Release notes
*Sourced from [puma's releases](https://github.com/puma/puma/releases).*
> v3.12.1
>
> ## v3.11.4
> No release notes provided.
>
> ## 3.11.0 - Love Song
> ![download](https://user-images.githubusercontent.com/845662/33029347-9523b5a0-cdd5-11e7-9265-07410aefee52.png)
>
> * 2 features:
> * HTTP 103 Early Hints ([#1403](https://github-redirect.dependabot.com/puma/puma/issues/1403))
> * 421/451 status codes now have correct status messages attached ([#1435](https://github-redirect.dependabot.com/puma/puma/issues/1435))
>
> * 9 bugfixes:
> * Environment config files (/config/puma/.rb) load correctly ([#1340](https://github-redirect.dependabot.com/puma/puma/issues/1340))
> * Specify windows dependencies correctly ([#1434](https://github-redirect.dependabot.com/puma/puma/issues/1434), [#1436](https://github-redirect.dependabot.com/puma/puma/issues/1436))
> * puma/events required in test helper ([#1418](https://github-redirect.dependabot.com/puma/puma/issues/1418))
> * Correct control CLI's option help text ([#1416](https://github-redirect.dependabot.com/puma/puma/issues/1416))
> * Remove a warning for unused variable in mini_ssl ([#1409](https://github-redirect.dependabot.com/puma/puma/issues/1409))
> * Correct pumactl docs argument ordering ([#1427](https://github-redirect.dependabot.com/puma/puma/issues/1427))
> * Fix an uninitialized variable warning in server.rb ([#1430](https://github-redirect.dependabot.com/puma/puma/issues/1430))
> * Fix docs typo/error in Launcher init ([#1429](https://github-redirect.dependabot.com/puma/puma/issues/1429))
> * Deal with leading spaces in RUBYOPT ([#1455](https://github-redirect.dependabot.com/puma/puma/issues/1455))
>
> * 2 other:
> * Add docs about internals ([#1425](https://github-redirect.dependabot.com/puma/puma/issues/1425), [#1452](https://github-redirect.dependabot.com/puma/puma/issues/1452))
> * Tons of test fixes from [@MSP-Greg](https://github.com/MSP-Greg) ([#1439](https://github-redirect.dependabot.com/puma/puma/issues/1439), [#1442](https://github-redirect.dependabot.com/puma/puma/issues/1442), [#1464](https://github-redirect.dependabot.com/puma/puma/issues/1464))
>
> ## 3.10.0 - Russell's Teapot
> ![teapot](https://user-images.githubusercontent.com/845662/29429700-d6c9e8e8-834e-11e7-8bc4-192b6e893838.jpg)
>
> * 3 features:
> * The status server has a new /gc and /gc-status command. ([#1384](https://github-redirect.dependabot.com/puma/puma/issues/1384))
> * The persistent and first data timeouts are now configurable ([#1111](https://github-redirect.dependabot.com/puma/puma/issues/1111))
> * Implemented RFC 2324 ([#1392](https://github-redirect.dependabot.com/puma/puma/issues/1392))
>
> * 12 bugfixes:
> * Not really a Puma bug, but [@NickolasVashchenko](https://github.com/NickolasVashchenko) created a gem to workaround a Ruby bug that some users of Puma may be experiencing. See README for more. ([#1347](https://github-redirect.dependabot.com/puma/puma/issues/1347))
> * Fix hangups with SSL and persistent connections. ([#1334](https://github-redirect.dependabot.com/puma/puma/issues/1334))
> * Fix Rails double-binding to a port ([#1383](https://github-redirect.dependabot.com/puma/puma/issues/1383))
> * Fix incorrect thread names ([#1368](https://github-redirect.dependabot.com/puma/puma/issues/1368))
> * Fix issues with /etc/hosts and JRuby where localhost addresses were not correct. ([#1318](https://github-redirect.dependabot.com/puma/puma/issues/1318))
> * Fix compatibility with RUBYOPT="--enable-frozen-string-literal" ([#1376](https://github-redirect.dependabot.com/puma/puma/issues/1376))
> * Fixed some compiler warnings ([#1388](https://github-redirect.dependabot.com/puma/puma/issues/1388))
> * We actually run the integration tests in CI now ([#1390](https://github-redirect.dependabot.com/puma/puma/issues/1390))
> * No longer shipping unnecessary directories in the gemfile ([#1391](https://github-redirect.dependabot.com/puma/puma/issues/1391))
> * If RUBYOPT is nil, we no longer blow up on restart. ([#1385](https://github-redirect.dependabot.com/puma/puma/issues/1385))
> * Correct response to SIGINT ([#1377](https://github-redirect.dependabot.com/puma/puma/issues/1377))
> * Proper exit code returned when we receive a TERM signal ([#1337](https://github-redirect.dependabot.com/puma/puma/issues/1337))
>
> * 3 refactors:
> ... (truncated)
Changelog
*Sourced from [puma's changelog](https://github.com/puma/puma/blob/master/History.md).*
> ## 4.3.1 and 3.12.2 / 2019-12-05
>
> * Security
> * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770.
