rack 2.0.9.1 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/{HISTORY.md → CHANGELOG.md} +218 -158
- data/{COPYING → MIT-LICENSE} +4 -2
- data/README.rdoc +77 -117
- data/Rakefile +25 -18
- data/SPEC +9 -9
- data/bin/rackup +1 -0
- data/example/lobster.ru +2 -0
- data/example/protectedlobster.rb +3 -1
- data/example/protectedlobster.ru +2 -0
- data/lib/rack/auth/abstract/handler.rb +3 -1
- data/lib/rack/auth/abstract/request.rb +2 -0
- data/lib/rack/auth/basic.rb +4 -1
- data/lib/rack/auth/digest/md5.rb +9 -7
- data/lib/rack/auth/digest/nonce.rb +6 -3
- data/lib/rack/auth/digest/params.rb +4 -2
- data/lib/rack/auth/digest/request.rb +2 -0
- data/lib/rack/body_proxy.rb +3 -6
- data/lib/rack/builder.rb +38 -15
- data/lib/rack/cascade.rb +6 -5
- data/lib/rack/chunked.rb +29 -6
- data/lib/rack/common_logger.rb +9 -11
- data/lib/rack/conditional_get.rb +3 -1
- data/lib/rack/config.rb +2 -0
- data/lib/rack/content_length.rb +3 -1
- data/lib/rack/content_type.rb +3 -1
- data/lib/rack/core_ext/regexp.rb +14 -0
- data/lib/rack/deflater.rb +28 -17
- data/lib/rack/directory.rb +17 -14
- data/lib/rack/etag.rb +3 -1
- data/lib/rack/events.rb +5 -3
- data/lib/rack/file.rb +5 -173
- data/lib/rack/files.rb +178 -0
- data/lib/rack/handler/cgi.rb +3 -1
- data/lib/rack/handler/fastcgi.rb +4 -2
- data/lib/rack/handler/lsws.rb +3 -1
- data/lib/rack/handler/scgi.rb +9 -6
- data/lib/rack/handler/thin.rb +3 -1
- data/lib/rack/handler/webrick.rb +4 -2
- data/lib/rack/handler.rb +7 -2
- data/lib/rack/head.rb +2 -0
- data/lib/rack/lint.rb +15 -12
- data/lib/rack/lobster.rb +7 -5
- data/lib/rack/lock.rb +2 -0
- data/lib/rack/logger.rb +2 -0
- data/lib/rack/media_type.rb +10 -5
- data/lib/rack/method_override.rb +4 -2
- data/lib/rack/mime.rb +9 -1
- data/lib/rack/mock.rb +74 -15
- data/lib/rack/multipart/generator.rb +6 -7
- data/lib/rack/multipart/parser.rb +52 -47
- data/lib/rack/multipart/uploaded_file.rb +2 -0
- data/lib/rack/multipart.rb +5 -2
- data/lib/rack/null_logger.rb +2 -0
- data/lib/rack/query_parser.rb +51 -25
- data/lib/rack/recursive.rb +7 -5
- data/lib/rack/reloader.rb +10 -4
- data/lib/rack/request.rb +79 -26
- data/lib/rack/response.rb +71 -31
- data/lib/rack/rewindable_input.rb +4 -2
- data/lib/rack/runtime.rb +4 -2
- data/lib/rack/sendfile.rb +15 -8
- data/lib/rack/server.rb +88 -16
- data/lib/rack/session/abstract/id.rb +40 -22
- data/lib/rack/session/cookie.rb +10 -9
- data/lib/rack/session/memcache.rb +4 -93
- data/lib/rack/session/pool.rb +4 -2
- data/lib/rack/show_exceptions.rb +15 -9
- data/lib/rack/show_status.rb +4 -2
- data/lib/rack/static.rb +15 -10
- data/lib/rack/tempfile_reaper.rb +2 -0
- data/lib/rack/urlmap.rb +11 -2
- data/lib/rack/utils.rb +54 -71
- data/lib/rack.rb +63 -60
- data/rack.gemspec +17 -7
