Releases · puma/puma

7.0.0

Breaking changes
- Set default max_keep_alive to 999 ([#3719])
- Increase persistent_timeout default to 65 seconds ([#3378])
- Raise an ArgumentError if no block given to hooks ([#3377])
- Don't set env['HTTP_VERSION'] for Rack > 3.1 ([#3711], [#3576])
- Runner.rb - remove ruby_engine method, deprecated Nov-2024 ([#3701])
- Set conditional config defaults after CLI options are parsed and config files are loaded ([#3297])
- Response headers set to lowercase ([#3704])
- Update minimum Ruby version to 3.0 ([#3698])
- Rename callback hooks ([#3438])

Old hook name	New hook name
on_worker_boot	before_worker_boot
on_worker_shutdown	before_worker_shutdown
on_restart	before_restart
on_booted	after_booted
on_stopped	after_stopped
on_refork	before_refork
on_thread_start	before_thread_start
on_thread_exit	before_thread_exit
on_worker_fork	before_worker_fork

Features
- Fix long tail response problem with keepalive connections ([#3678]) (Previously released in 7.0.0.pre1, this was a high effort change)
- Introduce support for fiber-per-request. ([#3101])
- Add support for rack.response_finished ([#3681])
- Feature/support custom logger with request logs ([#3140])
Bugfixes
- Fixes a bug where triggering hooks in the ThreadPool fails ([#3716])
- Fix error_logger inproperly logging env[QUERY_STRING] ([#3713], [#3625])
- Fix handling of invalid Transfer-Encoding header errors ([#3702])
- Fix socket leak on monitor wakeup NoMethodError in Reactor#select_loop ([#3696], [#3695])
- CI: puma_socket.rb fixup socket/request writes ([#3684])
- Warn when RUBY_MN_THREADS env var is set ([#3721])
- Improve the DSL preload_app! doc ([#3712])
- Fix the ability to focus individual tests ([#3705])
- Set env['rack.hijack'] to client.method(:full_hijack) ([#3073])
Performance
- server.rb - initialize ivars @reactor and @env_set_http_version ([#3714])
Refactor
- Simplify Puma::DSL#process_hook logic ([#3710])
- Dry up deprecation warnings and fix deprecation warnings when running CI. ([#3709], [#3708])
- Ensure and enforce that configs are loaded before options are accessed ([#3616])

Changed
- Fix long tail response problem with keepalive connections ([#3678])

Please try this release and report issues on the tracker if you have a problem.

6.6.1 / 2025-07-30

Bugfixes
- Accept to_path to be nil on request bodies ([#3635])
- Fix single runner stats before the server start ([#3572])
- Fix incomplete worker boot state on refork ([#3601])
- Improve HttpParserError messages for better debugging ([#3586])
- Fix refork logs to distinguish from phased restarts ([#3598])
- Fix rack.after_reply so it doesn't interrupt chain on error ([#3680])

Some stuff for JRuby users (SIGUSR2 trap), reforkers (see below), and a few debug/logging/observability related goodies.

Features
- Option to turn off SIGUSR2 trapping ([#3570], [#3567])
- Shorten ThreadPool trimmer and reaper thread names ([#3383])
- Add after_refork hook ([#3386])
- Add busy threads stat ([#3517])
- Add a debug log before running each type of hook ([#3375])
- Allow alternative schemes in Binder ([#3348], [#3302])
- Avoid spawning Threadpool#trim thread if pool size is fixed ([#3384])
Bugfixes
- Change HttpParserError to be subclass of StandardError ([#3590], [#3552])
- added test cases
- fix update phased restart symlink folder
Performance
- Only ping worker 0 during phased restart if using fork worker ([#3568])
Refactor
- Fix multi-delimiter split to get status app token ([#3505])
- Change ping to use const ([#3595])
- Fixup use of Puma::Const::PipeRequest constants ([#3565])
- Update DSL hook processing logic to be consistent ([#3376])

@nateberkopec

They say good things come to wait, and you've all had to wait a long time for 6.5.0 because @nateberkopec had another daughter: Sky!

