sidekiq 6.2.0 → 6.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 990d3e553aed906265ffa0cafb74fa4c79e0ccde957f21ccc3d09531d01e75bf
4
- data.tar.gz: 92a68ab1ea824dc78b91610e98c3d10ce4a5794e7aebd66803dc6f29db419420
3
+ metadata.gz: 298711914bcb8534a9599c47b00b7410467ce324619ee70e7050d15c42f4c329
4
+ data.tar.gz: '007900de7a1558633520c61870a58eff341e9c11009441dbabe0fbc177e4ed99'
5
5
  SHA512:
6
- metadata.gz: 37664695dd79557af0395fe20855db1d250753dd8c874023a866c27d69e78bfa36b3f70501dad18a6ac64673e62fa8fdf413c77d0052a9ca0d59f25a17df41f9
7
- data.tar.gz: 4d6ef75d6eb4be49e8b8d21d56bd0e300a284a4a6db9a0f0357724206b5e1b81b8bf75b53d8442319fd5fe5a9f08a467d75c59289d82d6aa70a00aa0d5102445
6
+ metadata.gz: 592ecc114de13f0e43bba9193e1ffd3a973c89a43fac3ed1b750b6a70e29b5bf128a05657baf3fc2ccb77134f092efac055651907f01c0ed6d3c00d45a5ebdc9
7
+ data.tar.gz: a7baed1f1df451e8bd5183fec4631e49c0761e700c4c95fc070389894894a5fb90103d0adce29da797bc1cae72f8a1f21e71da0279e8c18cb62e3b3b5ae05f0a
data/Changes.md CHANGED
@@ -2,6 +2,13 @@
2
2
 
3
3
  [Sidekiq Changes](https://github.com/mperham/sidekiq/blob/master/Changes.md) | [Sidekiq Pro Changes](https://github.com/mperham/sidekiq/blob/master/Pro-Changes.md) | [Sidekiq Enterprise Changes](https://github.com/mperham/sidekiq/blob/master/Ent-Changes.md)
4
4
 
5
+ 6.2.1
6
+ ---------
7
+
8
+ - Update RTT warning logic to handle transient RTT spikes [#4851]
9
+ - Fix very low priority CVE on unescaped queue name [#4852]
10
+ - Add note about sessions and Rails apps in API mode
11
+
5
12
  6.2.0
6
13
  ---------
7
14
 
