Log message:
www/ruby-puma: update to 6.5.0

6.5.0 (2024-11-22)

They say good things come to wait, and you've all had to wait a long time
for 6.5.0 because @nateberkopec had another daughter: Sky!

Features

* Print RUBY_DESCRIPTION when Puma starts ([#3407])
* Set the worker process count automatically when using
  WEB_CONCURRENCY=auto ([#3439], [#3437])
* Mark as ractor-safe ([#3486], [#3422])
* Add option enable_keep_alives. true (the default) mimics existing
  behavior, but now you can use false to disable keepalive to reduce queue
  tail latency ([#3496])
* Add parameters to Puma methods to allow CI to change ENV in isolation
  ([#3485])
* Add ssl_ciphersuites option for TLSv1.3 ciphers ([#3359], [#3343])
* You can now use --threads 5 or threads 5 to config max/min threads with a
  single number (used to need to say 5:5) ([#3309])
* Option to turn off systemd plugin ([#3425], [#3424])
* Add on_stopped hook ([#3411], [#3380])

Bugfixes

* Handle blank environment variables when loading config ([#3539])
* lib/rack/handler/puma.rb - fix for rackup v1.0.1, adjust Gemfile
  ([#3532], [#3531])
* null_io.rb - add external_encoding, set_encoding, binmode, binmode?
  ([#3214])
* Implement NullIO#seek and #pos to mimic IO ([#3468])
* add support in rack handler & fix regression in binder for linux abstract
  namespace sockets ([#3508])
* Use actual thread local for Puma::Server.current. ([#3360])
* client.rb - fix request chunked body handling ([#3338], [#3337])
* Properly handle two requests seen in the initial buffer ([#3332])
* Fix response repeated status line when request is invalid or errors are
  raised ([#3308], [#3307])
* Fix child processes not being reaped when Process.detach used ([#3314],
  [#3313])

JRuby

* Make HTTP length constants configurable ([#3518])
* Fixup jruby_restart.rb & launcher.rb to work with ARM64 macOS JRuby
  ([#3467])

Performance

* Avoid checking if all workers reached timeout unless idle timeout is
  configured ([#3341])
* Request body - increase read size to 64 kB ([#3548])
* single mode skip wait_for_less_busy_worker ([#3325])

Refactor

* A ton of CI/test improvements by @MSP-Greg, as usual.
* Add ThreadPool#stats and adjust Server#stats to use it ([#3527])
* normalize whitespace in worker stats string ([#3513])
* rack/handler/puma.rb - ssl - use start_with?, add test ([#3510])
* extconf.rb - add logging for OpenSSL versions ([#3370])
* Lazily require Puma::Rack::Builder ([#3340])
* Refactor: Constantize worker pipe request types ([#3318])

Docs

* stats.md improvements ([#3514])
* control_cli.rb: Harmonize help message with bin/puma ([#3434])
* dsl.rb: Clarify a callback's argument ([#3435])

Log message:
www/ruby-puma: update to 6.4.3

6.4.3 (2024-09-19)

Security

* Discards any headers using underscores if the non-underscore version also
  exists.  Without this, an attacker could overwrite values set by
  intermediate proxies (e.g. X-Forwarded-For).
  (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)

Log message:
www/ruby-puma: update to 6.4.2

6.4.1 (2024-01-03)

Bugfixes

* DSL#warn_if_in_single_mode - fixup when workers set via CLI (#3256)
* Fix idle-timeout not working in cluster mode (#3235, #3228, #3282, #3283)
* Fix worker 0 timing out during phased restart (#3225, #2786)
* context_builder.rb - require openssl if verify_mode != 'none' (#3179)
* Make puma cluster process suitable as PID 1 (#3255)
* Improve Puma::NullIO consistency with real IO (#3276)
* extconf.rb - fixup to detect openssl info in Ruby build (#3271, #3266)
* MiniSSL.java - set serialVersionUID, fix RaiseException deprecation
  (#3270)
* dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set (#3265,
  #3264)

Maintenance

* LOTS of test refactoring to make tests more stable and easier to write -
  thanks to @MSP-Greg!
* Fix bug in tests re: TestPuma::HOST4 (#3254)
* Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed
  (#3245)
* fix define_method calls, use Symbol parameter instead of String (#3293)

