Commits on Jun 18, 2015
  1. @tenderlove

    bumping version

    tenderlove committed Jun 18, 2015
Commits on Jun 17, 2015
  1. @spastorino @tenderlove

    Merge pull request #814 from johnnaegle/only_increment_open_file_coun…

    …t_for_fileparts
    
    Only count files (not all form elements) against the Multipart File Limit
    Conflicts:
    	lib/rack/multipart/parser.rb
    spastorino committed with tenderlove Mar 11, 2015
Commits on Jun 16, 2015
  1. @byroot @tenderlove

    Explicitly fail when hitting the multipart limit

    Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
    
    Conflicts:
    	lib/rack/utils.rb
    
    Conflicts:
    	test/spec_multipart.rb
    byroot committed with tenderlove Aug 6, 2014
  2. @tenderlove

    bumping the release

    tenderlove committed Jun 16, 2015
  3. @tenderlove

    raise an exception if the parameters are too deep

    CVE-2015-3225
    
    Conflicts:
    	lib/rack/utils.rb
    	test/spec_utils.rb
    tenderlove committed Jan 20, 2015
Commits on Apr 21, 2013
  1. @raggi

    Prevent signals from being sent to pid 0

     * Closes #544
    raggi committed Apr 21, 2013
Commits on Feb 8, 2013
  1. @raggi

    Bump version number

    raggi committed Feb 7, 2013
  2. @raggi
  3. @raggi

    Prevent symlink path traversals

     * Closes CVE-2013-0262
    raggi committed Feb 6, 2013
Commits on Feb 7, 2013
  1. @raggi

    Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    raggi committed Feb 7, 2013
  2. @raggi

    Add secure_compare to Rack::Utils

    Conflicts:
    	test/spec_utils.rb
    raggi committed Feb 6, 2013
Commits on Jan 21, 2013
  1. @raggi

    Use Dir.tmpdir instead of hardcoded /tmp

    Closes #492
    raggi committed Jan 21, 2013
Commits on Jan 13, 2013
  1. @raggi

    Bump version

    raggi committed Jan 13, 2013
  2. @raggi
  3. @raggi

    Squash warnings in spec_auth

    raggi committed Jan 13, 2013
  4. @raggi

    Reimplement auth scheme fix

     * Add Rack::Auth.add_scheme to enable folks to fix anything that breaks
     * Add common auth schemes, MS ones, AWS ones, etc are missing, as unlikely
     * Checked Rails - they don't use our authorization code
     * Checked Warden - uses rails
     * Checked Omniauth - uses rails
     * Checked doorkeeper - users rails
     * Checked rack-authentication - does it's own thing
     * Checked warden-oauth - doesn't do headers
     * Checked devise - uses rails
     * Checked oauth2-rack - header creation only
     * Checked rack-oauth2-server - does it's own thing
     * Probably missed a bunch, but that'll have to do
    raggi committed Jan 13, 2013
Commits on Jan 7, 2013
  1. @carlosantoniodasilva @raggi
  2. @raggi
  3. @raggi

    Bump to 1.4.3

    raggi committed Jan 7, 2013
  4. @raggi

    multipart/parser: avoid unbounded #gets method

    Malicious clients may send excessively long lines
    to trigger out-of-memory errors in a Rack web server.
    Eric Wong committed with raggi Aug 22, 2012
  5. @raggi

    Bump to 1.4.2

    raggi committed Jan 6, 2013
Commits on Jan 6, 2013
  1. @raggi

    Update README based on master

    raggi committed Jan 6, 2013
Commits on Jan 4, 2013
  1. @raggi @raggi

    Fix parsing performance for unquoted filenames

    Special thanks to Paul Rogers & Eric Wong
    
    Conflicts:
    	test/spec_multipart.rb
    raggi committed with raggi May 13, 2012
  2. @funny-falcon @raggi

    Fix parsing multiple ranges

    Fix parsing miltiple ranges in HTTP_RANGE header according to w3 rfc2616 (according to last example in sec14.35.1 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.1 ) (according to BNF rules in http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.1 )
    funny-falcon committed with raggi Nov 9, 2012
  3. @raggi

    .woff now has an official mime type!

     * Closes #405
    raggi committed Dec 29, 2012
  4. @raggi

    Do not fail on cookies that are not URI escaped

     * Closes #360
    
    Conflicts:
    	test/spec_request.rb
    raggi committed Dec 29, 2012
  5. @raggi
  6. @raggi

    Refactor spec_cascade and spec_head

     * StringIO is a better choice than a struct here.
    raggi committed Dec 28, 2012
  7. @raggi

    Rack::Response now conforms to body.close SPEC

     * Previously 204, 205 and 304 bodies were not closed correctly.
    raggi committed Dec 28, 2012
  8. @raggi
  9. @raggi
  10. @raggi

    Clarify the body.close spec section

     * This item is frequently missed, including in core.
     * This is not a change in semantic requirement, and does not update the SPEC
       version.
    raggi committed Dec 28, 2012
  11. @rkh @raggi

    fixes for 1.8

    rkh committed with raggi Dec 12, 2012
  12. @raggi

    Ensure that deflater always closes bodies.

    Closes #349
    raggi committed Nov 3, 2012
  13. @zzak @raggi