RubyGems - dalli - Versions diffs - 4.0.0 → 4.0.1 - Mend

dalli 4.0.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +6 -0
data/Gemfile +9 -2
data/README.md +26 -0
data/lib/dalli/client.rb +5 -0
data/lib/dalli/protocol/base.rb +2 -2
data/lib/dalli/protocol/connection_manager.rb +3 -3
data/lib/dalli/protocol/string_marshaller.rb +65 -0
data/lib/dalli/protocol.rb +10 -0
data/lib/dalli/version.rb +1 -1
data/lib/dalli.rb +1 -0
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 86e39b2869b7c916472e88e6cbbfb6aa1f6533aa35c9e1f1c704cffcbc680f8a
-  data.tar.gz: bf2e56610c6bae187d561ccf09105e6f5b4a29eed1308d089745ef22cf5b673b
+  metadata.gz: 5494b3c5f7ce6c73cb061511ab96c7dafc0ed1f5d10a865310a7adc79c8587c9
+  data.tar.gz: 1326cd38aad6ba7c7c0c65c2b0305b4c4c566e3a0050df1f8ccee6aa42ee2bc7
 SHA512:
-  metadata.gz: e2faab814abb4b25a53d87048f7e4e81e49c609bd64725cb18607670110da3d5b8038544598c44575831b9038500f9d8220a56ec28c16b9517a21d442212d12b
-  data.tar.gz: 3e5a7c326c908d72d2d8ce2211b27f67acebbbf97c279c5faf3ba2914ec7409df7f259a9082d82903cc9ae6b6716a137994aba849321546b8d3d3a35f8f7f5af
+  metadata.gz: 5affa5731ead45a7c352628c4c3c471b1fc5c7499e9e63e58278e2c59c309e90fd550774a8808de78ff9daaa53913503810ded029d0879f3a6408f19a4bf67f2
+  data.tar.gz: 244b909ac405e2f8757b3bfa3fdcea3fb17615f6d329527f63c3392a4921dd8298fa9d6eeaab368bd80112413c593d94f305062732fb28204072526b84eba3d4

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,12 @@
 Dalli Changelog
 =====================
+4.0.1
+==========
+- Add `:raw` client option to skip serialization entirely, returning raw byte strings
+- Handle `OpenSSL::SSL::SSLError` in connection manager
 4.0.0
 ==========

data/Gemfile CHANGED Viewed

@@ -5,11 +5,18 @@ source 'https://rubygems.org'
 gemspec
 group :development, :test do
+  gem 'benchmark'
   gem 'cgi'
   gem 'connection_pool'
   gem 'debug' unless RUBY_PLATFORM == 'java'
-  gem 'minitest', '~> 5'
-  gem 'rack', '~> 2.0', '>= 2.2.0'
+  if RUBY_VERSION >= '3.2'
+    gem 'minitest', '~> 6'
+    gem 'minitest-mock'
+  else
+    gem 'minitest', '~> 5'
+  end
+  gem 'rack', '~> 3'
+  gem 'rack-session'
   gem 'rake', '~> 13.0'
   gem 'rubocop'
   gem 'rubocop-minitest'

data/README.md CHANGED Viewed

@@ -14,6 +14,32 @@ Dalli supports:
 The name is a variant of Salvador Dali for his famous painting [The Persistence of Memory](http://en.wikipedia.org/wiki/The_Persistence_of_Memory).
+## Requirements
+* Ruby 3.1 or later
+* memcached 1.4 or later (1.6+ recommended for meta protocol support)
+## Protocol Options
+Dalli supports two protocols for communicating with memcached:
+* `:binary` (default) - Works with all memcached versions, supports SASL authentication
+* `:meta` - Requires memcached 1.6+, better performance for some operations, no authentication support
+```ruby
+Dalli::Client.new('localhost:11211', protocol: :meta)
+```
+## Security Note
+By default, Dalli uses Ruby's Marshal for serialization. Deserializing untrusted data with Marshal can lead to remote code execution. If you cache user-controlled data, consider using a safer serializer:
+```ruby
+Dalli::Client.new('localhost:11211', serializer: JSON)
+```
+See the [4.0-Upgrade.md](4.0-Upgrade.md) guide for more information.
 ![Persistence of Memory](https://upload.wikimedia.org/wikipedia/en/d/dd/The_Persistence_of_Memory.jpg)

data/lib/dalli/client.rb CHANGED Viewed

@@ -41,6 +41,11 @@ module Dalli
     # - :compressor - defaults to Dalli::Compressor, a Zlib-based implementation
     # - :cache_nils - defaults to false, if true Dalli will not treat cached nil values as 'not found' for
     #                 #fetch operations.
+    # - :raw        - If set, disables serialization and compression entirely at the client level.
+    #                 Only String values are supported. This is useful when the caller handles its own
+    #                 serialization (e.g., Rails' ActiveSupport::Cache). Note: this is different from
+    #                 the per-request :raw option which converts values to strings but still uses the
+    #                 serialization pipeline.
     # - :digest_class - defaults to Digest::MD5, allows you to pass in an object that responds to the hexdigest method,
     #                   useful for injecting a FIPS compliant hash object.
     # - :protocol - one of either :binary or :meta, defaulting to :binary.  This sets the protocol that Dalli uses