Features
- Print RUBY_DESCRIPTION when Puma starts ([#3407])
- Set the worker process count automatically when using WEB_CONCURRENCY=auto ([#3439], [#3437])
- Mark as ractor-safe ([#3486], [#3422])
- Add option enable_keep_alives. true (the default) mimics existing behavior, but now you can use false to disable keepalive to reduce queue tail latency ([#3496])
- Add parameters to Puma methods to allow CI to change ENV in isolation ([#3485])
- Add ssl_ciphersuites option for TLSv1.3 ciphers ([#3359], [#3343])
- You can now use --threads 5 or threads 5 to config max/min threads with a single number (used to need to say 5:5) ([#3309])
- Option to turn off systemd plugin ([#3425], [#3424])
- Add on_stopped hook ([#3411], [#3380])
Bugfixes
- Handle blank environment variables when loading config ([#3539])
- lib/rack/handler/puma.rb - fix for rackup v1.0.1, adjust Gemfile ([#3532], [#3531])
- null_io.rb - add external_encoding, set_encoding, binmode, binmode? ([#3214])
- Implement NullIO#seek and #pos to mimic IO ([#3468])
- add support in rack handler & fix regression in binder for linux abstract namespace sockets ([#3508])
- Use actual thread local for Puma::Server.current. ([#3360])
- client.rb - fix request chunked body handling ([#3338], [#3337])
- Properly handle two requests seen in the initial buffer ([#3332])
- Fix response repeated status line when request is invalid or errors are raised ([#3308], [#3307])
- Fix child processes not being reaped when Process.detach used ([#3314], [#3313])
JRuby
- Make HTTP length constants configurable ([#3518])
- Fixup jruby_restart.rb & launcher.rb to work with ARM64 macOS JRuby ([#3467])
Performance
- Avoid checking if all workers reached timeout unless idle timeout is configured ([#3341])
- Request body - increase read size to 64 kB ([#3548])
- single mode skip wait_for_less_busy_worker ([#3325])
Refactor
- A ton of CI/test improvements by @MSP-Greg, as usual.
- Add ThreadPool#stats and adjust Server#stats to use it ([#3527])
- normalize whitespace in worker stats string ([#3513])
- rack/handler/puma.rb - ssl - use start_with?, add test ([#3510])
- extconf.rb - add logging for OpenSSL versions ([#3370])
- Lazily require Puma::Rack::Builder ([#3340])
- Refactor: Constantize worker pipe request types ([#3318])
Docs
- stats.md improvements ([#3514])
- control_cli.rb: Harmonize help message with bin/puma ([#3434])
- dsl.rb: Clarify a callback's argument ([#3435])
- lib/rack/handler/puma.rb - relocate and fixup module comment ([#3495])

Security
- Discards any headers using underscores if the non-underscore version also exists. Without this, an attacker could overwrite values set by intermediate proxies (e.g. X-Forwarded-For). (CVE-2024-45614/GHSA-9hf4-67fc-4vf4)

Security
- Limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. (GHSA-c2f4-cvqm-65w2)

@MSP-Greg

Bugfixes
- DSL#warn_if_in_single_mode - fixup when workers set via CLI ([#3256])
- Fix idle-timeout not working in cluster mode ([#3235], [#3228], [#3282], [#3283])
- Fix worker 0 timing out during phased restart ([#3225], [#2786])
- context_builder.rb - require openssl if verify_mode != 'none' ([#3179])
- Make puma cluster process suitable as PID 1 ([#3255])
- Improve Puma::NullIO consistency with real IO ([#3276])
- extconf.rb - fixup to detect openssl info in Ruby build ([#3271], [#3266])
- MiniSSL.java - set serialVersionUID, fix RaiseException deprecation ([#3270])
- dsl.rb - fix warn_if_in_single_mode when WEB_CONCURRENCY is set ([#3265], [#3264])
Maintenance
- LOTS of test refactoring to make tests more stable and easier to write - thanks to @MSP-Greg!
- Fix bug in tests re: TestPuma::HOST4 ([#3254])
- Dockerfile for minimal repros: use Ruby 3.2, expect bundler installed ([#3245])
- fix define_method calls, use Symbol parameter instead of String ([#3293])
Docs
- README.md - add the puma-acme plugin ([#3301])
- Remove --keep-file-descriptors flag from systemd docs ([#3248])
- Note symlink mechanism in restart documentation for hot restart ([#3298])

America is #1 in professional cycling, baby!

Features
- on_thread_exit hook ([#2920])
- on_thread_start_hook ([#3195])
- Shutdown on idle ([#3209], [#2580])
- New error message when control server port taken ([#3204])
Refactor
- Remove Forwardable dependency ([#3191], #3190)
- Update URLMap Regexp usage for Ruby v3.3 ([#3165])
Bugfixes
- Bring the cert_pem: parameter into parity with the cert: parameter to ssl_bind. ([#3174])
- Fix using control server with IPv6 host ([#3181])
- control_cli.rb - add require_relative 'log_writer' ([#3187])
- Fix cases where fallback Rack response wasn't sent to the client ([#3094])

Security
- Address HTTP request smuggling vulnerabilities with zero-length Content Length header and trailer fields (GHSA-68xg-gqqm-vgj8)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

7.0.0

Uh oh!

Uh oh!

6.6.1 / 2025-07-30

Uh oh!

Uh oh!

Contributors

Uh oh!

Uh oh!

Uh oh!

Contributors

Uh oh!

Uh oh!

Uh oh!

Releases: puma/puma

v7.0.0 - Romantic Warrior

7.0.0

Uh oh!

v7.0.0.pre1

Uh oh!

v6.6.1

6.6.1 / 2025-07-30

Uh oh!

6.6.0 - Return to Forever

Uh oh!

6.5.0 - Sky's Version

Contributors

Uh oh!

6.4.3

Uh oh!

6.4.2

Uh oh!

6.4.1

Contributors

Uh oh!

6.4.0 - The Eagle of Durango

Uh oh!

6.3.1

Uh oh!