Permalink
Commits on Apr 24, 2013
  1. Update .travis.yml

    spastorino committed Apr 24, 2013
Commits on Apr 22, 2013
  1. prevent crash when cookie doesn't contain "--"

    This backports 881ce76 so that rack
    won't crash when there isn't a "--" in the rack_session cookie
    
    Fixes #523
    spastorino committed Apr 22, 2013
Commits on Feb 8, 2013
  1. Bump version number

    raggi committed Feb 8, 2013
Commits on Feb 7, 2013
  1. Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    raggi committed Feb 7, 2013
  2. Add secure_compare to Rack::Utils

    Conflicts:
    	test/spec_utils.rb
    raggi committed Feb 6, 2013
Commits on Jan 13, 2013
  1. Bump version

    raggi committed Jan 13, 2013
  2. Remove error test, implementation not backported

     * Closes #493
    raggi committed Jan 13, 2013
  3. Squash warnings in spec_auth

    raggi committed Jan 13, 2013
  4. Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    raggi committed Jan 13, 2013
Commits on Jan 7, 2013
  1. Bump to 1.3.8

    raggi committed Jan 7, 2013
  2. multipart/parser: avoid unbounded #gets method

    Malicious clients may send excessively long lines
    to trigger out-of-memory errors in a Rack web server.
    Eric Wong committed with raggi Aug 22, 2012
  3. Bump to 1.3.7

    raggi committed Jan 7, 2013
Commits on Jan 6, 2013
  1. Update README based on master

    raggi committed Jan 6, 2013
Commits on Jan 4, 2013
  1. Fix parsing multiple ranges

    Fix parsing miltiple ranges in HTTP_RANGE header according to w3 rfc2616 (according to last example in sec14.35.1 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.1 ) (according to BNF rules in http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.1 )
    funny-falcon committed with raggi Nov 9, 2012
  2. Refactor spec_cascade and spec_head

     * StringIO is a better choice than a struct here.
    raggi committed Dec 28, 2012
  3. Rack::Response now conforms to body.close SPEC

     * Previously 204, 205 and 304 bodies were not closed correctly.
    raggi committed Dec 28, 2012
  4. Rack::Head now conforms to body.close SPEC

    Conflicts:
    	test/spec_head.rb
    raggi committed Dec 28, 2012
  5. Clarify the body.close spec section

     * This item is frequently missed, including in core.
     * This is not a change in semantic requirement, and does not update the SPEC
       version.
    raggi committed Dec 28, 2012
  6. Ensure that deflater always closes bodies.

    Closes #349
    raggi committed Nov 3, 2012
  7. Return a bad request for malformed basic auth

    Closes #438
    raggi committed Nov 2, 2012
  8. Add redrawn logos by Zachary Scott

    Date: Mon, 22 Oct 2012 10:29:22 -0400
    Message-ID: <CAH6G9XNkVkUWh9JPT9HuHzJ4KmRNoPSr8ov3q0rgzH3b=u3cGw@mail.gmail.com>
    
    On Mon, Oct 22, 2012 at 10:17 AM, Christian Neukirchen
    <chneukirchen@gmail.com> wrote:
    > Is it ok to put the other files as MIT license into contrib/?
    > (Perhaps add a copyright message to the .svg)
    
    Whatever you want, they're all yours.
    Thanks!
    chneukirchen committed with raggi Oct 22, 2012
  9. Update years in license

    rkh committed with raggi Jul 30, 2012