>
> ## 4.3.0 / 2019-11-07
>
> * Features
> * Strip whitespace at end of HTTP headers ([#2010](https://github-redirect.dependabot.com/puma/puma/issues/2010))
> * Optimize HTTP parser for JRuby ([#2012](https://github-redirect.dependabot.com/puma/puma/issues/2012))
> * Add SSL support for the control app and cli ([#2046](https://github-redirect.dependabot.com/puma/puma/issues/2046), [#2052](https://github-redirect.dependabot.com/puma/puma/issues/2052))
>
> * Bugfixes
> * Fix Errno::EINVAL when SSL is enabled and browser rejects cert ([#1564](https://github-redirect.dependabot.com/puma/puma/issues/1564))
> * Fix pumactl defaulting puma to development if an environment was not specified ([#2035](https://github-redirect.dependabot.com/puma/puma/issues/2035))
> * Fix closing file stream when reading pid from pidfile ([#2048](https://github-redirect.dependabot.com/puma/puma/issues/2048))
> * Fix a typo in configuration option `--extra_runtime_dependencies` ([#2050](https://github-redirect.dependabot.com/puma/puma/issues/2050))
>
> ## 4.2.1 / 2019-10-07
>
> * 3 bugfixes
> * Fix socket activation of systemd (pre-existing) unix binder files ([#1842](https://github-redirect.dependabot.com/puma/puma/issues/1842), [#1988](https://github-redirect.dependabot.com/puma/puma/issues/1988))
> * Deal with multiple calls to bind correctly ([#1986](https://github-redirect.dependabot.com/puma/puma/issues/1986), [#1994](https://github-redirect.dependabot.com/puma/puma/issues/1994), [#2006](https://github-redirect.dependabot.com/puma/puma/issues/2006))
> * Accepts symbols for `verify_mode` ([#1222](https://github-redirect.dependabot.com/puma/puma/issues/1222))
>
> ## 4.2.0 / 2019-09-23
>
> * 6 features
> * Pumactl has a new -e environment option and reads `config/puma/.rb` config files ([#1885](https://github-redirect.dependabot.com/puma/puma/issues/1885))
> * Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine ([#1934](https://github-redirect.dependabot.com/puma/puma/issues/1934))
> * Allow extra dependencies to be defined when using prune_bundler ([#1105](https://github-redirect.dependabot.com/puma/puma/issues/1105))
> * Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost ([#1786](https://github-redirect.dependabot.com/puma/puma/issues/1786))
> * Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces ([#1320](https://github-redirect.dependabot.com/puma/puma/issues/1320))
> * Puma threads all now have their name set on Ruby 2.3+ ([#1968](https://github-redirect.dependabot.com/puma/puma/issues/1968))
> * 4 bugfixes
> * Fix some misbehavior with phased restart and externally SIGTERMed workers ([#1908](https://github-redirect.dependabot.com/puma/puma/issues/1908), [#1952](https://github-redirect.dependabot.com/puma/puma/issues/1952))
