Skip to content
This repository

Apr 23, 2013

  1. Santiago Pastorino

    Add Gemfile

    authored April 22, 2013
  2. Santiago Pastorino

    Merge pull request #523 from bdimcheff/fix-missing-digest

    prevent crash when cookie doesn't contain "--"
    authored April 22, 2013

Feb 22, 2013

  1. Brandon Dimcheff

    prevent crash when cookie doesn't contain "--"

    This backports 881ce76 so that rack
    won't crash when there isn't a "--" in the rack_session cookie
    authored February 21, 2013

Feb 08, 2013

  1. James Tucker

    Bump version number

    authored February 07, 2013
  2. James Tucker

    Update README for todays releases

    authored February 07, 2013

Feb 07, 2013

  1. James Tucker

    Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    authored February 06, 2013
  2. James Tucker

    Add secure_compare to Rack::Utils

    authored February 06, 2013

Jan 13, 2013

  1. James Tucker

    Bump version

    authored January 13, 2013
  2. James Tucker

    Update README for release. Add security section.

    Conflicts:
    	README
    authored January 13, 2013
  3. James Tucker

    Squash warnings in spec_auth

    authored January 13, 2013
  4. James Tucker

    Update spec_auth to work with test-spec

    authored January 13, 2013
  5. James Tucker

    Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    authored January 13, 2013

Jan 07, 2013

  1. James Tucker

    Bump to 1.1.4

    authored January 06, 2013

Jan 06, 2013

  1. James Tucker

    Update README based on the one from master

    authored January 06, 2013

Jan 04, 2013

  1. James Tucker

    Make the Rakefile usable in presence of new RDoc

    authored January 04, 2013
  2. James Tucker

    Add warning to strongly recommend to people to have secrets protectin…

    …g their cookies
    
    Conflicts:
    	test/spec_rack_session_cookie.rb
    authored March 18, 2012 raggi committed January 04, 2013

Dec 28, 2011

  1. James Tucker

    Bump version, and add release notes

    authored December 27, 2011
  2. James Tucker

    Backport `Limit the size of parameter keys`

    authored December 27, 2011
  3. James Tucker

    Fix errors caused by different stdlib logger

    authored December 27, 2011

Sep 08, 2011

  1. James Tucker

    Backport set_cookie_header! and delete_cookie_header! fixes from mast…

    …er, affecting rack-cache and rails 2.x
    authored September 08, 2011
  2. James Tucker

    Lets move things forward... (working test runs again)

    authored September 08, 2011

Mar 13, 2011

  1. Christian Neukirchen

    hack out tests

    authored March 13, 2011
  2. Christian Neukirchen

    Version 1.1.2

    authored March 13, 2011
  3. Christian Neukirchen

    MD5 Digest auth: fail if authenticator returns nil

    Fixes the authenticator API to deny access if nil is returned from the
    authenticator block. Without this patch, the nil gets to_s'd to "" and
    an empty password would be accepted.
    
    Backported to rack-1.1.
    
    Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
    authored March 13, 2011

Mar 01, 2011

  1. James Tucker

    Bump to 1.1.1

    authored February 28, 2011

Feb 10, 2011

  1. James Tucker

    Use Rack.release instead of two separate strings

    authored February 09, 2011
  2. James Tucker

    improve gemloader to include runtime deps if any, and not break on co…

    …mplex requirements
    authored February 09, 2011
  3. James Tucker

    Fix daemonize issues, may need picking into master

    authored February 09, 2011
  4. James Tucker

    Fix cgi spec against implementation (same as master)

    authored February 09, 2011

Dec 20, 2010

  1. James Tucker

    Use gemloader to run against older development dependency gems

    authored December 19, 2010
  2. James Tucker

    Add gemloader script that will provide the ability to activate develo…

    …pment dependencies at the correct version for point releases
    authored December 19, 2010
  3. James Tucker

    Add stage to gitignore

    authored December 19, 2010
  4. James Tucker

    Update for 1.1.1 release

    authored December 19, 2010
  5. James Tucker

    Fix failing and invalid tests

    authored December 19, 2010
  6. James Tucker

    Fixup development dependencies in gemspec, as newer versions now caus…

    …e breakage
    authored December 19, 2010
Something went wrong with that request. Please try again.