sidekiq 6.2.0 → 6.2.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of sidekiq might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 990d3e553aed906265ffa0cafb74fa4c79e0ccde957f21ccc3d09531d01e75bf
4
- data.tar.gz: 92a68ab1ea824dc78b91610e98c3d10ce4a5794e7aebd66803dc6f29db419420
3
+ metadata.gz: 298711914bcb8534a9599c47b00b7410467ce324619ee70e7050d15c42f4c329
4
+ data.tar.gz: '007900de7a1558633520c61870a58eff341e9c11009441dbabe0fbc177e4ed99'
5
5
  SHA512:
6
- metadata.gz: 37664695dd79557af0395fe20855db1d250753dd8c874023a866c27d69e78bfa36b3f70501dad18a6ac64673e62fa8fdf413c77d0052a9ca0d59f25a17df41f9
7
- data.tar.gz: 4d6ef75d6eb4be49e8b8d21d56bd0e300a284a4a6db9a0f0357724206b5e1b81b8bf75b53d8442319fd5fe5a9f08a467d75c59289d82d6aa70a00aa0d5102445
6
+ metadata.gz: 592ecc114de13f0e43bba9193e1ffd3a973c89a43fac3ed1b750b6a70e29b5bf128a05657baf3fc2ccb77134f092efac055651907f01c0ed6d3c00d45a5ebdc9
7
+ data.tar.gz: a7baed1f1df451e8bd5183fec4631e49c0761e700c4c95fc070389894894a5fb90103d0adce29da797bc1cae72f8a1f21e71da0279e8c18cb62e3b3b5ae05f0a
data/Changes.md CHANGED
@@ -2,6 +2,13 @@
2
2
 
3
3
  [Sidekiq Changes](https://github.com/mperham/sidekiq/blob/master/Changes.md) | [Sidekiq Pro Changes](https://github.com/mperham/sidekiq/blob/master/Pro-Changes.md) | [Sidekiq Enterprise Changes](https://github.com/mperham/sidekiq/blob/master/Ent-Changes.md)
4
4
 
5
+ 6.2.1
6
+ ---------
7
+
8
+ - Update RTT warning logic to handle transient RTT spikes [#4851]
9
+ - Fix very low priority CVE on unescaped queue name [#4852]
10
+ - Add note about sessions and Rails apps in API mode
11
+
5
12
  6.2.0
6
13
  ---------
7
14
 