> * Fix socket closing on error ([#1941](https://github-redirect.dependabot.com/puma/puma/issues/1941))
> * Removed unnecessary SIGINT trap for JRuby that caused some race conditions ([#1961](https://github-redirect.dependabot.com/puma/puma/issues/1961))
> * Fix socket files being left around after process stopped ([#1970](https://github-redirect.dependabot.com/puma/puma/issues/1970))
> * Absolutely thousands of lines of test improvements and fixes thanks to [@MSP-Greg](https://github.com/MSP-Greg)
>
> ## 4.1.1 / 2019-09-05
>
> * 3 bugfixes
> * Revert our attempt to not dup STDOUT/STDERR ([#1946](https://github-redirect.dependabot.com/puma/puma/issues/1946))
> * Fix socket close on error ([#1941](https://github-redirect.dependabot.com/puma/puma/issues/1941))
> * Fix workers not shutting down correctly ([#1908](https://github-redirect.dependabot.com/puma/puma/issues/1908))
>
> ## 4.1.0 / 2019-08-08
>
> ... (truncated)
Commits
- [`bb29fc7`](https://github.com/puma/puma/commit/bb29fc7fe8f822d0f72706a1ae86e49af3476777) 3.12.2
- [`058df12`](https://github.com/puma/puma/commit/058df12b78e7d1ec661c3b8777f26a736c26675b) 4.3.1 and 4.2.1 release notes
- [`06053e6`](https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e) Merge pull request from GHSA-7xx3-m584-x994
- [`461c9e9`](https://github.com/puma/puma/commit/461c9e99783e5f69e632acedae83be55017d5fe4) Docs files
- [`7e2c88d`](https://github.com/puma/puma/commit/7e2c88d4131a1a70f551287e49b8f527d29d0469) v3.12.1
- [`36964ec`](https://github.com/puma/puma/commit/36964ec42982d7b3205760bc2bf9ccf3fec8af69) Merge pull request [#1700](https://github-redirect.dependabot.com/puma/puma/issues/1700) from schneems/schneems/fix-puma-rack-handler-config
- [`c24c0c8`](https://github.com/puma/puma/commit/c24c0c883496f581d9092bbe7f7431129eeb7190) Rack handler should use provided default host
- [`e5d566e`](https://github.com/puma/puma/commit/e5d566ed81f3663d70f0318f8bf3d858734cb74b) Merge pull request [#1682](https://github-redirect.dependabot.com/puma/puma/issues/1682) from MSP-Greg/update-travis-ruby
- [`cecc44a`](https://github.com/puma/puma/commit/cecc44aa0ae326e46031b48023253d08df706455) Merge pull request [#1701](https://github-redirect.dependabot.com/puma/puma/issues/1701) from schneems/schneems/m
- [`ce57cfb`](https://github.com/puma/puma/commit/ce57cfb8c3c8259cda13c322de32dd4ff07ec03a) Allow running individual tests via the `m` gem.
- Additional commits viewable in [compare view](https://github.com/puma/puma/compare/v2.14.0...v3.12.2)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LocalOrbit/localorbit/network/alerts).
Bumps puma from 2.14.0 to 3.12.2.
