Skip to content
Commits on Feb 13, 2016
  1. @e2
Commits on Feb 9, 2016
  1. @thibaudgg

    Merge pull request #161 from mrzasa/patch-1

    Update gem version in readme to reflect #159
    thibaudgg committed Feb 9, 2016
  2. @mrzasa
Commits on Feb 4, 2016
  1. @e2

    Merge pull request #160 from guard/e2-refactor-websocket

    Refactor out HTTP layer from WebSocket + add specs
    e2 committed Feb 4, 2016
  2. @e2

    Refactor out HTTP layer from WebSocket + add specs

    - HTTP content-type possibly fixed (livereload.js file)
    - WebSocket layer should now be easier to replace
    - missing socket/http/streaming specs added
    e2 committed Feb 4, 2016
  3. @e2

    Update README.md

    Give @mikeycgto credits for discovering the vulnerability.
    e2 committed Feb 4, 2016
  4. @e2
  5. @e2

    Add and highlight security patch release

    - also move the maintainer information and gitter badge
    e2 committed Feb 4, 2016
  6. @e2

    Merge pull request #158 from guard/fix_path_traversal_vulnerability

    Prevent requesting arbitrary file paths via socket
    e2 committed Feb 4, 2016
  7. @e2

    Prevent requesting arbitrary file paths via socket

    In certain situations, specially crafted HTTP GET requests on the
    livereload socket (default: 35729) may cause any user readable file to
    be sent over that socket.
    
    Temporarily in this patch, requests for readable files now result in 403
    HTTP error responses. The exception is of course the file
    './livereload.js'.
    
    Security vulnerability example:
    
    Accessing the socket on localhost:35729 and requesting:
    
      ./../../etc/passwd (note the single leading dot)
    
    to be expanded to "../../../etc/passwd", which may effectively serve the
    contents of /etc/passwd.
    e2 committed Feb 4, 2016
Commits on Oct 28, 2015
  1. @e2

    Merge pull request #154 from gitter-badger/gitter-badge

    Add a Gitter chat badge to README.md
    e2 committed Oct 28, 2015
  2. @gitter-badger

    Add Gitter badge

    gitter-badger committed Oct 28, 2015
Commits on Oct 27, 2015
  1. @jibiel

    Merge pull request #153 from guard/change_travis_jruby_version

    Switch JRuby versions on Travis
    jibiel committed Oct 27, 2015
  2. @jibiel

    Bring on the SVG badges.

    jibiel committed Oct 27, 2015
  3. @e2

    switch to JRuby head on Travis

    e2 committed Oct 27, 2015
  4. @jibiel
  5. @jibiel

    Merge pull request #152 from guard/add_contributing_guide

    Add CONTRIBUTING.md [ci skip]
    jibiel committed Oct 27, 2015
  6. @jibiel
  7. @e2

    remove 1.9.x from tests

    e2 committed Oct 27, 2015
  8. @e2

    move to new Travis infrastructure

    e2 committed Oct 27, 2015
Commits on Oct 26, 2015
  1. @e2

    add CONTRIBUTING.md [ci skip]

    e2 committed Oct 27, 2015
  2. @e2

    Fixed Readme

    e2 committed Oct 26, 2015
  3. @e2
  4. @e2

    Release 2.5.1

    e2 committed Oct 26, 2015
  5. @e2

    Merge pull request #149 from guard/tmpfile_workaround

    missing tmpfile workaround (#148)
    e2 committed Oct 26, 2015
  6. @e2

    missing tmpfile workaround (#148)

    e2 committed Oct 26, 2015
Commits on Oct 20, 2015
  1. @e2

    Release 2.5.0

    e2 committed Oct 20, 2015
Commits on Oct 19, 2015
  1. @e2

    Merge pull request #147 from guard/e2-js_erb_config

    Allow customizing livereload.js with ERB
    e2 committed Oct 19, 2015
Commits on Oct 18, 2015
  1. @e2

    allow setting additionalWaitingTime in Guardfile

    See issue #123 for more info about the workaround
    e2 committed Oct 19, 2015
  2. @e2
Commits on Oct 17, 2015
  1. @e2

    Merge pull request #141 from felixbuenemann/kqueue-support

    Add Mac OS X kqueue support, silence epoll warning
    e2 committed Oct 17, 2015
  2. @e2
  3. @jibiel @e2
  4. @e2

    Merge pull request #146 from guard/template_specs

    Rework Guardfile template rules + add specs
    e2 committed Oct 17, 2015
  5. @e2

    more robust asset rules + specs

    e2 committed Oct 17, 2015
Something went wrong with that request. Please try again.