Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 8, 2013
  1. James Tucker

    Bump version number

    raggi authored
  2. James Tucker
  3. James Tucker

    Prevent symlink path traversals

    raggi authored
     * Closes CVE-2013-0262
  4. Tim Moore James Tucker

    Stop overwriting existing pidfiles.

    TimMoore authored raggi committed
    A race condition can arise when two servers are started simultaneously. Both
    instances may complete the check for an existing pidfile before either one
    writes it.
    
    Now the pidfile is opened with ::File::EXCL, which raises an error if the file
    already exists. This error is handled by retrying the check and the write.
  5. James Tucker

    Use secure_compare for hmac comparison

    raggi authored
     * Closes CVE-2013-0263
  6. James Tucker

    Add secure_compare to Rack::Utils

    raggi authored
    Conflicts:
    	test/spec_utils.rb
  7. James Tucker
  8. James Tucker
  9. James Tucker
  10. Jordi Massaguer Pla James Tucker

    add license information to gemspec

    jordimassaguerpla authored raggi committed
    this way it can be used with rubygems.org API
  11. Oscar Del Ben James Tucker

    Fix reference link

    oscardelben authored raggi committed
  12. Oscar Del Ben James Tucker

    Document Rack::Deflater

    oscardelben authored raggi committed
  13. James Tucker

    Request#trusted_proxy? no longer accepts lines

    raggi authored
     * Closes #508
     * Adds some limited coverage. More issues highlighted - incomplete local ips.
Commits on Feb 7, 2013
  1. Santiago Pastorino James Tucker

    Add find and set methods to Session object

    spastorino authored raggi committed
Commits on Jan 28, 2013
  1. James Tucker
  2. James Tucker
  3. James Tucker

    Merge pull request #500 from aocole/patch-1

    raggi authored
    Changing incorrect documentation
  4. James Tucker

    Remove specific version code from Lint

    raggi authored
     * Too easy to miss during updates
     * Required format unchanged
     * Closes #501
  5. James Tucker

    Reimplement keys and values on SessionHash

    raggi authored
     * Basic additional APIs to simplify requirements for Rails and Devise
Commits on Jan 25, 2013
  1. Andrew Cole

    Changing incorrect documentation

    aocole authored
    The original comment on set_session said to return true or false
    depending on whether the session was saved or not. In reality, this
    method MUST return the session id in order for #commit_session to set
    the cookie data properly.
Commits on Jan 22, 2013
  1. James Tucker

    Merge branch 'lint-headerhash' of git://bogomips.org/rack

    raggi authored
    * 'lint-headerhash' of git://bogomips.org/rack:
      lint: avoid TypeError on non-Hash-like response headers
  2. Konstantin Haase

    Merge pull request #499 from barttenbrinke/master

    rkh authored
    Added specific test when X-Forwarded-For is 'unknown'
  3. Bart ten Brinke
  4. lint: avoid TypeError on non-Hash-like response headers

    Eric Wong authored
    According to SPEC (and check_headers), Response headers need only
    respond to #each.  Thus, check_hijack_response should rely on
    Rack::Utils::HeaderHash if it wishes to access the headers in a
    hash-like fashion.
  5. James Tucker
  6. James Tucker

    Update README for 1.5.0 release

    raggi authored
  7. James Tucker

    Switch to RFC 2822 expires

    raggi authored
Commits on Jan 21, 2013
  1. James Tucker

    Fix a long standing misnomer for date formats

    raggi authored
    References #414
  2. James Tucker
  3. James Tucker
  4. James Tucker

    Merge pull request #496 from homakov/patch-3

    raggi authored
    Remove never called string
Commits on Jan 14, 2013
  1. Egor Homakov

    Remove never called string

    homakov authored
    Previous check `p.empty?` makes sure that p contains at least 1 symbol.
    After `.split('=', 2)` k or v or both will turn into some string which means `k || v` will always return true and `next` will never be called.
Commits on Jan 13, 2013
  1. James Tucker

    Update to 1.5.0.beta.2

    raggi authored
  2. James Tucker

    Update README security notes

    raggi authored
  3. James Tucker
Something went wrong with that request. Please try again.