Permalink
Commits on Apr 22, 2013
  1. prevent crash when cookie doesn't contain "--"

    This backports 881ce76 so that rack
    won't crash when there isn't a "--" in the rack_session cookie
    
    Fixes #523
    
    Conflicts:
    	lib/rack/session/cookie.rb
    	test/spec_session_cookie.rb
    spastorino committed Apr 22, 2013
  2. Add Gemfile

    spastorino committed Apr 22, 2013
Commits on Feb 8, 2013
  1. Bump version number

    raggi committed Feb 8, 2013
Commits on Feb 7, 2013
  1. Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    raggi committed Feb 6, 2013
  2. Add secure_compare to Rack::Utils

    Conflicts:
    	lib/rack/utils.rb
    	test/spec_utils.rb
    raggi committed Feb 6, 2013
Commits on Jan 13, 2013
  1. Bump version

    raggi committed Jan 13, 2013
  2. Update README for release. Add security section.

    Conflicts:
    	README
    raggi committed Jan 13, 2013
  3. Squash warnings in spec_auth

    raggi committed Jan 13, 2013
  4. Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    raggi committed Jan 13, 2013
Commits on Jan 7, 2013
  1. Bump to 1.2.6

    raggi committed Jan 7, 2013
Commits on Jan 6, 2013
  1. Update README based on master

    raggi committed Jan 6, 2013
Commits on Jan 4, 2013
  1. Fix parsing performance for unquoted filenames

    Special thanks to Paul Rogers & Eric Wong
    raggi committed Jan 4, 2013
Commits on Mar 19, 2012
Commits on Dec 28, 2011
  1. Backport `Limit the size of parameter keys`

    Conflicts:
    
    	lib/rack/utils.rb
    	test/spec_request.rb
    raggi committed Dec 28, 2011
Commits on Nov 19, 2011
  1. Merge pull request #270 from mtfuji/rack-1.2

    Rack 1.2
    manveru committed Nov 19, 2011
  2. add .docx and .xlsx mime types.

    John Doe committed Nov 19, 2011
Commits on Sep 16, 2011
  1. Update readme

    raggi committed Sep 16, 2011
  2. Bump version

    raggi committed Sep 16, 2011
Commits on Jul 4, 2011
Commits on Jun 29, 2011
  1. Minor error in documentation regarding the order of parameters in HTT…

    …P_X_ACCEL_MAPPING.
    
    Conflicts:
    
    	lib/rack/sendfile.rb
    ioquatix committed with rkh Jun 29, 2011
  2. update core team list

    rkh committed Jun 16, 2011
Commits on May 23, 2011
  1. Update gemspec for 1.2.3 release

    raggi committed May 23, 2011
  2. Update for 1.2.3 release

    raggi committed May 23, 2011
  3. We don't actually use rdoctask

    raggi committed May 23, 2011
  4. Update SPEC

    raggi committed May 23, 2011
  5. 1.9 not having '.' in load path

    raggi committed with raggi May 3, 2011
  6. Force content-length to 0 so apache mod_xsendfile does not hang

    Maël Clérambault committed with raggi Mar 18, 2011