@@ -31,6 +38,10 @@ If this is a bare Rack app, use a session middleware before Sidekiq::Web:
31
38
  # now, update your Rack app to include the secret with a session cookie middleware
32
39
  use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
33
40
  run Sidekiq::Web
41
+
42
+ If this is a Rails app in API mode, you need to enable sessions.
43
+
44
+ https://guides.rubyonrails.org/api_app.html#using-session-middlewares
34
45
  ```
35
46
 
36
47
  6.1.3
@@ -228,10 +228,6 @@ module Sidekiq
228
228
  end
229
229
 
230
230
  def normalize_item(item)
231
- # 6.0.0 push_bulk bug, #4321
232
- # TODO Remove after a while...
233
- item.delete("at") if item.key?("at") && item["at"].nil?
234
-
235
231
  validate(item)
236
232
  # raise(ArgumentError, "Arguments must be native JSON types, see https://github.com/mperham/sidekiq/wiki/Best-Practices") unless JSON.load(JSON.dump(item['args'])) == item['args']
237
233
 
@@ -188,6 +188,10 @@ module Sidekiq
188
188
  end
189
189
  end
190
190
 
191
+ # We run the heartbeat every five seconds.
192
+ # Capture five samples of RTT, log a warning if each sample
193
+ # is above our warning threshold.
194
+ RTT_READINGS = RingBuffer.new(5)
191
195
  RTT_WARNING_LEVEL = 50_000
192
196
 
193
197
  def check_rtt
@@ -198,15 +202,17 @@ module Sidekiq
198
202
  b = ::Process.clock_gettime(::Process::CLOCK_MONOTONIC, :microsecond)
199
203
  end
200
204
  rtt = b - a
205
+ RTT_READINGS << rtt
201
206
  # Ideal RTT for Redis is < 1000µs
202
207
  # Workable is < 10,000µs
203
208
  # Log a warning if it's a disaster.
204
- if rtt > RTT_WARNING_LEVEL
205
- Sidekiq.logger.warn <<-EOM
209
+ if RTT_READINGS.all? { |x| x > RTT_WARNING_LEVEL }
210
+ Sidekiq.logger.warn <<~EOM
206
211
  Your Redis network connection is performing extremely poorly.
207
- Current RTT is #{rtt} µs, ideally this should be < 1000.
212
+ Last RTT readings were #{RTT_READINGS.buffer.inspect}, ideally these should be < 1000.
208
213
  Ensure Redis is running in the same AZ or datacenter as Sidekiq.
209
214
  EOM
215
+ RTT_READINGS.reset
210
216
  end
211
217
  rtt
212
218
  end
data/lib/sidekiq/util.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "forwardable"
3
4
  require "socket"
4
5
  require "securerandom"
5
6
  require "sidekiq/exception_handler"
@@ -8,6 +9,33 @@ module Sidekiq
8
9
  ##
9
10
  # This module is part of Sidekiq core and not intended for extensions.
10
11
  #
12
+
13
+ class RingBuffer
14
+ include Enumerable
15
+ extend Forwardable
16
+ def_delegators :@buf, :[], :each, :size
17
+
18
+ def initialize(size, default = 0)
19
+ @size = size
20
+ @buf = Array.new(size, default)
21
+ @index = 0
22
+ end
23
+
24
+ def <<(element)
25
+ @buf[@index % @size] = element
26
+ @index += 1
27
+ element
28
+ end
29
+
30
+ def buffer
31
+ @buf
32
+ end
33
+
34
+ def reset(default = 0)
35
+ @buf.fill(default)
36
+ end
37
+ end
38
+
11
39
  module Util
12
40
  include ExceptionHandler
13
41
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Sidekiq
4
- VERSION = "6.2.0"
4
+ VERSION = "6.2.1"
5
5
  end
data/lib/sidekiq/web.rb CHANGED
@@ -144,11 +144,11 @@ module Sidekiq
144
144
  m = middlewares
145
145
 
146
146
  ::Rack::Builder.new do
147
- use Rack::Static, :urls => ["/stylesheets", "/images", "/javascripts"],
148
- :root => ASSETS,
149
- :cascade => true,
150
- :header_rules => [
151
- [:all, {'Cache-Control' => 'public, max-age=86400'}],
147
+ use Rack::Static, urls: ["/stylesheets", "/images", "/javascripts"],
148
+ root: ASSETS,
149
+ cascade: true,
150
+ header_rules: [
151
+ [:all, {"Cache-Control" => "public, max-age=86400"}]
152
152
  ]
153
153
  m.each { |middleware, block| use(*middleware, &block) }
154
154
  use Sidekiq::Web::CsrfProtection unless $TESTING
@@ -15,7 +15,7 @@ module Sidekiq
15
15
  end
16
16
 
17
17
  def halt(res)
18
- throw :halt, res
18
+ throw :halt, [res, {"Content-Type" => "text/plain"}, [res.to_s]]
19
19
  end
20
20
 
21
21
  def redirect(location)
@@ -82,10 +82,12 @@ module Sidekiq
82
82
  erb(:queues)
83
83
  end
84
84
 
85
+ QUEUE_NAME = /\A[a-z_:.\-0-9]+\z/i
86
+
85
87
  get "/queues/:name" do
86
88
  @name = route_params[:name]
87
89
 
88
- halt(404) unless @name
90
+ halt(404) if !@name || @name !~ QUEUE_NAME
89
91
 
90
92
  @count = (params["count"] || 25).to_i
91
93
  @queue = Sidekiq::Queue.new(@name)
@@ -77,16 +77,19 @@ module Sidekiq
77
77
  end
78
78
 
79
79
 
80
- If this is a bare Rack app, use a session middleware before Sidekiq::Web:
80
+ If this is a Rails app in API mode, you need to enable sessions.
81
+
82
+ https://guides.rubyonrails.org/api_app.html#using-session-middlewares
81
83
 
84
+ If this is a bare Rack app, use a session middleware before Sidekiq::Web:
82
85
 
83
- # first, use IRB to create a shared secret key for sessions and commit it
84
- require 'securerandom'; File.open(".session.key", "w") {|f| f.write(SecureRandom.hex(32)) }
86
+ # first, use IRB to create a shared secret key for sessions and commit it
87
+ require 'securerandom'; File.open(".session.key", "w") {|f| f.write(SecureRandom.hex(32)) }
85
88
 
89
+ # now use the secret with a session cookie middleware
90
+ use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
91
+ run Sidekiq::Web
86
92
 
87
- # now use the secret with a session cookie middleware
88
- use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
89
- run Sidekiq::Web
90
93
  EOM
91
94
  end
92
95
 
data/web/views/busy.erb CHANGED
@@ -78,9 +78,10 @@
78
78
  <td><%= process['busy'] %></td>
79
79
  <td>
80
80
  <form method="POST">
81
+ <%= csrf_tag %>
82
+ <input type="hidden" name="identity" value="<%= process['identity'] %>"/>
83
+
81
84
  <div class="btn-group pull-right flip">
82
- <%= csrf_tag %>
83
- <input type="hidden" name="identity" value="<%= process['identity'] %>"/>
84
85
  <% unless process.stopping? %><button class="btn btn-warn" type="submit" name="quiet" value="1"><%= t('Quiet') %></button><% end %>
85
86
  <button class="btn btn-danger" type="submit" name="stop" value="1"><%= t('Stop') %></button>
86
87
  </div>
data/web/views/queue.erb CHANGED
@@ -52,4 +52,4 @@
52
52
  <% end %>
53
53
  </table>
54
54
  </div>
55
- <%= erb :_paging, locals: { url: "#{root_path}queues/#{@name}" } %>
55
+ <%= erb :_paging, locals: { url: "#{root_path}queues/#{CGI.escape(@name)}" } %>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sidekiq
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.2.0
4
+ version: 6.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Perham
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-15 00:00:00.000000000 Z
11
+ date: 2021-04-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: redis