puma 5.6.1 → 5.6.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of puma might be problematic. Click here for more details.

Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +5 -0
  3. data/lib/puma/const.rb +1 -1
  4. data/lib/puma/request.rb +10 -5
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 469723b0faecde36baaac342696d0b59d73086f199a020e89d18ae33e2b181f0
4
- data.tar.gz: cf2f9bb437d6bf29c6ad1fe5a166ed4db0c9c0c0d67a239d7f07e62b8d993a6b
3
+ metadata.gz: 9f2fbd628cb88e37c6df33dccf70b11f52b5e0ae56693e8ada921793cf607f0a
4
+ data.tar.gz: fd7fa2520c4ac378f616373655f9b72127cd50c1ba36db4d986857e736a526b1
5
5
  SHA512:
6
- metadata.gz: b677ffb75bd299a97fc19eefa2caf8f3a80b8db0600d980ea4700fcb1fd12fd7c4079182e38bc4fc43879e668bffdc757247f4024dfd7e0d13ceb29181debbc4
7
- data.tar.gz: cd06e3f7cbecffafb7aec87831a24055f45f5e6313d8808ab797116efa9e410e01539382499465f3c23bb957aace762ba24a9deb8ecfdc1c4bf1f0cff852688d
6
+ metadata.gz: 448267cd44a571941f8ab0133d9ab2a5bedd2c7fcd964fb3948a7a9a3190b8052a69e8b849e1bbb7622373a5ccf754cdd39d1e24b8fa839cf0af71015b608b30
7
+ data.tar.gz: b37d8563ce45b33bdd12ae8e4a913a8a702f36f7b4afaf16edf17611868da089d8b98ee130a565488f3007b0a28bce32202fe4f391a9ff81aa29e66a9372be36
data/History.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## 5.6.2 / 2022-02-11
2
+
3
+ * Bugfix/Security
4
+ * Response body will always be `close`d. (GHSA-rmj8-8hhh-gv5h, related to [#2809])
5
+
1
6
  ## 5.6.1 / 2022-01-26
2
7
 
3
8
  * Bugfixes
data/lib/puma/const.rb CHANGED
@@ -100,7 +100,7 @@ module Puma
100
100
  # too taxing on performance.
101
101
  module Const
102
102
 
103
- PUMA_VERSION = VERSION = "5.6.1".freeze
103
+ PUMA_VERSION = VERSION = "5.6.2".freeze
104
104
  CODE_NAME = "Birdie's Version".freeze
105
105
 
106
106
  PUMA_SERVER_STRING = ['puma', PUMA_VERSION, CODE_NAME].join(' ').freeze
data/lib/puma/request.rb CHANGED
@@ -167,11 +167,16 @@ module Puma
167
167
  end
168
168
 
169
169
  ensure
170
- uncork_socket io
171
-
172
- body.close
173
- client.tempfile.unlink if client.tempfile
174
- res_body.close if res_body.respond_to? :close
170
+ begin
171
+ uncork_socket io
172
+
173
+ body.close
174
+ client.tempfile.unlink if client.tempfile
175
+ ensure
176
+ # Whatever happens, we MUST call `close` on the response body.
177
+ # Otherwise Rack::BodyProxy callbacks may not fire and lead to various state leaks
178
+ res_body.close if res_body.respond_to? :close
179
+ end
175
180
 
176
181
  after_reply.each { |o| o.call }
177
182
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: puma
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.6.1
4
+ version: 5.6.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Evan Phoenix