All Versions
54
Latest Version
Avg Release Cycle
171 days
Latest Release
329 days ago

Changelog History
Page 2

  • v3.3.5 Changes

    December 22, 2018
    • ๐Ÿ›  Fixed a race condition where supervisord would cancel a shutdown already in progress if it received SIGHUP. Now, supervisord will ignore SIGHUP if shutdown is already in progress. Patch by Livanh.

    • ๐Ÿ›  Fixed a bug where searching for a relative command ignored changes to PATH made in environment=. Based on a patch by dongweiming.

    • childutils.ProcessCommunicationsProtocol now does an explicit flush() after writing to stdout.

    • A more descriptive error message is now emitted if a name in the config file contains a disallowed character. Patch by Rick van Hattem.

  • v3.3.4 Changes

    February 15, 2018
    • ๐Ÿ›  Fixed a bug where rereading the configuration would not detect changes to eventlisteners. Patch by Michael Ihde.

    • ๐Ÿ›  Fixed a bug where the warning Supervisord is running as root and it is searching for its config file may have been incorrectly shown by supervisorctl if its executable name was changed.

    • ๐Ÿ›  Fixed a bug where supervisord would continue starting up if the [supervisord] section of the config file specified user= but setuid() to that user failed. It will now exit immediately if it cannot drop privileges.

    • ๐Ÿ›  Fixed a bug in the web interface where redirect URLs did not have a slash between the host and query string, which caused issues when proxying with Nginx. Patch by Luke Weber.

    • When supervisord successfully drops privileges during startup, it is now logged at the INFO level instead of CRIT.

    • The HTTP server now returns a Content-Type header specifying UTF-8 encoding. This may fix display issues in some browsers. Patch by Katenkka.

  • v3.3.3 Changes

    July 24, 2017
    • ๐Ÿ›  Fixed CVE-2017-11610. A vulnerability was found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. See https://github.com/Supervisor/supervisor/issues/964 for details.
  • v3.3.2 Changes

    June 03, 2017
    • ๐Ÿ›  Fixed a bug introduced in 3.3.0 where the supervisorctl reload command would crash supervisord with the error OSError: [Errno 9] Bad file descriptor if the kqueue poller was used. Patch by Jared Suttles.

    • ๐Ÿ›  Fixed a bug introduced in 3.3.0 where supervisord could get stuck in a polling loop after the web interface was used, causing high CPU usage. Patch by Jared Suttles.

    • ๐Ÿ›  Fixed a bug where if supervisord attempted to start but aborted due to another running instance of supervisord with the same config, the pidfile of the running instance would be deleted. Patch by coldnight.

    • ๐Ÿ›  Fixed a bug where supervisorctl fg would swallow most XML-RPC faults. fg now prints the fault and exits.

    • ๐Ÿ“œ Parsing the config file will now fail with an error message if a process or group name contains a forward slash character (/) since it would break the URLs used by the web interface.

    • supervisorctl reload now shows an error message if an argument is given. Patch by Joel Krauska.

    • supervisorctl commands avail, reread, and version now show an error message if an argument is given.

  • v3.3.1 Changes

    August 02, 2016
    • ๐Ÿ›  Fixed an issue where supervisord could hang when responding to HTTP requests (including supervisorctl commands) if the system time was set back after supervisord was started.

    • โœ… Zope trackrefs, a debugging tool that was included in the tests directory but hadn't been used for years, has been removed.

  • v3.3.0 Changes

    May 14, 2016
    • ๐Ÿ“Š supervisord will now use kqueue, poll, or select to monitor its file descriptors, in that order, depending on what is available on the system. Previous versions used select only and would crash with the error ValueError: filedescriptor out of range in select() when running a large number of subprocesses (whatever number resulted in enough file descriptors to exceed the fixed-size file descriptor table used by select, which is typically 1024). Patch by Igor Sobreira.

    • /etc/supervisor/supervisord.conf has been added to the config file search paths. Many versions of Supervisor packaged for Debian and Ubuntu have included a patch that added this path. This difference was reported in a number of tickets as a source of confusion and upgrade difficulties, so the path has been added. Patch by Kelvin Wong.

    • ๐Ÿ‘ Glob patterns in the [include] section now support the host_node_name expansion. Patch by Paul Lockaby.

    • Files included via the [include] section are now logged at the INFO level instead of WARN. Patch by Daniel Hahler.

  • v3.2.4 Changes

    July 24, 2017
    • ๐Ÿ›  Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability was found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. See https://github.com/Supervisor/supervisor/issues/964 for details.
  • v3.2.3 Changes

    March 19, 2016
    • 400 Bad Request is now returned if an XML-RPC request is received with invalid body data. In previous versions, 500 Internal Server Error was returned.
  • v3.2.2 Changes

    March 04, 2016
    • ๐Ÿ“œ Parsing the config file will now fail with an error message if an inet_http_server or unix_http_server section contains a username= but no password=. In previous versions, supervisord would start with this invalid configuration but the HTTP server would always return a 500 Internal Server Error. Thanks to Chris Ergatides for reporting this issue.
  • v3.2.1 Changes

    February 06, 2016
    • ๐Ÿ›  Fixed a server exception OverflowError: int exceeds XML-RPC limits that made supervisorctl status unusable if the system time was far into the future. The XML-RPC API returns timestamps as XML-RPC integers, but timestamps will exceed the maximum value of an XML-RPC integer in January 2038 ("Year 2038 Problem"). For now, timestamps exceeding the maximum integer will be capped at the maximum to avoid the exception and retain compatibility with existing API clients. In a future version of the API, the return type for timestamps will be changed.