Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add release notes for todays releases

  • Loading branch information...
commit a5cc74bee5d6d2a4685fe70d1844a6a28661626f 1 parent 6f237e4
@raggi raggi authored
Showing with 17 additions and 0 deletions.
  1. +17 −0 README.rdoc
View
17 README.rdoc
@@ -511,6 +511,23 @@ run on port 11211) and memcache-client installed.
* Added hash-like methods to Abstract::ID::SessionHash for compatibility
* Various documentation corrections
+* February 7th, Thirty fifth public release 1.1.6, 1.2.8, 1.3.10
+ * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
+
+* February 7th, Thirty fifth public release 1.4.5
+ * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
+ * Fix CVE-2013-0262, symlink path traversal in Rack::File
+
+* February 7th, Thirty fifth public release 1.5.2
+ * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
+ * Fix CVE-2013-0262, symlink path traversal in Rack::File
+ * Add various methods to Session for enhanced Rails compatibility
+ * Request#trusted_proxy? now only matches whole stirngs
@nathany
nathany added a note

Strings :-)

@raggi Owner
raggi added a note

Awww! :cookie: for you sir!

Is it maybe time to consider adding a changelog file? The readme is becoming quite long.

@raggi Owner
raggi added a note

We have a changelog file. It is created by the release process.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ * Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
+ * URLMap host matching in environments that don't set the Host header fixed
+ * Fix a race condition that could result in overwritten pidfiles
+ * Various documentation additions
+
== Contact
Please post bugs, suggestions and patches to
@nathany

Strings :-)

@raggi
Owner

Awww! :cookie: for you sir!

@oscardelben

Is it maybe time to consider adding a changelog file? The readme is becoming quite long.

@raggi
Owner

We have a changelog file. It is created by the release process.

Please sign in to comment.
Something went wrong with that request. Please try again.