Supervisor

------------------

- Support for Python 3 has been added. On Python 3, Supervisor requires
Python 3.4 or later. Many thanks to Vinay Sajip, Scott Maxwell, Palm Kevin,
Tres Seaver, Marc Abramowitz, Son Nguyen, Shane Hathaway, Evan Andrews,
and Ethan Hann who all made major contributions to the Python 3 porting
effort. Thanks also to all contributors who submitted issue reports and
patches towards this effort.

- Support for Python 2.4, 2.5, and 2.6 has been dropped. On Python 2,
Supervisor now requires Python 2.7.

- The ``supervisor`` package is no longer a namespace package.

- The behavior of the config file expansion ``%(here)s`` has changed. In
previous versions, a bug caused ``%(here)s`` to always expand to the
directory of the root config file. Now, when ``%(here)s`` is used inside
a file included via ``[include]``, it will expand to the directory of
that file. Thanks to Alex Eftimie and Zoltan Toth-Czifra for the patches.

- The default value for the config file setting ``exitcodes=``, the expected
exit codes of a program, has changed. In previous versions, it was ``0,2``.
This caused issues with Golang programs where ``panic()`` causes the exit
code to be ``2``. The default value for ``exitcodes`` is now ``0``.

- An undocumented feature where multiple ``supervisorctl`` commands could be
combined on a single line separated by semicolons has been removed.

- ``supervisorctl`` will now set its exit code to a non-zero value when an
error condition occurs. Previous versions did not set the exit code for
most error conditions so it was almost always 0. Patch by Luke Weber.

- Added new ``stdout_syslog`` and ``stderr_syslog`` options to the config
file. These are boolean options that indicate whether process output will
be sent to syslog. Supervisor can now log to both files and syslog at the
same time. Specifying a log filename of ``syslog`` is still supported
but deprecated. Patch by Jason R. Coombs.

------------------

- FastCGI programs (``[fcgi-program:x]`` sections) can now be used in
groups (``[group:x]``). Patch by Florian Apolloner.

- Added a new ``socket_backlog`` option to the ``[fcgi-program:x]`` section
to set the listen(2) socket backlog. Patch by Nenad Merdanovic.

- Fixed a bug where ``SupervisorTransport`` (the XML-RPC transport used with
Unix domain sockets) did not close the connection when ``close()`` was
called on it. Patch by Jérome Perrin.

- Fixed a bug where ``supervisorctl start <name>`` could hang for a long time
if the system clock rolled back. Patch by Joe LeVeque.

------------------

- Fixed a race condition where ``supervisord`` would cancel a shutdown
already in progress if it received ``SIGHUP``. Now, ``supervisord`` will
ignore ``SIGHUP`` if shutdown is already in progress. Patch by Livanh.

- Fixed a bug where searching for a relative command ignored changes to
``PATH`` made in ``environment=``. Based on a patch by dongweiming.

- ``childutils.ProcessCommunicationsProtocol`` now does an explicit
``flush()`` after writing to ``stdout``.

- A more descriptive error message is now emitted if a name in the config
file contains a disallowed character. Patch by Rick van Hattem.

------------------

- Fixed a bug where rereading the configuration would not detect changes to
eventlisteners. Patch by Michael Ihde.

- Fixed a bug where the warning ``Supervisord is running as root and it is
searching for its config file`` may have been incorrectly shown by
``supervisorctl`` if its executable name was changed.

- Fixed a bug where ``supervisord`` would continue starting up if the
``[supervisord]`` section of the config file specified ``user=`` but
``setuid()`` to that user failed. It will now exit immediately if it
cannot drop privileges.

- Fixed a bug in the web interface where redirect URLs did not have a slash
between the host and query string, which caused issues when proxying with
Nginx. Patch by Luke Weber.

- When ``supervisord`` successfully drops privileges during startup, it is now
logged at the ``INFO`` level instead of ``CRIT``.

- The HTTP server now returns a Content-Type header specifying UTF-8 encoding.
This may fix display issues in some browsers. Patch by Katenkka.

------------------

- Fixed CVE-2017-11610. A vulnerability was found where an authenticated
client can send a malicious XML-RPC request to ``supervisord`` that will
run arbitrary shell commands on the server. The commands will be run as
the same user as ``supervisord``. Depending on how ``supervisord`` has been
configured, this may be root. See
https://github.com/Supervisor/supervisor/issues/964 for details.

------------------

- Fixed a bug introduced in 3.3.0 where the ``supervisorctl reload`` command
would crash ``supervisord`` with the error ``OSError: [Errno 9] Bad file
descriptor`` if the ``kqueue`` poller was used. Patch by Jared Suttles.

- Fixed a bug introduced in 3.3.0 where ``supervisord`` could get stuck in a
polling loop after the web interface was used, causing high CPU usage.
Patch by Jared Suttles.

- Fixed a bug where if ``supervisord`` attempted to start but aborted due to
another running instance of ``supervisord`` with the same config, the
pidfile of the running instance would be deleted. Patch by coldnight.

- Fixed a bug where ``supervisorctl fg`` would swallow most XML-RPC faults.
``fg`` now prints the fault and exits.

- Parsing the config file will now fail with an error message if a process
or group name contains a forward slash character (``/``) since it would
break the URLs used by the web interface.

- ``supervisorctl reload`` now shows an error message if an argument is
given. Patch by Joel Krauska.

- ``supervisorctl`` commands ``avail``, ``reread``, and ``version`` now show
an error message if an argument is given.