1.0031

Changes

@@ -1,20 +1,24 @@
 Go to http://github.com/plack/Plack/issues for the roadmap and known issues.
 
 {{$NEXT}}
+
+1.0031  2014-08-01 13:19:14 PDT
     [SECURITY]
         - Plack::App::File would previously strip trailing slashes off
-          provided paths.
-
-          This in combination with the common pattern of dynamically
-          generating some files in a tree and serving the rest up with
-          Plack::Middleware::Static could allow an attacker to bypass
-          a whitelist of generated files by just requesting
-          /file.disallowed/ instead of /file.disallowed, provided that
-          Plack::Middleware::Static was used for all paths except
-          those matching /\.disallowed$/
+          provided paths. This in combination with the common pattern
+          of serving files with Plack::Middleware::Static could allow
+          an attacker to bypass a whitelist of generated files (avar) #446
 
     [IMPROVEMENTS]
+        - Let HTTP::Message::PSGI warn in case of invalid PSGI response (wchristian) #437
+        - Update documentation on how response_cb works with writer (doy)
+        - Make AccessLog work on non-POSIX environment (dex4er) #442
         - Plack::App::WrapCGI no longer warns under 5.19.9 (frew)
+        - Avoid Rosetta Flash attack in JSONP middleware (nichtich) #464
+        - Fix Plack::Util::inline_object to make it work with can() as a class method
+
+    [NEW FEATURES]
+        - Add $req->query_string shortcut to access QUERY_STRING in PSGI environment
 
 1.0030  2013-11-23 08:54:01 CET
     [IMPROVEMENTS]

META.json

@@ -4,7 +4,7 @@
       "Tatsuhiko Miyagawa"
    ],
    "dynamic_config" : 0,
-   "generated_by" : "Dist::Milla version v1.0.4, Dist::Zilla version 5.006, CPAN::Meta::Converter version 2.132830",
+   "generated_by" : "Dist::Milla version v1.0.5, Dist::Zilla version 5.020, CPAN::Meta::Converter version 2.142060",
    "license" : [
       "perl_5"
    ],
@@ -26,8 +26,8 @@
    "prereqs" : {
       "configure" : {
          "requires" : {
-            "ExtUtils::MakeMaker" : "6.30",
-            "File::ShareDir::Install" : "0.03"
+            "ExtUtils::MakeMaker" : "0",
+            "File::ShareDir::Install" : "0.06"
          }
       },
       "develop" : {
@@ -95,18 +95,20 @@
          "web" : "https://github.com/plack/Plack"
       }
    },
-   "version" : "1.0030",
+   "version" : "1.0031",
    "x_authority" : "cpan:MIYAGAWA",
    "x_contributors" : [
       "Aaron Trevena <aaron.trevena@gmail.com>",
-      "Alex J. G. Burzy\u0144ski <ajgb@cpan.org>",
+      "Alex J. G. Burzyński <ajgb@cpan.org>",
       "Alexandr Ciornii <alexchorny@gmail.com>",
       "Andrew Rodland <andrew@cleverdomain.org>",
       "Andy Wardley <abw@wardley.org>",
       "Aristotle Pagaltzis <pagaltzis@gmx.de>",
-      "Ask Bj\u00f8rn Hansen <ask@develooper.com>",
+      "Arthur Axel 'fREW' Schmidt <frioux@gmail.com>",
+      "Ask Bjørn Hansen <ask@develooper.com>",
       "Ben Morrow <ben@morrow.me.uk>",
       "Bernhard Graf <augensalat@gmail.com>",
+      "Chad Granum <chad.granum@dreamhost.com>",
       "Chia-liang Kao <clkao@clkao.org>",
       "Christian Walde <walde.christian@googlemail.com>",
       "Cosimo Streppone <cosimo@cpan.org>",
@@ -124,6 +126,7 @@
       "Henry Baragar <Henry.Baragar@Instantiated.Ca>",
       "Hiroshi Sakai <ziguzagu@gmail.com>",
       "Jakob Voss <jakob@nichtich.de>",
+      "Jakob Voss <voss@gbv.de>",
       "Jay Hannah <jay.hannah@iinteractive.com>",
       "Jesse Luehrs <doy@cpan.org>",
       "Jiro Nishiguchi <jiro@cpan.org>",
@@ -149,7 +152,7 @@
       "Olaf Alders <olaf@wundersolutions.com>",
       "Oliver Gorwits <oliver@cpan.org>",
       "Oliver Paukstadt <pstadt@sourcentral.org>",
-      "Olivier Mengu\u00e9 <dolmen@cpan.org>",
+      "Olivier Mengué <dolmen@cpan.org>",
       "Panu Ervamaa <panu.ervamaa@frantic.com>",
       "Paul Driver <frodwith@gmail.com>",
       "Pedro Melo <melo@simplicidade.org>",
@@ -162,6 +165,7 @@
       "Ricky Morse <remorse@partners.org>",
       "Rob Hoelz <rob@hoelz.ro>",
       "Ryo Miyake <ryo.studiom@gmail.com>",
+      "Sawyer X <xsawyerx@cpan.org>",
       "Scott S. McCoy <smccoy@saymedia.com>",
       "Shawn M Moore <sartak@gmail.com>",
       "Stephen Clouse <stephenclouse@gmail.com>",
@@ -190,8 +194,8 @@
       "vti <viacheslav.t@gmail.com>",
       "xaicron <xaicron@gmail.com>",
       "yappo <yappo@shibuya.pl>",
-      "\u00c6var Arnfj\u00f6r\u00f0 Bjarmason <avarab@gmail.com>",
-      "\u5510\u9cf3 <audreyt@audreyt.org>"
+      "Ævar Arnfjörð Bjarmason <avarab@gmail.com>",
+      "唐鳳 <audreyt@audreyt.org>"
    ]
 }
 

