All notable changes to this project will be documented in this file.
6.0.0 - 2019-04-17
#safelistname argument (the first one) is now optional.
- Added support to subscribe only to specific event types via
ActiveSupport::Notifications, e.g. subscribe to the
ActiveSupport::Notificationsevent naming to comply with the recommneded format.
ActiveSupport::Notificationsevent so that the 5th yielded argument to the
#subscribemethod is now a
Hashinstead of a
Rack::Attack::Request, to comply with
ActiveSupports spec. The original request object is still accessible, being the value of the hash's
- Subscriptions via
"rack.attack"event will continue to work (receive event notifications), but it is going to be removed in a future version. Replace the event name with
/rack_attack/to continue to be subscribed to all events, or
"throttle.rack_attack"e.g. for specific type of events only.
- Removed support for ruby 2.2.
- Removed support for obsolete memcache-client as a cache store.
- Removed deprecated methods
5.4.2 - 2018-10-30
- Fix unexpected error when using
redis3 and any store which is not proxied
- Provide better information in
MisconfiguredStoreErrorexception message to aid end-user debugging
5.4.1 - 2018-09-29
ActiveSupport::Cache::MemCacheStorealso work as excepted when initialized with pool options (e.g.
pool_size). Thank you @jdelStrother.
5.4.0 - 2018-07-02
- Support "plain"
Redisas a cache store backend (#280). Thanks @bfad and @ryandv.
- When overwriting
Rack::Attack.throttled_responseyou can now access the exact epoch integer that was used for caching so your custom code is less prone to race conditions (#282). Thanks @doliveirakn.
- Explictly declare ancient
rack 0.xseries as incompatible in gemspec
5.3.2 - 2018-06-25
- Don't raise exception
The Redis cache store requires the redis gemwhen using
ActiveSupport::Cache::MemoryStoreas a cache store backend
5.3.1 - 2018-06-20
ActiveSupport::Cache::RedisCacheStorealso work as excepted when initialized with pool options (e.g.
5.3.0 - 2018-06-19
5.2.0 - 2018-03-29
- Shorthand for blocking an IP address
- Shorthand for blocking an IP subnet
- Shorthand for safelisting an IP address
- Shorthand for safelisting an IP subnet
- Throw helpful error message when using
allow2banbut cache store is misconfigured (#315)
- Throw helpful error message when using
fail2banbut cache store is misconfigured (#315)
5.1.0 - 2018-03-10
- Fixes edge case bug when using ruby 2.5.0 and redis #253 (#271)
- Throws errors with better semantics when missing or misconfigured store caches to aid in developers debugging their configs (#274)
- Removed legacy code that was originally intended for Rails 3 apps (#264)
5.0.1 - 2016-08-11
- Fixes arguments passed to deprecated internal methods. (#198)
5.0.0 - 2016-08-09
blacklistin favor of
blocklist. (#181, thanks @renee-travisci). To upgrade and fix deprecations, find and replace instances of
blocklist. If you reference
rack.attack.match_type, note that it will have values like
- Remove test coverage for unsupported ruby dependencies: ruby 2.0, activesupport 3.2/4.0, and dalli 1.
4.4.1 - 2016-02-17
- Fix a bug affecting apps using Redis::Store and ActiveSupport that could generate an error saying dalli was a required dependency. I learned all about ActiveSupport autoloading. (#165)
4.4.0 - 2016-02-10
- New: support for MemCacheStore (#153). Thanks @elhu.
- Some documentation and test harness improvements.
4.3.1 - 2015-12-18
- SECURITY FIX: Normalize request paths when using ActionDispatch. Thanks Andres Riancho at @includesecurity for reporting it.
- Remove support for ruby 1.9.x
- Add Code of Conduct
- Several documentation and testing improvements
4.3.0 - 2015-05-22
- Redis proxy passes
raw: true(thanks @stanhu)
- Redis supports
deletemethod to be consistent with Dalli (thanks @stanhu)
- Support the ability to reset Fail2Ban count and ban flag (thanks @stanhu)
4.2.0 - 2014-10-26
periodargument now takes a proc as well as a number (thanks @gsamokovarov)
- Invoke the
#, as per the Rack spec. (thanks @gsamokovarov)
4.1.1 - 2014-09-11
- Fix a race condition in throttles that could allow more requests than intended.
4.1.0 - 2014-05-22
- Tracks take an optional limit and period to only notify once a threshold is reached (similar to throttles). Thanks @chiliburger!
- Default throttled & blocklist responses have Content-Type: text/plain
- Rack::Attack.clear! resets tracks
4.0.1 - 2014-05-14
- Add throttle discriminator to rack env (thanks @blahed)
4.0.0 - 2014-04-28
- Implement proxy for Dalli with better Memcachier support. (thanks @hakanensari)
- Rack::Attack.new returns an instance to ease testing. (thanks @stevehodgkiss) [Changing a module to a class is not backwards compatible, hence v4.0.0.]
- Use Rack::Attack::Request subclass of Rack::Request for easier extending (thanks @tristandunn)
- Test more dalli versions.
3.0.0 - 2014-03-15
- Change default blocklisted response to 403 Forbidden (thanks @carpodaster).
- Fail gracefully when Redis store is not available; rescue exeption and don't throttle request. (thanks @wkimeria)
- TravisCI runs integration tests.
2.3.0 - 2013-10-11
- Allow throttle
limitargument to be a proc. (thanks @lunks)
- Add Allow2Ban, complement of Fail2Ban. (thanks @jormon)
- Improved TravisCI testing
2.2.1 - 2013-08-13
- Add license to gemspec
- Support ruby version 1.9.2
- Change default blocklisted response code from 503 to 401; throttled response from 503 to 429.
2.2.0 - 2013-06-20
- Fail2Ban filtering. See README for details. Thx @madlep!
- Introduce StoreProxy to more cleanly abstract cache stores. Thx @madlep.
2.1.1 - 2013-05-16
- Start keeping changelog
Redis::CommandErrorwhen using ActiveSupport numeric extensions (e.g.
- Remove unused variable
- Extract mandatory options to constants