Permalink
Commits on May 6, 2015
  1. use shasum

    tenderlove committed May 6, 2015
  2. bumping to 1.5.3

    tenderlove committed May 6, 2015
Commits on Nov 14, 2014
  1. Merge pull request #756 from filipegiusti/fix-large-posts

    Rack 1.5: Use equal? to compare form_input to rack.input
    spastorino committed Nov 14, 2014
Commits on Nov 13, 2014
  1. Use equal? to compare form_input to rack.input

    Using equal? provides consistent results of equality between 1.8, 1.9,
    and 2.0 when comparing Tempfile objects.
    
    In 1.8, == will change the position of the Tempfile.
    In 1.9+, == compares Tempfiles correctly.
    
    In 1.8, eql? compares Tempfiles correctly
    In 1.9+, t.eql?(t) always returns false
    statianzo committed with filipegiusti Jul 18, 2013
Commits on Jul 9, 2014
  1. Merge pull request #711 from polleverywhere/152

    correct Request#port for lighttpd2 proxy case
    rkh committed Jul 9, 2014
Commits on Dec 4, 2013
Commits on Jul 16, 2013
  1. Merge pull request #585 from MSch/patch-1

    Fix bug in sendfile.rb
    spastorino committed Jul 15, 2013
Commits on Feb 8, 2013
  1. Bump version number

    raggi committed Feb 8, 2013
  2. Prevent symlink path traversals

     * Closes CVE-2013-0262
    raggi committed Feb 7, 2013
  3. Stop overwriting existing pidfiles.

    A race condition can arise when two servers are started simultaneously. Both
    instances may complete the check for an existing pidfile before either one
    writes it.
    
    Now the pidfile is opened with ::File::EXCL, which raises an error if the file
    already exists. This error is handled by retrying the check and the write.
    TimMoore committed with raggi Jan 30, 2013
  4. Use secure_compare for hmac comparison

     * Closes CVE-2013-0263
    raggi committed Feb 7, 2013
  5. Add secure_compare to Rack::Utils

    Conflicts:
    	test/spec_utils.rb
    raggi committed Feb 6, 2013
  6. Fix a bug where host matching occurs out of order

     * Closes #504
    raggi committed Feb 7, 2013
  7. add license information to gemspec

    this way it can be used with rubygems.org API
    jordimassaguerpla committed with raggi Feb 6, 2013
  8. Fix reference link

    oscardelben committed with raggi Feb 3, 2013
  9. Document Rack::Deflater

    oscardelben committed with raggi Feb 3, 2013
  10. Request#trusted_proxy? no longer accepts lines

     * Closes #508
     * Adds some limited coverage. More issues highlighted - incomplete local ips.
    raggi committed Feb 2, 2013
Commits on Feb 7, 2013
Commits on Jan 28, 2013
  1. Merge pull request #500 from aocole/patch-1

    Changing incorrect documentation
    raggi committed Jan 28, 2013
  2. Remove specific version code from Lint

     * Too easy to miss during updates
     * Required format unchanged
     * Closes #501
    raggi committed Jan 28, 2013
  3. Reimplement keys and values on SessionHash

     * Basic additional APIs to simplify requirements for Rails and Devise
    raggi committed Jan 28, 2013
Commits on Jan 25, 2013
  1. Changing incorrect documentation

    The original comment on set_session said to return true or false
    depending on whether the session was saved or not. In reality, this
    method MUST return the session id in order for #commit_session to set
    the cookie data properly.
    aocole committed Jan 25, 2013
Commits on Jan 22, 2013
  1. Merge branch 'lint-headerhash' of git://bogomips.org/rack

    * 'lint-headerhash' of git://bogomips.org/rack:
      lint: avoid TypeError on non-Hash-like response headers
    raggi committed Jan 22, 2013
  2. Merge pull request #499 from barttenbrinke/master

    Added specific test when X-Forwarded-For is 'unknown'
    rkh committed Jan 22, 2013
  3. lint: avoid TypeError on non-Hash-like response headers

    According to SPEC (and check_headers), Response headers need only
    respond to #each.  Thus, check_hijack_response should rely on
    Rack::Utils::HeaderHash if it wishes to access the headers in a
    hash-like fashion.
    Eric Wong committed Jan 22, 2013