6.4.2 (2024-01-08)

Security

* Limit the size of chunk extensions.  Without this limit, an attacker could
  cause unbounded resource (CPU, network bandwidth) consumption.
  (GHSA-c2f4-cvqm-65w2)

Log message:
www/ruby-puma: update to 6.4.0

6.4.0 (2023-09-21)

Features

* on_thread_exit hook ([#2920])
* on_thread_start_hook ([#3195])
* Shutdown on idle ([#3209], [#2580])
* New error message when control server port taken ([#3204])

Refactor

* Remove Forwardable dependency ([#3191], #3190)
* Update URLMap Regexp usage for Ruby v3.3 ([#3165])

Bugfixes

* Bring the cert_pem: parameter into parity with the cert: parameter to
  ssl_bind. ([#3174])
* Fix using control server with IPv6 host ([#3181])
* control_cli.rb - add require_relative 'log_writer' ([#3187])
* Fix cases where fallback Rack response wasn't sent to the client ([#3094])

Log message:
*: bump for openssl 3

Log message:
www/ruby-puma: update to 6.3.1

6.3.1 (2023-08-18)

Security

* Address HTTP request smuggling vulnerabilities with zero-length Content
  Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

Log message:
www/ruby-puma: update to 6.3.0

6.3.0 - Mugi No Toki Itaru (2023-05-31)

Japan has 72 traditional microseasons.  May 31 is the first day of 麦秋至,
which means the time of the wheat/barley harvest.

Features

* Add dsl method supported_http_methods ([#3106], [#3014])
* Puma error responses no longer have any fingerprints to indicate Puma
  ([#3161], [#3037])
* Support decryption of SSL key ([#3133], [#3132])

Bugfixes

* Don't send 103 early hints response when only invalid headers are used
  ([#3163])
* Handle malformed request path ([#3155], [#3148])
* Misc lib file fixes - trapping additional errors, CI helper ([#3129])
* Fixup req form data file upload with "r\n" line endings ([#3137])
* Restore rack 1.6 compatibility ([#3156])

Refactor

* const.rb - Update Puma::HTTP_STATUS_CODES ([#3162])
* Clarify Reactor#initialize ([#3151])

New Contributors

* @severin made their first contribution in #3156

Log message:
www/ruby-puma: update to 6.2.2

6.2.0 (2023-03-29)

Features

* Ability to supply a custom logger ([#2770], [#2511])
* Warn when clustered-only hooks are defined in single mode ([#3089])
* Adds the on_booted event ([#2709])

Bugfixes

* Loggers - internal_write - catch Errno::EINVAL ([#3091])
* commonlogger.rb - fix HIJACK time format, use constants, not strings
  ([#3074])
* Fixed some edge cases regarding request hijacking ([#3072])

6.2.1 (2023-03-31)

Bugfixes

* Fix java 8 compatibility ([#3109], [#3108])
* Always write io_buffer when in "enum bodies" branch. ([#3113], [#3112])
* Fix warn_if_in_single_mode incorrect message ([#3111])

6.2.2 (2023-04-17)

Bugfixes

* Fix Rack-related NameError by adding :: operator ([#3118], [#3117])

Log message:
www/ruby-puma: update to 6.1.1

6.1.1 Latest (2023-02-28)

Bugfixes

* We no longer try to use the systemd plugin for JRuby ([#3079])
* Allow ::Rack::Handler::Puma.run to work regardless of whether Rack/Rackup
  are loaded ([#3080])

Log message:
www/ruby-puma: update to 6.1.0

6.1.0 (2023-02-12)

Features

* WebSocket support via partial hijack ([#3058], [#3007])
* Add built-in systemd notify support ([#3011])
* Periodically send status to systemd ([#3006], [#2604])
* Introduce the ability to return 413: payload too large for requests
  ([#3040])
* Log loaded extensions when PUMA_DEBUG is set ([#3036], [#3020])

Bugfixes

* Fix issue with rack 3 compatibility re: rackup ([#3061], [#3057])
* Allow setting TCP low_latency with SSL listener ([#3065])

Performance

* Reduce memory usage for large file uploads ([#3062])