@@ -31,6 +38,10 @@ If this is a bare Rack app, use a session middleware before Sidekiq::Web:
31
38
  # now, update your Rack app to include the secret with a session cookie middleware
32
39
  use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
33
40
  run Sidekiq::Web
41
+
42
+ If this is a Rails app in API mode, you need to enable sessions.
43
+
44
+ https://guides.rubyonrails.org/api_app.html#using-session-middlewares
34
45
  ```
35
46
 
36
47
  6.1.3
@@ -228,10 +228,6 @@ module Sidekiq
228
228
  end
229
229
 
230
230
  def normalize_item(item)
231
- # 6.0.0 push_bulk bug, #4321
232
- # TODO Remove after a while...
233
- item.delete("at") if item.key?("at") && item["at"].nil?
234
-
235
231
  validate(item)
236
232
  # raise(ArgumentError, "Arguments must be native JSON types, see https://github.com/mperham/sidekiq/wiki/Best-Practices") unless JSON.load(JSON.dump(item['args'])) == item['args']
237
233
 
@@ -188,6 +188,10 @@ module Sidekiq
188
188
  end
189
189
  end
190
190
 
191
+ # We run the heartbeat every five seconds.
192
+ # Capture five samples of RTT, log a warning if each sample
193
+ # is above our warning threshold.
194
+ RTT_READINGS = RingBuffer.new(5)
191
195
  RTT_WARNING_LEVEL = 50_000
192
196
 
193
197
  def check_rtt
@@ -198,15 +202,17 @@ module Sidekiq
198
202
  b = ::Process.clock_gettime(::Process::CLOCK_MONOTONIC, :microsecond)
199
203
  end
200
204
  rtt = b - a
205
+ RTT_READINGS << rtt
201
206
  # Ideal RTT for Redis is < 1000µs
202
207
  # Workable is < 10,000µs
203
208
  # Log a warning if it's a disaster.
204
- if rtt > RTT_WARNING_LEVEL
205
- Sidekiq.logger.warn <<-EOM
209
+ if RTT_READINGS.all? { |x| x > RTT_WARNING_LEVEL }
210
+ Sidekiq.logger.warn <<~EOM
206
211
  Your Redis network connection is performing extremely poorly.
207
- Current RTT is #{rtt} µs, ideally this should be < 1000.
212
+ Last RTT readings were #{RTT_READINGS.buffer.inspect}, ideally these should be < 1000.
208
213
  Ensure Redis is running in the same AZ or datacenter as Sidekiq.
209
214
  EOM
215
+ RTT_READINGS.reset
210
216
  end
211
217
  rtt
212
218
  end
data/lib/sidekiq/util.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "forwardable"
3
4
  require "socket"
4
5
  require "securerandom"
5
6
  require "sidekiq/exception_handler"
@@ -8,6 +9,33 @@ module Sidekiq
8
9
  ##
9
10
  # This module is part of Sidekiq core and not intended for extensions.
10
11
  #
12
+
13
+ class RingBuffer
14
+ include Enumerable
15
+ extend Forwardable
16
+ def_delegators :@buf, :[], :each, :size
17
+
18
+ def initialize(size, default = 0)
19
+ @size = size
20
+ @buf = Array.new(size, default)
21
+ @index = 0
22
+ end
23
+
24
+ def <<(element)
25
+ @buf[@index % @size] = element
26
+ @index += 1
27
+ element
28
+ end
29
+
30
+ def buffer
31
+ @buf
32
+ end
33
+
34
+ def reset(default = 0)
35
+ @buf.fill(default)
36
+ end
37
+ end
38
+
11
39
  module Util
12
40
  include ExceptionHandler
13
41
 
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Sidekiq
4
- VERSION = "6.2.0"
4
+ VERSION = "6.2.1"
5
5
  end
data/lib/sidekiq/web.rb CHANGED
@@ -144,11 +144,11 @@ module Sidekiq
144
144
  m = middlewares
145
145
 
146
146
  ::Rack::Builder.new do
147
- use Rack::Static, :urls => ["/stylesheets", "/images", "/javascripts"],
148
- :root => ASSETS,
149
- :cascade => true,
150
- :header_rules => [
151
- [:all, {'Cache-Control' => 'public, max-age=86400'}],
147
+ use Rack::Static, urls: ["/stylesheets", "/images", "/javascripts"],
148
+ root: ASSETS,
149
+ cascade: true,
150
+ header_rules: [
151
+ [:all, {"Cache-Control" => "public, max-age=86400"}]
152
152
  ]
153
153
  m.each { |middleware, block| use(*middleware, &block) }
154
154
  use Sidekiq::Web::CsrfProtection unless $TESTING
@@ -15,7 +15,7 @@ module Sidekiq
15
15
  end
16
16
 
17
17
  def halt(res)
18
- throw :halt, res
18
+ throw :halt, [res, {"Content-Type" => "text/plain"}, [res.to_s]]
19
19
  end
20
20
 
21
21
  def redirect(location)
@@ -82,10 +82,12 @@ module Sidekiq
82
82
  erb(:queues)
83
83
  end
84
84
 
85
+ QUEUE_NAME = /\A[a-z_:.\-0-9]+\z/i
86
+
85
87
  get "/queues/:name" do
86
88
  @name = route_params[:name]
87
89
 
88
- halt(404) unless @name
90
+ halt(404) if !@name || @name !~ QUEUE_NAME
89
91
 
90
92
  @count = (params["count"] || 25).to_i
91
93
  @queue = Sidekiq::Queue.new(@name)
@@ -77,16 +77,19 @@ module Sidekiq
77
77
  end
78
78
 
79
79
 
80
- If this is a bare Rack app, use a session middleware before Sidekiq::Web:
80
+ If this is a Rails app in API mode, you need to enable sessions.
81
+
82
+ https://guides.rubyonrails.org/api_app.html#using-session-middlewares
81
83
 
84
+ If this is a bare Rack app, use a session middleware before Sidekiq::Web:
82
85
 
83
- # first, use IRB to create a shared secret key for sessions and commit it
84
- require 'securerandom'; File.open(".session.key", "w") {|f| f.write(SecureRandom.hex(32)) }
86
+ # first, use IRB to create a shared secret key for sessions and commit it
87
+ require 'securerandom'; File.open(".session.key", "w") {|f| f.write(SecureRandom.hex(32)) }
85
88
 
89
+ # now use the secret with a session cookie middleware
90
+ use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
91
+ run Sidekiq::Web
86
92
 
87
- # now use the secret with a session cookie middleware
88
- use Rack::Session::Cookie, secret: File.read(".session.key"), same_site: true, max_age: 86400
89
- run Sidekiq::Web
90
93
  EOM
91
94
  end
92
95
 
data/web/views/busy.erb CHANGED
@@ -78,9 +78,10 @@
78
78
  <td><%= process['busy'] %></td>
79
79
  <td>
80
80
  <form method="POST">
81
+ <%= csrf_tag %>
82
+ <input type="hidden" name="identity" value="<%= process['identity'] %>"/>
83
+
81
84
  <div class="btn-group pull-right flip">
82
- <%= csrf_tag %>
83
- <input type="hidden" name="identity" value="<%= process['identity'] %>"/>
84
85
  <% unless process.stopping? %><button class="btn btn-warn" type="submit" name="quiet" value="1"><%= t('Quiet') %></button><% end %>
85
86
  <button class="btn btn-danger" type="submit" name="stop" value="1"><%= t('Stop') %></button>
86
87
  </div>
data/web/views/queue.erb CHANGED
@@ -52,4 +52,4 @@
52
52
  <% end %>
53
53
  </table>
54
54
  </div>
55
- <%= erb :_paging, locals: { url: "#{root_path}queues/#{@name}" } %>
55
+ <%= erb :_paging, locals: { url: "#{root_path}queues/#{CGI.escape(@name)}" } %>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sidekiq
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.2.0
4
+ version: 6.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mike Perham
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-15 00:00:00.000000000 Z
11
+ date: 2021-04-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: redis