Skip to content
This repository

Feb 08, 2013

  1. James Tucker

    Bump version number

    authored February 07, 2013
  2. James Tucker

    Update README for todays releases

    authored February 07, 2013
  3. James Tucker

    Prevent symlink path traversals

     * Closes CVE-2013-0262
    authored February 06, 2013

Feb 07, 2013

  1. James Tucker

    Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    authored February 07, 2013
  2. James Tucker

    Add secure_compare to Rack::Utils

    Conflicts:
    	test/spec_utils.rb
    authored February 06, 2013

Jan 21, 2013

  1. James Tucker

    Use Dir.tmpdir instead of hardcoded /tmp

    Closes #492
    authored January 21, 2013

Jan 13, 2013

  1. James Tucker

    Bump version

    authored January 13, 2013
  2. James Tucker

    Update README for release. Add security section.

    authored January 13, 2013
  3. James Tucker

    Squash warnings in spec_auth

    authored January 13, 2013
  4. James Tucker

    Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    authored January 13, 2013

Jan 07, 2013

  1. Carlos Antonio da Silva

    Remove warnings: 'not used variable' and 'shadowing outer variable'

    authored January 07, 2013 raggi committed January 07, 2013
  2. James Tucker

    Add release announcements to README

    authored January 07, 2013
  3. James Tucker

    Bump to 1.4.3

    authored January 07, 2013
  4. multipart/parser: avoid unbounded #gets method

    Malicious clients may send excessively long lines
    to trigger out-of-memory errors in a Rack web server.
    authored August 22, 2012 raggi committed January 07, 2013
  5. James Tucker

    Bump to 1.4.2

    authored January 06, 2013

Jan 06, 2013

  1. James Tucker

    Update README based on master

    authored January 06, 2013

Jan 04, 2013

  1. James Tucker

    Fix parsing performance for unquoted filenames

    Special thanks to Paul Rogers & Eric Wong
    
    Conflicts:
    	test/spec_multipart.rb
    authored May 13, 2012 raggi committed January 04, 2013
  2. Sokolov Yura

    Fix parsing multiple ranges

    Fix parsing miltiple ranges in HTTP_RANGE header according to w3 rfc2616 (according to last example in sec14.35.1 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.1 ) (according to BNF rules in http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.1 )
    authored November 09, 2012 raggi committed January 04, 2013
  3. James Tucker

    .woff now has an official mime type!

     * Closes #405
    authored December 29, 2012
  4. James Tucker

    Do not fail on cookies that are not URI escaped

     * Closes #360
    
    Conflicts:
    	test/spec_request.rb
    authored December 29, 2012
  5. James Tucker

    Add a note in KNOWN-ISSUES regarding ECMA escape

    authored December 29, 2012
  6. James Tucker

    Refactor spec_cascade and spec_head

     * StringIO is a better choice than a struct here.
    authored December 28, 2012
  7. James Tucker

    Rack::Response now conforms to body.close SPEC

     * Previously 204, 205 and 304 bodies were not closed correctly.
    authored December 28, 2012
  8. James Tucker

    Rack::Head now conforms to body.close SPEC

    authored December 28, 2012
  9. James Tucker

    Cascade now conforms to the body.close SPEC

    authored December 28, 2012
  10. James Tucker

    Clarify the body.close spec section

     * This item is frequently missed, including in core.
     * This is not a change in semantic requirement, and does not update the SPEC
       version.
    authored December 28, 2012
  11. Konstantin Haase

    fixes for 1.8

    authored December 12, 2012 raggi committed January 04, 2013
  12. James Tucker

    Ensure that deflater always closes bodies.

    Closes #349
    authored November 03, 2012
  13. Zachary Scott

    Rack::BodyProxy#each, fixes rack/rack#434

    authored November 02, 2012 raggi committed January 04, 2013
  14. James Tucker

    Prevent infinite recursions from Response#to_ary

    Closes #419
    authored November 02, 2012
  15. James Tucker

    Return a bad request for malformed basic auth

    Closes #438
    authored November 02, 2012
  16. Thomas Klemm

    Rack::Static: Rename methods

    authored November 02, 2012 raggi committed January 04, 2013
  17. Thomas Klemm

    Remove .rbenv-version from .gitignore

    authored November 02, 2012 raggi committed January 04, 2013
  18. Zachary Scott

    rescue Errno::ESRCH for windows, fixes #391

    authored October 24, 2012 raggi committed January 04, 2013
  19. Zachary Scott

    CommonLogger Documentation, fixes #412

    authored October 24, 2012 raggi committed January 04, 2013
Something went wrong with that request. Please try again.