Permalink
Commits on Feb 8, 2013
  1. Bump version number

    raggi committed Feb 8, 2013
Commits on Feb 7, 2013
  1. Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    raggi committed Feb 6, 2013
Commits on Jan 13, 2013
  1. Bump version

    raggi committed Jan 13, 2013
  2. Update README for release. Add security section.

    Conflicts:
    	README
    raggi committed Jan 13, 2013
  3. Squash warnings in spec_auth

    raggi committed Jan 13, 2013
  4. Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    raggi committed Jan 13, 2013
Commits on Jan 7, 2013
  1. Bump to 1.1.4

    raggi committed Jan 7, 2013
Commits on Jan 6, 2013
Commits on Jan 4, 2013
  1. Add warning to strongly recommend to people to have secrets protectin…

    …g their cookies
    
    Conflicts:
    	test/spec_rack_session_cookie.rb
    raggi committed with raggi Mar 19, 2012
Commits on Dec 28, 2011
Commits on Sep 8, 2011
  1. Backport set_cookie_header! and delete_cookie_header! fixes from mast…

    …er, affecting rack-cache and rails 2.x
    raggi committed Sep 8, 2011
Commits on Mar 13, 2011
  1. hack out tests

    chneukirchen committed Mar 13, 2011
  2. Version 1.1.2

    chneukirchen committed Mar 13, 2011
  3. MD5 Digest auth: fail if authenticator returns nil

    Fixes the authenticator API to deny access if nil is returned from the
    authenticator block. Without this patch, the nil gets to_s'd to "" and
    an empty password would be accepted.
    
    Backported to rack-1.1.
    
    Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
    chneukirchen committed Mar 13, 2011
Commits on Mar 1, 2011
  1. Bump to 1.1.1

    raggi committed Mar 1, 2011
Commits on Feb 10, 2011
  1. improve gemloader to include runtime deps if any, and not break on co…

    …mplex requirements
    raggi committed Feb 10, 2011
Commits on Dec 20, 2010
  1. Add gemloader script that will provide the ability to activate develo…

    …pment dependencies at the correct version for point releases
    raggi committed Dec 20, 2010
  2. Add stage to gitignore

    raggi committed Dec 20, 2010
  3. Update for 1.1.1 release

    raggi committed Dec 20, 2010
  4. Fix failing and invalid tests

    raggi committed Dec 20, 2010
  5. mark as rack-1.1.1.pre

    raggi committed Dec 20, 2010
Commits on Dec 19, 2010
  1. removed parsing of quoted values

    Signed-off-by: raggi <jftucker@gmail.com>
    thinkerbot committed with raggi May 14, 2010
Commits on Jan 3, 2010
  1. Set 1.1 release date

    josh committed Jan 3, 2010