Skip to content
This repository

Apr 24, 2013

  1. Santiago Pastorino

    Use rbx in Travis instead of rbx-2.0

    authored April 23, 2013
  2. Santiago Pastorino

    Add bundle exec to .travis.yml

    authored April 23, 2013
  3. Santiago Pastorino

    Update .travis.yml

    authored April 23, 2013

Apr 22, 2013

  1. Santiago Pastorino

    prevent crash when cookie doesn't contain "--"

    This backports 881ce76 so that rack
    won't crash when there isn't a "--" in the rack_session cookie
    
    Fixes #523
    authored April 22, 2013
  2. Santiago Pastorino

    Use the non deprecated version of source

    authored April 22, 2013

Feb 08, 2013

  1. James Tucker

    Bump version number

    authored February 07, 2013
  2. James Tucker

    Update README for todays releases

    authored February 07, 2013

Feb 07, 2013

  1. James Tucker

    Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    authored February 07, 2013
  2. James Tucker

    Add secure_compare to Rack::Utils

    Conflicts:
    	test/spec_utils.rb
    authored February 06, 2013

Jan 13, 2013

  1. James Tucker

    Bump version

    authored January 13, 2013
  2. James Tucker

    Update README for release. Add security section.

    authored January 13, 2013
  3. James Tucker

    Remove error test, implementation not backported

     * Closes #493
    authored January 13, 2013
  4. James Tucker

    Squash warnings in spec_auth

    authored January 13, 2013
  5. James Tucker

    Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    authored January 13, 2013

Jan 07, 2013

  1. James Tucker

    Add release announcements to README

    authored January 07, 2013
  2. James Tucker

    Bump to 1.3.8

    authored January 07, 2013
  3. multipart/parser: avoid unbounded #gets method

    Malicious clients may send excessively long lines
    to trigger out-of-memory errors in a Rack web server.
    authored August 22, 2012 raggi committed January 07, 2013
  4. James Tucker

    Bump to 1.3.7

    authored January 06, 2013

Jan 06, 2013

  1. James Tucker

    Update README based on master

    authored January 06, 2013

Jan 04, 2013

  1. Sokolov Yura

    Fix parsing multiple ranges

    Fix parsing miltiple ranges in HTTP_RANGE header according to w3 rfc2616 (according to last example in sec14.35.1 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.1 ) (according to BNF rules in http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.1 )
    authored November 09, 2012 raggi committed January 04, 2013
  2. James Tucker

    Add a note in KNOWN-ISSUES regarding ECMA escape

    authored December 29, 2012
  3. James Tucker

    Refactor spec_cascade and spec_head

     * StringIO is a better choice than a struct here.
    authored December 28, 2012
  4. James Tucker

    Rack::Response now conforms to body.close SPEC

     * Previously 204, 205 and 304 bodies were not closed correctly.
    authored December 28, 2012
  5. James Tucker

    Rack::Head now conforms to body.close SPEC

    Conflicts:
    	test/spec_head.rb
    authored December 28, 2012
  6. James Tucker

    Cascade now conforms to the body.close SPEC

    authored December 28, 2012
  7. James Tucker

    Clarify the body.close spec section

     * This item is frequently missed, including in core.
     * This is not a change in semantic requirement, and does not update the SPEC
       version.
    authored December 28, 2012
  8. James Tucker

    Ensure that deflater always closes bodies.

    Closes #349
    authored November 03, 2012
  9. Zachary Scott

    Rack::BodyProxy#each, fixes rack/rack#434

    authored November 02, 2012 raggi committed January 04, 2013
  10. James Tucker

    Prevent infinite recursions from Response#to_ary

    Closes #419
    authored November 02, 2012
  11. James Tucker

    Return a bad request for malformed basic auth

    Closes #438
    authored November 02, 2012
  12. Zachary Scott

    rescue Errno::ESRCH for windows, fixes #391

    authored October 24, 2012 raggi committed January 04, 2013
  13. Christian Neukirchen

    Add redrawn logos by Zachary Scott

    Date: Mon, 22 Oct 2012 10:29:22 -0400
    Message-ID: <CAH6G9XNkVkUWh9JPT9HuHzJ4KmRNoPSr8ov3q0rgzH3b=u3cGw@mail.gmail.com>
    
    On Mon, Oct 22, 2012 at 10:17 AM, Christian Neukirchen
    <chneukirchen@gmail.com> wrote:
    > Is it ok to put the other files as MIT license into contrib/?
    > (Perhaps add a copyright message to the .svg)
    
    Whatever you want, they're all yours.
    Thanks!
    authored October 22, 2012 raggi committed January 04, 2013
  14. Konstantin Haase

    Update years in license

    authored July 30, 2012 raggi committed January 04, 2013
  15. ITO Nobuaki

    Use backport of URI module even on ruby 1.9.2-p320.

    authored July 13, 2012 raggi committed January 04, 2013
  16. ITO Nobuaki

    Added missing dependence on 'timeout' in test/spec_utils.

    authored July 13, 2012 raggi committed January 04, 2013
Something went wrong with that request. Please try again.