Supervisor

------------------

- Files included via the ``[include]`` section are read in sorted order. In
past versions, the order was undefined. Patch by Ionel Cristian Mărieș.

- ``supervisorctl start`` and ``supervisorctl stop`` now complete more quickly
when handling many processes. Thanks to Chris McDonough for this patch.
See: https://github.com/Supervisor/supervisor/issues/131

- Environment variables are now expanded for all config file options.
Patch by Dexter Tad-y.

- Added ``signalProcess``, ``signalProcessGroup``, and ``signalAllProcesses``
XML-RPC methods to supervisor RPC interface. Thanks to Casey Callendrello,
Marc Abramowitz, and Moriyoshi Koizumi for the patches.

- Added ``signal`` command to supervisorctl. Thanks to Moriyoshi Koizumi and
Marc Abramowitz for the patches.

- Errors caused by bad values in a config file now show the config section
to make debugging easier. Patch by Marc Abramowitz.

- Setting ``redirect_stderr=true`` in an ``[eventlistener:x]`` section is now
disallowed because any messages written to ``stderr`` would interfere
with the eventlistener protocol on ``stdout``.

- Fixed a bug where spawning a process could cause ``supervisord`` to crash
if an ``IOError`` occurred while setting up logging. One way this could
happen is if a log filename was accidentally set to a directory instead
of a file. Thanks to Grzegorz Nosek for reporting this issue.

- Fixed a bug introduced in 3.1.0 where ``supervisord`` could crash when
attempting to display a resource limit error.

- Fixed a bug where ``supervisord`` could crash with the message
``Assertion failed for processname: RUNNING not in STARTING`` if a time
change caused the last start time of the process to be in the future.
Thanks to Róbert Nagy, Sergey Leschenko, and samhair for the patches.

- A warning is now logged if an eventlistener enters the UNKNOWN state,
which usually indicates a bug in the eventlistener. Thanks to Steve
Winton and detailyang for reporting issues that led to this change.

- Errors from the web interface are now logged at the ``ERROR`` level.
Previously, they were logged at the ``TRACE`` level and easily
missed. Thanks to Thomas Güttler for reporting this issue.

- Fixed ``DeprecationWarning: Parameters to load are deprecated. Call
.resolve and .require separately.`` on setuptools >= 11.3.

- If ``redirect_stderr=true`` and ``stderr_logfile=auto``, no stderr log
file will be created. In previous versions, an empty stderr log file
would be created. Thanks to Łukasz Kożuchowski for the initial patch.

- Fixed an issue in Medusa that would cause ``supervisorctl tail -f`` to
disconnect if many other ``supervisorctl`` commands were run in parallel.
Patch by Stefan Friesel.

------------------

- Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability
was found where an authenticated client can send a malicious XML-RPC request
to ``supervisord`` that will run arbitrary shell commands on the server.
The commands will be run as the same user as ``supervisord``. Depending on
how ``supervisord`` has been configured, this may be root. See
https://github.com/Supervisor/supervisor/issues/964 for details.

------------------

- Fixed an XML-RPC bug where the ElementTree-based parser handled strings
like ``<value><string>hello</string></value>`` but not strings like
``<value>hello</value>``, which are valid in the XML-RPC spec. This
fixes compatibility with the Apache XML-RPC client for Java and
possibly other clients.

------------------

- Fixed a bug where ``tail group:*`` in ``supervisorctl`` would show a 500
Internal Server Error rather than a BAD_NAME fault.

- Fixed a bug where the web interface would show a 500 Internal Server Error
instead of an error message for some process start faults.

- Removed medusa files not used by Supervisor.

------------------

- Fixed a bug where ``supervisorctl tail -f name`` output would stop if log
rotation occurred while tailing.

- Prevent a crash when a greater number of file descriptors were attempted to
be opened than permitted by the environment when starting a bunch of
programs. Now, instead a spawn error is logged.

- Compute "channel delay" properly, fixing symptoms where a supervisorctl
start command would hang for a very long time when a process (or many
processes) are spewing to their stdout or stderr. See comments attached to
https://github.com/Supervisor/supervisor/pull/263 .

- Added ``docs/conf.py``, ``docs/Makefile``, and ``supervisor/scripts/*.py``
to the release package.

------------------

- The output of the ``start``, ``stop``, ``restart``, and ``clear`` commands
in ``supervisorctl`` has been changed to be consistent with the ``status``
command. Previously, the ``status`` command would show a process like
``foo:foo_01`` but starting that process would show ``foo_01: started``
(note the group prefix ``foo:`` was missing). Now, starting the process
will show ``foo:foo_01: started``. Suggested by Chris Wood.

- The ``status`` command in ``supervisorctl`` now supports group name
syntax: ``status group:*``.

- The process column in the table output by the ``status`` command in
``supervisorctl`` now expands to fit the widest name.

- The ``update`` command in ``supervisorctl`` now accepts optional group
names. When group names are specified, only those groups will be
updated. Patch by Gary M. Josack.

- Tab completion in ``supervisorctl`` has been improved and now works for
more cases. Thanks to Mathieu Longtin and Marc Abramowitz for the patches.

- Attempting to start or stop a process group in ``supervisorctl`` with the
``group:*`` syntax will now show the same error message as the ``process``
syntax if the name does not exist. Previously, it would show a Python
exception. Patch by George Ang.

- Added new ``PROCESS_GROUP_ADDED`` and ``PROCESS_GROUP_REMOVED`` events.
These events are fired when process groups are added or removed from
Supervisor's runtime configuration when using the ``add`` and ``remove``
commands in ``supervisorctl``. Patch by Brent Tubbs.

- Stopping a process in the backoff state now changes it to the stopped
state. Previously, an attempt to stop a process in backoff would be
ignored. Patch by Pascal Varet.

- The ``directory`` option is now expanded separately for each process in
a homogeneous process group. This allows each process to have its own
working directory. Patch by Perttu Ranta-aho.

- Removed ``setuptools`` from the ``requires`` list in ``setup.py`` because
it caused installation issues on some systems.

- Fixed a bug in Medusa where the HTTP Basic authorizer would cause an
exception if the password contained a colon. Thanks to Thomas Güttler
for reporting this issue.

- Fixed an XML-RPC bug where calling supervisor.clearProcessLogs() with a
name like ``group:*`` would cause a 500 Internal Server Error rather than
returning a BAD_NAME fault.

- Fixed a hang that could occur in ``supervisord`` if log rotation is used
and an outside program deletes an active log file. Patch by Magnus Lycka.

- A warning is now logged if a glob pattern in an ``[include]`` section does
not match any files. Patch by Daniel Hahler.