- metadata +30 -172
- data/test/builder/an_underscore_app.rb +0 -5
- data/test/builder/anything.rb +0 -5
- data/test/builder/comment.ru +0 -4
- data/test/builder/end.ru +0 -5
- data/test/builder/line.ru +0 -1
- data/test/builder/options.ru +0 -2
- data/test/cgi/assets/folder/test.js +0 -1
- data/test/cgi/assets/fonts/font.eot +0 -1
- data/test/cgi/assets/images/image.png +0 -1
- data/test/cgi/assets/index.html +0 -1
- data/test/cgi/assets/javascripts/app.js +0 -1
- data/test/cgi/assets/stylesheets/app.css +0 -1
- data/test/cgi/lighttpd.conf +0 -26
- data/test/cgi/rackup_stub.rb +0 -6
- data/test/cgi/sample_rackup.ru +0 -5
- data/test/cgi/test +0 -9
- data/test/cgi/test+directory/test+file +0 -1
- data/test/cgi/test.fcgi +0 -9
- data/test/cgi/test.gz +0 -0
- data/test/cgi/test.ru +0 -5
- data/test/gemloader.rb +0 -10
- data/test/helper.rb +0 -34
- data/test/multipart/bad_robots +0 -259
- data/test/multipart/binary +0 -0
- data/test/multipart/content_type_and_no_filename +0 -6
- data/test/multipart/empty +0 -10
- data/test/multipart/fail_16384_nofile +0 -814
- data/test/multipart/file1.txt +0 -1
- data/test/multipart/filename_and_modification_param +0 -7
- data/test/multipart/filename_and_no_name +0 -6
- data/test/multipart/filename_with_encoded_words +0 -7
- data/test/multipart/filename_with_escaped_quotes +0 -6
- data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
- data/test/multipart/filename_with_null_byte +0 -7
- data/test/multipart/filename_with_percent_escaped_quotes +0 -6
- data/test/multipart/filename_with_single_quote +0 -7
- data/test/multipart/filename_with_unescaped_percentages +0 -6
- data/test/multipart/filename_with_unescaped_percentages2 +0 -6
- data/test/multipart/filename_with_unescaped_percentages3 +0 -6
- data/test/multipart/filename_with_unescaped_quotes +0 -6
- data/test/multipart/ie +0 -6
- data/test/multipart/invalid_character +0 -6
- data/test/multipart/mixed_files +0 -21
- data/test/multipart/nested +0 -10
- data/test/multipart/none +0 -9
- data/test/multipart/quoted +0 -15
- data/test/multipart/rack-logo.png +0 -0
- data/test/multipart/semicolon +0 -6
- data/test/multipart/text +0 -15
- data/test/multipart/three_files_three_fields +0 -31
- data/test/multipart/unity3d_wwwform +0 -11
- data/test/multipart/webkit +0 -32
- data/test/rackup/config.ru +0 -31
- data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
- data/test/spec_auth_basic.rb +0 -89
- data/test/spec_auth_digest.rb +0 -260
- data/test/spec_body_proxy.rb +0 -85
- data/test/spec_builder.rb +0 -233
- data/test/spec_cascade.rb +0 -63
- data/test/spec_cgi.rb +0 -84
- data/test/spec_chunked.rb +0 -103
- data/test/spec_common_logger.rb +0 -107
- data/test/spec_conditional_get.rb +0 -103
