Commits on Feb 8, 2013
  1. @raggi

    Bump version number

    raggi committed Feb 7, 2013
  2. @raggi
Commits on Feb 7, 2013
  1. @raggi

    Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    raggi committed Feb 6, 2013
  2. @raggi
Commits on Jan 13, 2013
  1. @raggi

    Bump version

    raggi committed Jan 13, 2013
  2. @raggi

    Update README for release. Add security section.

    Conflicts:
    	README
    raggi committed Jan 13, 2013
  3. @raggi

    Squash warnings in spec_auth

    raggi committed Jan 13, 2013
  4. @raggi
  5. @raggi

    Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    raggi committed Jan 13, 2013
Commits on Jan 7, 2013
  1. @raggi

    Bump to 1.1.4

    raggi committed Jan 6, 2013
Commits on Jan 6, 2013
  1. @raggi
Commits on Jan 4, 2013
  1. @raggi
  2. @raggi @raggi

    Add warning to strongly recommend to people to have secrets protectin…

    …g their cookies
    
    Conflicts:
    	test/spec_rack_session_cookie.rb
    raggi committed with raggi Mar 18, 2012
Commits on Dec 28, 2011
  1. @raggi
  2. @raggi
  3. @raggi
Commits on Sep 8, 2011
  1. @raggi

    Backport set_cookie_header! and delete_cookie_header! fixes from mast…

    …er, affecting rack-cache and rails 2.x
    raggi committed Sep 8, 2011
  2. @raggi
Commits on Mar 13, 2011
  1. @chneukirchen

    hack out tests

    chneukirchen committed Mar 13, 2011
  2. @chneukirchen

    Version 1.1.2

    chneukirchen committed Mar 13, 2011
  3. @chneukirchen

    MD5 Digest auth: fail if authenticator returns nil

    Fixes the authenticator API to deny access if nil is returned from the
    authenticator block. Without this patch, the nil gets to_s'd to "" and
    an empty password would be accepted.
    
    Backported to rack-1.1.
    
    Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
    chneukirchen committed Mar 13, 2011
Commits on Mar 1, 2011
  1. @raggi

    Bump to 1.1.1

    raggi committed Feb 28, 2011
Commits on Feb 10, 2011
  1. @raggi
  2. @raggi
  3. @raggi
  4. @raggi
Commits on Dec 20, 2010
  1. @raggi
  2. @raggi

    Add gemloader script that will provide the ability to activate develo…

    …pment dependencies at the correct version for point releases
    raggi committed Dec 19, 2010
  3. @raggi

    Add stage to gitignore

    raggi committed Dec 19, 2010
  4. @raggi

    Update for 1.1.1 release

    raggi committed Dec 19, 2010
  5. @raggi

    Fix failing and invalid tests

    raggi committed Dec 19, 2010
  6. @raggi
  7. @raggi

    mark as rack-1.1.1.pre

    raggi committed Dec 19, 2010
Commits on Dec 19, 2010
  1. @thinkerbot @raggi

    removed parsing of quoted values

    Signed-off-by: raggi <jftucker@gmail.com>
    thinkerbot committed with raggi May 15, 2010
Commits on Jan 3, 2010
  1. @josh

    Set 1.1 release date

    josh committed Jan 3, 2010