Permalink
Commits on Jun 18, 2015
  1. bumping version

    tenderlove committed Jun 18, 2015
Commits on Jun 17, 2015
  1. Merge pull request #814 from johnnaegle/only_increment_open_file_coun…

    …t_for_fileparts
    
    Only count files (not all form elements) against the Multipart File Limit
    Conflicts:
    	lib/rack/multipart/parser.rb
    spastorino committed with tenderlove Mar 11, 2015
Commits on Jun 16, 2015
  1. Explicitly fail when hitting the multipart limit

    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    
    Conflicts:
    	lib/rack/utils.rb
    
    Conflicts:
    	test/spec_multipart.rb
    byroot committed with tenderlove Aug 6, 2014
  2. bumping the release

    tenderlove committed Jun 16, 2015
  3. raise an exception if the parameters are too deep

    CVE-2015-3225
    
    Conflicts:
    	lib/rack/utils.rb
    	test/spec_utils.rb
    tenderlove committed Jan 20, 2015
Commits on Apr 21, 2013
  1. Prevent signals from being sent to pid 0

     * Closes #544
    raggi committed Apr 21, 2013
Commits on Feb 8, 2013
  1. Bump version number

    raggi committed Feb 8, 2013
  2. Prevent symlink path traversals

     * Closes CVE-2013-0262
    raggi committed Feb 7, 2013
Commits on Feb 7, 2013
  1. Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    raggi committed Feb 7, 2013
  2. Add secure_compare to Rack::Utils

    Conflicts:
    	test/spec_utils.rb
    raggi committed Feb 6, 2013
Commits on Jan 21, 2013
  1. Use Dir.tmpdir instead of hardcoded /tmp

    Closes #492
    raggi committed Jan 21, 2013
Commits on Jan 13, 2013
  1. Bump version

    raggi committed Jan 13, 2013
  2. Squash warnings in spec_auth

    raggi committed Jan 13, 2013
  3. Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    raggi committed Jan 13, 2013
Commits on Jan 7, 2013
  1. Bump to 1.4.3

    raggi committed Jan 7, 2013
  2. multipart/parser: avoid unbounded #gets method

    Malicious clients may send excessively long lines
    to trigger out-of-memory errors in a Rack web server.
    Eric Wong committed with raggi Aug 22, 2012
  3. Bump to 1.4.2

    raggi committed Jan 7, 2013
Commits on Jan 6, 2013
  1. Update README based on master

    raggi committed Jan 6, 2013
Commits on Jan 4, 2013
  1. Fix parsing performance for unquoted filenames

    Special thanks to Paul Rogers & Eric Wong
    
    Conflicts:
    	test/spec_multipart.rb
    raggi committed with raggi May 13, 2012
  2. Fix parsing multiple ranges

    Fix parsing miltiple ranges in HTTP_RANGE header according to w3 rfc2616 (according to last example in sec14.35.1 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.1 ) (according to BNF rules in http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.1 )
    funny-falcon committed with raggi Nov 9, 2012
  3. .woff now has an official mime type!

     * Closes #405
    raggi committed Dec 29, 2012
  4. Do not fail on cookies that are not URI escaped

     * Closes #360
    
    Conflicts:
    	test/spec_request.rb
    raggi committed Dec 29, 2012
  5. Refactor spec_cascade and spec_head

     * StringIO is a better choice than a struct here.
    raggi committed Dec 28, 2012
  6. Rack::Response now conforms to body.close SPEC

     * Previously 204, 205 and 304 bodies were not closed correctly.
    raggi committed Dec 28, 2012
  7. Clarify the body.close spec section

     * This item is frequently missed, including in core.
     * This is not a change in semantic requirement, and does not update the SPEC
       version.
    raggi committed Dec 28, 2012
  8. fixes for 1.8

    rkh committed with raggi Dec 12, 2012
  9. Ensure that deflater always closes bodies.

    Closes #349
    raggi committed Nov 3, 2012