Skip to content
Commits on Feb 13, 2016
  1. @e2
Commits on Feb 9, 2016
  1. @thibaudgg

    Merge pull request #161 from mrzasa/patch-1

    thibaudgg committed Feb 9, 2016
    Update gem version in readme to reflect #159
  2. @mrzasa
Commits on Feb 4, 2016
  1. @e2

    Merge pull request #160 from guard/e2-refactor-websocket

    e2 committed Feb 4, 2016
    Refactor out HTTP layer from WebSocket + add specs
  2. @e2

    Refactor out HTTP layer from WebSocket + add specs

    e2 committed Feb 4, 2016
    - HTTP content-type possibly fixed (livereload.js file)
    - WebSocket layer should now be easier to replace
    - missing socket/http/streaming specs added
  3. @e2

    Update README.md

    e2 committed Feb 4, 2016
    Give @mikeycgto credits for discovering the vulnerability.
  4. @e2
  5. @e2

    Add and highlight security patch release

    e2 committed Feb 4, 2016
    - also move the maintainer information and gitter badge
  6. @e2

    Merge pull request #158 from guard/fix_path_traversal_vulnerability

    e2 committed Feb 4, 2016
    Prevent requesting arbitrary file paths via socket
  7. @e2

    Prevent requesting arbitrary file paths via socket

    e2 committed Feb 4, 2016
    In certain situations, specially crafted HTTP GET requests on the
    livereload socket (default: 35729) may cause any user readable file to
    be sent over that socket.
    
    Temporarily in this patch, requests for readable files now result in 403
    HTTP error responses. The exception is of course the file
    './livereload.js'.
    
    Security vulnerability example:
    
    Accessing the socket on localhost:35729 and requesting:
    
      ./../../etc/passwd (note the single leading dot)
    
    to be expanded to "../../../etc/passwd", which may effectively serve the
    contents of /etc/passwd.
Commits on Oct 28, 2015
  1. @e2

    Merge pull request #154 from gitter-badger/gitter-badge

    e2 committed Oct 28, 2015
    Add a Gitter chat badge to README.md
  2. @gitter-badger

    Add Gitter badge

    gitter-badger committed Oct 28, 2015
Commits on Oct 27, 2015
  1. @jibiel

    Merge pull request #153 from guard/change_travis_jruby_version

    jibiel committed Oct 27, 2015
    Switch JRuby versions on Travis
  2. @jibiel

    Bring on the SVG badges.

    jibiel committed Oct 27, 2015
  3. @e2

    switch to JRuby head on Travis

    e2 committed Oct 27, 2015
  4. @jibiel
  5. @jibiel

    Merge pull request #152 from guard/add_contributing_guide

    jibiel committed Oct 27, 2015
    Add CONTRIBUTING.md [ci skip]
  6. @jibiel
  7. @e2

    remove 1.9.x from tests

    e2 committed Oct 27, 2015
  8. @e2

    move to new Travis infrastructure

    e2 committed Oct 27, 2015
Commits on Oct 26, 2015
  1. @e2

    add CONTRIBUTING.md [ci skip]

    e2 committed Oct 27, 2015
  2. @e2

    Fixed Readme

    e2 committed Oct 26, 2015
  3. @e2
  4. @e2

    Release 2.5.1

    e2 committed Oct 26, 2015
  5. @e2

    Merge pull request #149 from guard/tmpfile_workaround

    e2 committed Oct 26, 2015
    missing tmpfile workaround (#148)
  6. @e2

    missing tmpfile workaround (#148)

    e2 committed Oct 26, 2015
Commits on Oct 20, 2015
  1. @e2

    Release 2.5.0

    e2 committed Oct 20, 2015
Commits on Oct 19, 2015
  1. @e2

    Merge pull request #147 from guard/e2-js_erb_config

    e2 committed Oct 19, 2015
    Allow customizing livereload.js with ERB
Commits on Oct 18, 2015
  1. @e2

    allow setting additionalWaitingTime in Guardfile

    e2 committed Oct 19, 2015
    See issue #123 for more info about the workaround
  2. @e2
Commits on Oct 17, 2015
  1. @e2

    Merge pull request #141 from felixbuenemann/kqueue-support

    e2 committed Oct 17, 2015
    Add Mac OS X kqueue support, silence epoll warning
  2. @e2
  3. @jibiel @e2
  4. @e2

    Merge pull request #146 from guard/template_specs

    e2 committed Oct 17, 2015
    Rework Guardfile template rules + add specs
  5. @e2

    more robust asset rules + specs

    e2 committed Oct 17, 2015
Something went wrong with that request. Please try again.