Skip to content
Commits on Feb 8, 2013
  1. @raggi

    Bump version number

    raggi committed
  2. @raggi
Commits on Feb 7, 2013
  1. @raggi

    Use secure_compare for hmac comparison

    raggi committed
     * Closes CVE-2013-0263
  2. @raggi

    Add secure_compare to Rack::Utils

    raggi committed
Commits on Jan 13, 2013
  1. @raggi

    Bump version

    raggi committed
  2. @raggi
  3. @raggi
  4. @raggi

    Squash warnings in spec_auth

    raggi committed
  5. @raggi

    Reimplement auth scheme fix

    raggi committed
     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
Commits on Jan 7, 2013
  1. @raggi
  2. @raggi

    Bump to 1.3.8

    raggi committed
  3. @raggi

    multipart/parser: avoid unbounded #gets method

    Eric Wong committed with raggi
    Malicious clients may send excessively long lines
    to trigger out-of-memory errors in a Rack web server.
  4. @raggi

    Bump to 1.3.7

    raggi committed
Commits on Jan 6, 2013
  1. @raggi

    Update README based on master

    raggi committed
Commits on Jan 4, 2013
  1. @funny-falcon @raggi

    Fix parsing multiple ranges

    funny-falcon committed with raggi
    Fix parsing miltiple ranges in HTTP_RANGE header according to w3 rfc2616 (according to last example in sec14.35.1 ) (according to BNF rules in )
  2. @raggi
  3. @raggi

    Refactor spec_cascade and spec_head

    raggi committed
     * StringIO is a better choice than a struct here.
  4. @raggi

    Rack::Response now conforms to body.close SPEC

    raggi committed
     * Previously 204, 205 and 304 bodies were not closed correctly.
  5. @raggi

    Rack::Head now conforms to body.close SPEC

    raggi committed
  6. @raggi
  7. @raggi

    Clarify the body.close spec section

    raggi committed
     * This item is frequently missed, including in core.
     * This is not a change in semantic requirement, and does not update the SPEC
  8. @raggi
  9. @zzak @raggi
  10. @raggi
  11. @raggi
  12. @zzak @raggi
  13. @chneukirchen @raggi

    Add redrawn logos by Zachary Scott

    chneukirchen committed with raggi
    Date: Mon, 22 Oct 2012 10:29:22 -0400
    Message-ID: <>
    On Mon, Oct 22, 2012 at 10:17 AM, Christian Neukirchen
    <> wrote:
    > Is it ok to put the other files as MIT license into contrib/?
    > (Perhaps add a copyright message to the .svg)
    Whatever you want, they're all yours.
  14. @rkh @raggi

    Update years in license

    rkh committed with raggi
  15. @dayflower @raggi
  16. @dayflower @raggi
  17. @dayflower @raggi
  18. @ConradIrwin @raggi

    Set __LINE__ correctly for rackup files.

    ConradIrwin committed with raggi
    Before this change the line numbers were off by one, which broke
    debugging tools like Pry in addition to causing a smidgen of user
    Reported-At: pry/pry#571
  19. @shime @raggi

    update the dead link

    shime committed with raggi
    remove the dead link
    use internet archive for a dead link
    added working link
  20. @raggi

    Improve pidfile reporting and test coverage

    raggi committed with raggi
     * Output reduced to a single line
     * Integration test added that also suppresses and checks output
  21. @byroot @raggi

    Check if the PID in pidfile is still running #371

    byroot committed with raggi
    Then abort or remove the pidfile
Something went wrong with that request. Please try again.