Permalink
Commits on Feb 8, 2013
  1. Bump version number

    raggi committed Feb 8, 2013
  2. Prevent symlink path traversals

     * Closes CVE-2013-0262
    raggi committed Feb 7, 2013
Commits on Feb 7, 2013
  1. Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    raggi committed Feb 7, 2013
  2. Add secure_compare to Rack::Utils

    Conflicts:
    	test/spec_utils.rb
    raggi committed Feb 6, 2013
Commits on Jan 21, 2013
  1. Use Dir.tmpdir instead of hardcoded /tmp

    Closes #492
    raggi committed Jan 21, 2013
Commits on Jan 13, 2013
  1. Bump version

    raggi committed Jan 13, 2013
  2. Squash warnings in spec_auth

    raggi committed Jan 13, 2013
  3. Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    raggi committed Jan 13, 2013
Commits on Jan 7, 2013
  1. Bump to 1.4.3

    raggi committed Jan 7, 2013
  2. multipart/parser: avoid unbounded #gets method

    Malicious clients may send excessively long lines
    to trigger out-of-memory errors in a Rack web server.
    Eric Wong committed with raggi Aug 22, 2012
  3. Bump to 1.4.2

    raggi committed Jan 7, 2013
Commits on Jan 6, 2013
  1. Update README based on master

    raggi committed Jan 6, 2013
Commits on Jan 4, 2013
  1. Fix parsing performance for unquoted filenames

    Special thanks to Paul Rogers & Eric Wong
    
    Conflicts:
    	test/spec_multipart.rb
    raggi committed with raggi May 13, 2012
  2. Fix parsing multiple ranges

    Fix parsing miltiple ranges in HTTP_RANGE header according to w3 rfc2616 (according to last example in sec14.35.1 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.1 ) (according to BNF rules in http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.1 )
    funny-falcon committed with raggi Nov 9, 2012
  3. .woff now has an official mime type!

     * Closes #405
    raggi committed Dec 29, 2012
  4. Do not fail on cookies that are not URI escaped

     * Closes #360
    
    Conflicts:
    	test/spec_request.rb
    raggi committed Dec 29, 2012
  5. Refactor spec_cascade and spec_head

     * StringIO is a better choice than a struct here.
    raggi committed Dec 28, 2012
  6. Rack::Response now conforms to body.close SPEC

     * Previously 204, 205 and 304 bodies were not closed correctly.
    raggi committed Dec 28, 2012
  7. Clarify the body.close spec section

     * This item is frequently missed, including in core.
     * This is not a change in semantic requirement, and does not update the SPEC
       version.
    raggi committed Dec 28, 2012
  8. fixes for 1.8

    rkh committed with raggi Dec 12, 2012
  9. Ensure that deflater always closes bodies.

    Closes #349
    raggi committed Nov 3, 2012
  10. Return a bad request for malformed basic auth

    Closes #438
    raggi committed Nov 2, 2012
  11. Rack::Static: Rename methods

    thomasklemm committed with raggi Nov 2, 2012
  12. CommonLogger Documentation, fixes #412

    zzak committed with raggi Oct 25, 2012