Makefile.PL

@@ -1,22 +1,24 @@
 
+# This file was automatically generated by Dist::Zilla::Plugin::MakeMaker v5.020.
 use strict;
 use warnings;
 
 use 5.008001;
 
-use ExtUtils::MakeMaker 6.30;
+use ExtUtils::MakeMaker ;
 
 use File::ShareDir::Install;
+$File::ShareDir::Install::INCLUDE_DOTFILES = 1;
+$File::ShareDir::Install::INCLUDE_DOTDIRS = 1;
 install_share dist => "share";
 
 
 my %WriteMakefileArgs = (
   "ABSTRACT" => "Perl Superglue for Web frameworks and Web Servers (PSGI toolkit)",
   "AUTHOR" => "Tatsuhiko Miyagawa",
-  "BUILD_REQUIRES" => {},
   "CONFIGURE_REQUIRES" => {
-    "ExtUtils::MakeMaker" => "6.30",
-    "File::ShareDir::Install" => "0.03"
+    "ExtUtils::MakeMaker" => 0,
+    "File::ShareDir::Install" => "0.06"
   },
   "DISTNAME" => "Plack",
   "EXE_FILES" => [
@@ -45,7 +47,7 @@ my %WriteMakefileArgs = (
     "Test::More" => "0.88",
     "Test::Requires" => 0
   },
-  "VERSION" => "1.0030",
+  "VERSION" => "1.0031",
   "test" => {
     "TESTS" => "t/*.t t/HTTP-Message-PSGI/*.t t/HTTP-Server-PSGI/*.t t/Plack-Builder/*.t t/Plack-HTTPParser-PP/*.t t/Plack-Handler/*.t t/Plack-Loader/*.t t/Plack-MIME/*.t t/Plack-Middleware/*.t t/Plack-Middleware/cascade/*.t t/Plack-Middleware/recursive/*.t t/Plack-Middleware/stacktrace/*.t t/Plack-Request/*.t t/Plack-Response/*.t t/Plack-Runner/*.t t/Plack-TempBuffer/*.t t/Plack-Test/*.t t/Plack-Util/*.t"
   }

README.md

@@ -116,7 +116,8 @@ callbacks.
 ## Patches and Bug Fixes
 
 Small patches and bug fixes can be either submitted via nopaste on IRC
-[irc://irc.perl.org/#plack](irc://irc.perl.org/#plack) or [the github issue tracker](http://github.com/plack/Plack/issues).  Forking on
+[irc://irc.perl.org/#plack](irc://irc.perl.org/#plack) or [the github issue
+tracker](http://github.com/plack/Plack/issues).  Forking on
 [github](http://github.com/plack/Plack) is another good way if you
 intend to make larger fixes.
 
@@ -143,7 +144,7 @@ examples of these ([Plack::App::File](https://metacpan.org/pod/Plack::App::File)
 It is recommended that you inherit from [Plack::Component](https://metacpan.org/pod/Plack::Component) for these
 types of modules.
 
-__DO NOT USE__ Plack:: namespace to build a new web application or a
+**DO NOT USE** Plack:: namespace to build a new web application or a
 framework. It's like naming your application under CGI:: namespace if
 it's supposed to run on CGI and that is a really bad choice and
 would confuse people badly.

lib/Plack.pm

@@ -3,7 +3,7 @@ package Plack;
 use strict;
 use warnings;
 use 5.008_001;
-our $VERSION = '1.0030';
+our $VERSION = '1.0031';
 
 1;
 __END__

lib/Plack/Request.pm

@@ -2,7 +2,7 @@ package Plack::Request;
 use strict;
 use warnings;
 use 5.008_001;
-our $VERSION = '1.0030';
+our $VERSION = '1.0031';
 
 use HTTP::Headers;
 use Carp ();

lib/Plack/Response.pm

@@ -1,7 +1,7 @@
 package Plack::Response;
 use strict;
 use warnings;
-our $VERSION = '1.0030';
+our $VERSION = '1.0031';
 
 use Plack::Util::Accessor qw(body status);
 use Carp ();