- data/test/spec_config.rb +0 -23
- data/test/spec_content_length.rb +0 -86
- data/test/spec_content_type.rb +0 -46
- data/test/spec_deflater.rb +0 -375
- data/test/spec_directory.rb +0 -148
- data/test/spec_etag.rb +0 -108
- data/test/spec_events.rb +0 -133
- data/test/spec_fastcgi.rb +0 -85
- data/test/spec_file.rb +0 -264
- data/test/spec_handler.rb +0 -57
- data/test/spec_head.rb +0 -46
- data/test/spec_lint.rb +0 -520
- data/test/spec_lobster.rb +0 -59
- data/test/spec_lock.rb +0 -204
- data/test/spec_logger.rb +0 -24
- data/test/spec_media_type.rb +0 -42
- data/test/spec_method_override.rb +0 -110
- data/test/spec_mime.rb +0 -51
- data/test/spec_mock.rb +0 -359
- data/test/spec_multipart.rb +0 -709
- data/test/spec_null_logger.rb +0 -21
- data/test/spec_recursive.rb +0 -75
- data/test/spec_request.rb +0 -1407
- data/test/spec_response.rb +0 -528
- data/test/spec_rewindable_input.rb +0 -128
- data/test/spec_runtime.rb +0 -50
- data/test/spec_sendfile.rb +0 -125
- data/test/spec_server.rb +0 -193
- data/test/spec_session_abstract_id.rb +0 -31
- data/test/spec_session_abstract_session_hash.rb +0 -45
- data/test/spec_session_cookie.rb +0 -442
- data/test/spec_session_memcache.rb +0 -357
- data/test/spec_session_persisted_secure_secure_session_hash.rb +0 -73
- data/test/spec_session_pool.rb +0 -247
- data/test/spec_show_exceptions.rb +0 -93
- data/test/spec_show_status.rb +0 -104
- data/test/spec_static.rb +0 -184
- data/test/spec_tempfile_reaper.rb +0 -64
- data/test/spec_thin.rb +0 -96
- data/test/spec_urlmap.rb +0 -237
- data/test/spec_utils.rb +0 -742
- data/test/spec_version.rb +0 -11
- data/test/spec_webrick.rb +0 -206
- data/test/static/another/index.html +0 -1
- data/test/static/foo.html +0 -1
- data/test/static/index.html +0 -1
- data/test/testrequest.rb +0 -78
- data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
- data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e12f073e1e04051923534a08cf31f175959a4217f1a793f43283e1bb902a7225
|
4
|
+
data.tar.gz: e96008a1e0f77466d55c3834da7df2a4c640ec213306bab87e19bad5a9042c2c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f73e64b61cd21153bb90d23811b28026caa652f8eb4c682ebc02d8d5967b537f07c08d3d1b6d70cc14482d687637a2e539b384b119eb5b9be0d40c994577a2e7
|
7
|
+
data.tar.gz: 512be9498bf6b40a18a7c4d3bcce2e2bc1818185e30e522def5c9461cfaa8ad68282b09f6457f40a38779e7711b732cc9dc0b126f96b35f3b451b8709cc45f9b
|
data/{HISTORY.md → CHANGELOG.md}
RENAMED
@@ -1,167 +1,229 @@
|
|
1
|
-
|
1
|
+
# Changelog
|
2
2
|
|
3
|
-
|
4
|
-
* [CVE-2022-30122] Restrict parsing of broken MIME attachments
|
3
|
+
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
5
4
|
|
6
|
-
|
5
|
+
## Unreleased
|
7
6
|
|
8
|
-
|
9
|
-
from third-party requests, closing the door on many CSRF attacks.