data/lib/dalli/protocol/base.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module Dalli
       def initialize(attribs, client_options = {})
         hostname, port, socket_type, @weight, user_creds = ServerConfigParser.parse(attribs)
         @options = client_options.merge(user_creds)
-        @value_marshaller = ValueMarshaller.new(@options)
+        @value_marshaller = client_options[:raw] ? StringMarshaller.new(@options) : ValueMarshaller.new(@options)
         @connection_manager = ConnectionManager.new(hostname, port, socket_type, @options)
       end
@@ -106,7 +106,7 @@ module Dalli
         end
         values
-      rescue SystemCallError, *TIMEOUT_ERRORS, EOFError => e
+      rescue SystemCallError, *TIMEOUT_ERRORS, *SSL_ERRORS, EOFError => e
         @connection_manager.error_on_request!(e)
       end

data/lib/dalli/protocol/connection_manager.rb CHANGED Viewed

@@ -150,19 +150,19 @@ module Dalli
         data = @sock.gets("\r\n")
         error_on_request!('EOF in read_line') if data.nil?
         data
-      rescue SystemCallError, *TIMEOUT_ERRORS, EOFError => e
+      rescue SystemCallError, *TIMEOUT_ERRORS, *SSL_ERRORS, EOFError => e
         error_on_request!(e)
       end
       def read(count)
         @sock.readfull(count)
-      rescue SystemCallError, *TIMEOUT_ERRORS, EOFError => e
+      rescue SystemCallError, *TIMEOUT_ERRORS, *SSL_ERRORS, EOFError => e
         error_on_request!(e)
       end
       def write(bytes)
         @sock.write(bytes)
-      rescue SystemCallError, *TIMEOUT_ERRORS => e
+      rescue SystemCallError, *TIMEOUT_ERRORS, *SSL_ERRORS => e
         error_on_request!(e)
       end

data/lib/dalli/protocol/string_marshaller.rb ADDED Viewed

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+module Dalli
+  module Protocol
+    ##
+    # Dalli::Protocol::StringMarshaller is a pass-through marshaller for use with
+    # the :raw client option. It bypasses serialization and compression entirely,
+    # expecting values to already be strings (e.g., pre-serialized by Rails'
+    # ActiveSupport::Cache). It still enforces the maximum value size limit.
+    ##
+    class StringMarshaller
+      DEFAULTS = {
+        # max size of value in bytes (default is 1 MB, can be overriden with "memcached -I <size>")
+        value_max_bytes: 1024 * 1024
+      }.freeze
+      attr_reader :value_max_bytes
+      def initialize(client_options)
+        @value_max_bytes = client_options.fetch(:value_max_bytes) do
+          DEFAULTS.fetch(:value_max_bytes)
+        end.to_i
+      end
+      def store(key, value, _options = nil)
+        raise MarshalError, "Dalli in :raw mode only supports strings, got: #{value.class}" unless value.is_a?(String)
+        error_if_over_max_value_bytes(key, value)
+        [value, 0]
+      end
+      def retrieve(value, _flags)
+        value
+      end
+      # Interface compatibility methods - these return nil since
+      # StringMarshaller bypasses serialization and compression entirely.
+      def serializer
+        nil
+      end
+      def compressor
+        nil
+      end
+      def compression_min_size
+        nil
+      end
+      def compress_by_default?
+        false
+      end
+      private
+      def error_if_over_max_value_bytes(key, value)
+        return if value.bytesize <= value_max_bytes
+        message = "Value for #{key} over max size: #{value_max_bytes} <= #{value.bytesize}"
+        raise Dalli::ValueOverMaxSize, message
+      end
+    end
+  end
+end

data/lib/dalli/protocol.rb CHANGED Viewed

@@ -15,5 +15,15 @@ module Dalli
       else
         [Timeout::Error]
       end
+    # SSL errors that occur during read/write operations (not during initial
+    # handshake) should trigger reconnection. These indicate transient network
+    # issues, not configuration problems.
+    SSL_ERRORS =
+      if defined?(OpenSSL::SSL::SSLError)
+        [OpenSSL::SSL::SSLError]
+      else
+        []
+      end
   end
 end

data/lib/dalli/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 module Dalli
-  VERSION = '4.0.0'
+  VERSION = '4.0.1'
   MIN_SUPPORTED_MEMCACHED_VERSION = '1.4'
 end

data/lib/dalli.rb CHANGED Viewed

@@ -72,6 +72,7 @@ require_relative 'dalli/protocol/server_config_parser'
 require_relative 'dalli/protocol/ttl_sanitizer'
 require_relative 'dalli/protocol/value_compressor'
 require_relative 'dalli/protocol/value_marshaller'
+require_relative 'dalli/protocol/string_marshaller'
 require_relative 'dalli/protocol/value_serializer'
 require_relative 'dalli/servers_arg_normalizer'
 require_relative 'dalli/socket'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dalli
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.0.1
 platform: ruby
 authors:
 - Peter M. Goldstein
@@ -58,6 +58,7 @@ files:
 - lib/dalli/protocol/meta/response_processor.rb
 - lib/dalli/protocol/response_buffer.rb
 - lib/dalli/protocol/server_config_parser.rb
+- lib/dalli/protocol/string_marshaller.rb
 - lib/dalli/protocol/ttl_sanitizer.rb
 - lib/dalli/protocol/value_compressor.rb
 - lib/dalli/protocol/value_marshaller.rb
@@ -88,7 +89,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.3
+rubygems_version: 4.0.4
 specification_version: 4
 summary: High performance memcached client for Ruby
 test_files: []