Releases: rubyzip/rubyzip
Releases · rubyzip/rubyzip
v2.3.2
v2.3.1
v2.3.0
v2.2.0
v2.1.0
- Fix (at least partially) the
restore_timesandrestore_permissionsoptions toZip::File.new#413- Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to
falseto preserve the current behavior, for the time being. If you have explicitly set either totrue, it will now have an effect. - Fix handling of UniversalTime (
mtime,atime,ctime) fields. #421 - Previously,
Zip::Filedid not pass the options toZip::Entryin some cases. #423 - Note that
restore_timesin this release does nothing on Windows and only restoresmtime, notatimeorctime.
- Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to
- Allow
Zip::File.opento take an options hash likeZip::File.new#418 - Always print warnings with
warn, instead of a mix ofputsandwarn#416 - Create temporary files in the system temporary directory instead of the directory of the zip file #411
- Drop unused
tmpdirrequirement #411
Tooling
- Move CI to xenial and include jruby on JDK11 #419
v2.0.0
Security
- Default the
validate_entry_sizesoption totrue, so that callers can trust an entry's reported size when usingextract#403- This option defaulted to
falsein 1.3.0 for backward compatibility, but it now defaults totrue. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option totrue.
- This option defaulted to
Tooling / Documentation
v1.3.0
Security
- Add
validate_entry_sizesoption so that callers can trust an entry's reported size when usingextract#403- This option defaults to
falsefor backward compatibility in this release, but you are strongly encouraged to set it totrue. It will default totruein rubyzip 2.0.
- This option defaults to
New Feature
- Add
add_storedmethod to simplify adding entries without compression #366
Tooling / Documentation
- Add more gem metadata links #402
v1.2.4
v1.2.3
- Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376)
- Support frozen string literals in more files #390
- Require
pathnameexplicitly #388 (fixes regression in 1.2.2 from #376)
Tooling / Documentation:
- CI updates #392, #394
- Add changelog entry that was missing for last release #387
- Comment cleanup #385
Since the GitHub release information for 1.2.2 is missing, I will also include it here:
1.2.2
NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See #376 (comment) for details.
- Fix CVE-2018-1000544 #376 / #371
- Fix NoMethodError: undefined method `glob' #363
- Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set #358
- Fix
closeon StringIO-backed zip file #353 - Add
Zip.force_entry_names_encodingoption #340 - Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes #332, #355
- Save temporary files to temporary directory (rather than current directory) #325
Tooling / Documentation:
v1.2.1
- Add accessor to @internal_file_attributes #304
- Extended globbing #303
- README updates #283, #289
- Cleanup after tests #298, #306
- Fix permissions on new zip files #294, #300
- Fix examples #297
- Support cp932 encoding #308
- Fix Directory traversal vulnerability #315
- Allow open_buffer to work without a given block #314