rack-session 2.1.0 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/rack/session/pool.rb +7 -1
  3. data/lib/rack/session/version.rb +1 -1
  4. data/releases.md +4 -0
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c21a6aa8f00d76d5dde8f1afc2da45bcde88447531098da9fe7ef7407efc70ef
4
- data.tar.gz: c8ba14832945493b7d94ef86bb98874bfb08a6ebd0c9628b4c4f61836bdb821f
3
+ metadata.gz: 24dbcb8931b1a26d39b7165f872231e9ce7f9006e8495616416faeb4538ed8e6
4
+ data.tar.gz: c26f979218fb4ac3b626d8638ee7b0e00183ac1acffdc1fb393fd85919e1cf46
5
5
  SHA512:
6
- metadata.gz: fce1c317454f485dab13f3e08cf0a11094e5405213b3433d6686503343c061eedb6967df6f6daf94de4d7bfd84f78b89211a37f3373f1f65ca6597a432979f71
7
- data.tar.gz: 9ba8c4880087e988ba6fb3f9211eec23f4c3ca070bb32efa8054c3fffd5dcdb53a80f7c914a9d6480903cc8307eb1b64fc07b37ad8a3f4c0f03277db94afaee3
6
+ metadata.gz: e345e1424c6092e771a16f15fee04c19128dacfa50b586fbd7795ce1699fe50cbf2b7028624dc945e60a055f20c99c0d88c7c1eec729b13d527f3c3bcc7d6e6e
7
+ data.tar.gz: 8da88daf469c01ebeef2bb75b5ee04efc42e836807b3000b028fa2eb73f11db3585410321297e7607bd0e9413f768dab2a55e54f08e5326697e1d472f9363e6c
data/lib/rack/session/pool.rb CHANGED
@@ -53,6 +53,7 @@ module Rack
53
53
 
54
54
  def write_session(req, session_id, new_session, options)
55
55
  @mutex.synchronize do
56
+ return false unless get_session_with_fallback(session_id)
56
57
  @pool.store session_id.private_id, new_session
57
58
  session_id
58
59
  end
@@ -62,7 +63,12 @@ module Rack
62
63
  @mutex.synchronize do
63
64
  @pool.delete(session_id.public_id)
64
65
  @pool.delete(session_id.private_id)
65
- generate_sid(use_mutex: false) unless options[:drop]
66
+
67
+ unless options[:drop]
68
+ sid = generate_sid(use_mutex: false)
69
+ @pool.store(sid.private_id, {})
70
+ sid
71
+ end
66
72
  end
67
73
  end
68
74
 
data/lib/rack/session/version.rb CHANGED
@@ -5,6 +5,6 @@
5
5
 
6
6
  module Rack
7
7
  module Session
8
- VERSION = "2.1.0"
8
+ VERSION = "2.1.1"
9
9
  end
10
10
  end
data/releases.md CHANGED
@@ -1,5 +1,9 @@
1
1
  # Releases
2
2
 
3
+ ## v2.1.1
4
+
5
+ - Prevent `Rack::Session::Pool` from recreating deleted sessions [CVE-2025-46336](https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj).
6
+
3
7
  ## v2.1.0
4
8
 
5
9
  - Improved compatibility with Ruby 3.3+ and Rack 3+.
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack-session
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Samuel Williams
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2025-01-04 00:00:00.000000000 Z
14
+ date: 2025-05-06 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: base64