|
+
check_for_more_data = false
|
|
498
|
+
end
|
|
499
|
+
|
|
500
|
+
unless client.reset(check_for_more_data)
|
|
487
501
|
close_socket = false
|
|
488
502
|
client.set_timeout @persistent_timeout
|
|
489
503
|
@reactor.add client
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: puma
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.12.
|
|
4
|
+
version: 3.12.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Evan Phoenix
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-12-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server
|
|
14
14
|
for Ruby/Rack applications. Puma is intended for use in both development and production
|
|
@@ -108,7 +108,7 @@ licenses:
|
|
|
108
108
|
- BSD-3-Clause
|
|
109
109
|
metadata:
|
|
110
110
|
msys2_mingw_dependencies: openssl
|
|
111
|
-
post_install_message:
|
|
111
|
+
post_install_message:
|
|
112
112
|
rdoc_options: []
|
|
113
113
|
require_paths:
|
|
114
114
|
- lib
|
|
@@ -123,9 +123,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
124
|
version: '0'
|
|
125
125
|
requirements: []
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
signing_key:
|
|
126
|
+
rubygems_version: 3.0.3
|
|
127
|
+
signing_key:
|
|
129
128
|
specification_version: 4
|
|
130
129
|
summary: Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for
|
|
131
130
|
Ruby/Rack applications
|