Release notes
*Sourced from [puma's releases](https://github.com/puma/puma/releases).* > v3.12.1 > > ## v3.11.4 > No release notes provided. > > ## 3.11.0 - Love Song > ![download](https://user-images.githubusercontent.com/845662/33029347-9523b5a0-cdd5-11e7-9265-07410aefee52.png) > > * 2 features: > * HTTP 103 Early Hints ([#1403](https://github-redirect.dependabot.com/puma/puma/issues/1403)) > * 421/451 status codes now have correct status messages attached ([#1435](https://github-redirect.dependabot.com/puma/puma/issues/1435)) > > * 9 bugfixes: > * Environment config files (/config/puma/Changelog
*Sourced from [puma's changelog](https://github.com/puma/puma/blob/master/History.md).* > ## 4.3.1 and 3.12.2 / 2019-12-05 > > * Security > * Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770. > > ## 4.3.0 / 2019-11-07 > > * Features > * Strip whitespace at end of HTTP headers ([#2010](https://github-redirect.dependabot.com/puma/puma/issues/2010)) > * Optimize HTTP parser for JRuby ([#2012](https://github-redirect.dependabot.com/puma/puma/issues/2012)) > * Add SSL support for the control app and cli ([#2046](https://github-redirect.dependabot.com/puma/puma/issues/2046), [#2052](https://github-redirect.dependabot.com/puma/puma/issues/2052)) > > * Bugfixes > * Fix Errno::EINVAL when SSL is enabled and browser rejects cert ([#1564](https://github-redirect.dependabot.com/puma/puma/issues/1564)) > * Fix pumactl defaulting puma to development if an environment was not specified ([#2035](https://github-redirect.dependabot.com/puma/puma/issues/2035)) > * Fix closing file stream when reading pid from pidfile ([#2048](https://github-redirect.dependabot.com/puma/puma/issues/2048)) > * Fix a typo in configuration option `--extra_runtime_dependencies` ([#2050](https://github-redirect.dependabot.com/puma/puma/issues/2050)) > > ## 4.2.1 / 2019-10-07 > > * 3 bugfixes > * Fix socket activation of systemd (pre-existing) unix binder files ([#1842](https://github-redirect.dependabot.com/puma/puma/issues/1842), [#1988](https://github-redirect.dependabot.com/puma/puma/issues/1988)) > * Deal with multiple calls to bind correctly ([#1986](https://github-redirect.dependabot.com/puma/puma/issues/1986), [#1994](https://github-redirect.dependabot.com/puma/puma/issues/1994), [#2006](https://github-redirect.dependabot.com/puma/puma/issues/2006)) > * Accepts symbols for `verify_mode` ([#1222](https://github-redirect.dependabot.com/puma/puma/issues/1222)) > > ## 4.2.0 / 2019-09-23 > > * 6 features > * Pumactl has a new -e environment option and reads `config/puma/Commits
- [`bb29fc7`](https://github.com/puma/puma/commit/bb29fc7fe8f822d0f72706a1ae86e49af3476777) 3.12.2 - [`058df12`](https://github.com/puma/puma/commit/058df12b78e7d1ec661c3b8777f26a736c26675b) 4.3.1 and 4.2.1 release notes - [`06053e6`](https://github.com/puma/puma/commit/06053e60908074bb38293d4449ea261cb009b53e) Merge pull request from GHSA-7xx3-m584-x994 - [`461c9e9`](https://github.com/puma/puma/commit/461c9e99783e5f69e632acedae83be55017d5fe4) Docs files - [`7e2c88d`](https://github.com/puma/puma/commit/7e2c88d4131a1a70f551287e49b8f527d29d0469) v3.12.1 - [`36964ec`](https://github.com/puma/puma/commit/36964ec42982d7b3205760bc2bf9ccf3fec8af69) Merge pull request [#1700](https://github-redirect.dependabot.com/puma/puma/issues/1700) from schneems/schneems/fix-puma-rack-handler-config - [`c24c0c8`](https://github.com/puma/puma/commit/c24c0c883496f581d9092bbe7f7431129eeb7190) Rack handler should use provided default host - [`e5d566e`](https://github.com/puma/puma/commit/e5d566ed81f3663d70f0318f8bf3d858734cb74b) Merge pull request [#1682](https://github-redirect.dependabot.com/puma/puma/issues/1682) from MSP-Greg/update-travis-ruby - [`cecc44a`](https://github.com/puma/puma/commit/cecc44aa0ae326e46031b48023253d08df706455) Merge pull request [#1701](https://github-redirect.dependabot.com/puma/puma/issues/1701) from schneems/schneems/m - [`ce57cfb`](https://github.com/puma/puma/commit/ce57cfb8c3c8259cda13c322de32dd4ff07ec03a) Allow running individual tests via the `m` gem. - Additional commits viewable in [compare view](https://github.com/puma/puma/compare/v2.14.0...v3.12.2)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/LocalOrbit/localorbit/network/alerts).