|
7
|
+
_Note: There are many unreleased changes in Rack (`master` is around 300 commits ahead of `2-0-stable`), and below is not an exhaustive list. If you would like to help out and document some of the unreleased changes, PRs are welcome._
|
10
8
|
|
11
|
-
|
12
|
-
response.set_cookie 'foo', value: 'bar', same_site: true
|
13
|
-
or `same_site: :lax` to use Lax enforcement:
|
14
|
-
response.set_cookie 'foo', value: 'bar', same_site: :lax
|
9
|
+
### Added
|
15
10
|
|
16
|
-
|
17
|
-
|
11
|
+
- Add support for `SameSite=None` cookie value. ([@hennikul](https://github.com/hennikul))
|
12
|
+
- Add trailer headers. ([@eileencodes](https://github.com/eileencodes))
|
13
|
+
- Add MIME Types for video streaming. ([@styd](https://github.com/styd))
|
14
|
+
- Add MIME Type for WASM. ([@buildrtech](https://github.com/buildrtech))
|
15
|
+
- Add `Early Hints(103)` to status codes. ([@egtra](https://github.com/egtra))
|
16
|
+
- Add `Too Early(425)` to status codes. ([@y-yagi]((https://github.com/y-yagi)))
|
17
|
+
- Add `Bandwidth Limit Exceeded(509)` to status codes. ([@CJKinni](https://github.com/CJKinni))
|
18
|
+
- Add method for custom `ip_filter`. ([@svcastaneda](https://github.com/svcastaneda))
|
19
|
+
- Add boot-time profiling capabilities to `rackup`. ([@tenderlove](https://github.com/tenderlove))
|
20
|
+
- Add multi mapping support for `X-Accel-Mappings` header. ([@yoshuki](https://github.com/yoshuki))
|
21
|
+
- Add `sync: false` option to `Rack::Deflater`. (Eric Wong)
|
22
|
+
- Add `Builder#freeze_app` to freeze application and all middleware instances. ([@jeremyevans](https://github.com/jeremyevans))
|
23
|
+
- Add API to extract cookies from `Rack::MockResponse`. ([@petercline](https://github.com/petercline))
|
18
24
|
|
19
|
-
|
20
|
-
updating to drafts 5 and 7.
|
25
|
+
### Changed
|
21
26
|
|
22
|
-
|
27
|
+
- Don't propagate nil values from middleware. ([@ioquatix](https://github.com/ioquatix))
|
28
|
+
- Lazily initialize the response body and only buffer it if required. ([@ioquatix](https://github.com/ioquatix))
|
29
|
+
- Fix deflater zlib buffer errors on empty body part. ([@felixbuenemann](https://github.com/felixbuenemann))
|
30
|
+
- Set `X-Accel-Redirect` to percent-encoded path. ([@diskkid](https://github.com/diskkid))
|
31
|
+
- Remove unnecessary buffer growing when parsing multipart. ([@tainoe](https://github.com/tainoe))
|
32
|
+
- Expand the root path in `Rack::Static` upon initialization. ([@rosenfeld](https://github.com/rosenfeld))
|
33
|
+
- Make `ShowExceptions` work with binary data. ([@axyjo](https://github.com/axyjo))
|
34
|
+
- Use buffer string when parsing multipart requests. ([@janko-m](https://github.com/janko-m))
|
35
|
+
- Support optional UTF-8 Byte Order Mark (BOM) in config.ru. ([@mikegee](https://github.com/mikegee))
|
36
|
+
- Handle `X-Forwarded-For` with optional port. ([@dpritchett](https://github.com/dpritchett))
|
37
|
+
- Use `Time#httpdate` format for Expires, as proposed by RFC 7231. ([@nanaya](https://github.com/nanaya))
|
38
|
+
- Make `Utils.status_code` raise an error when the status symbol is invalid instead of `500`. ([@adambutler](https://github.com/adambutler))
|
39
|
+
- Rename `Request::SCHEME_WHITELIST` to `Request::ALLOWED_SCHEMES`.
|
40
|
+
- Make `Multipart::Parser.get_filename` accept files with `+` in their name. ([@lucaskanashiro](https://github.com/lucaskanashiro))
|
41
|
+
- Add Falcon to the default handler fallbacks. ([@ioquatix](https://github.com/ioquatix))
|
42
|
+
- Update codebase to avoid string mutations in preparation for `frozen_string_literals`. ([@pat](https://github.com/pat))
|
43
|
+
- Change `MockRequest#env_for` to rely on the input optionally responding to `#size` instead of `#length`. ([@janko](https://github.com/janko))
|
44
|
+
- Rename `Rack::File` -> `Rack::Files` and add deprecation notice. ([@postmodern](https://github.com/postmodern)).
|
23
45
|
|
24
|
-
|
25
|
-
middleware that does not care about the response body, but only cares
|
26
|
-
about doing work at particular points in the request / response
|
27
|
-
lifecycle.
|
46
|
+
### Removed
|
28
47
|
|
29
|
-
|
48
|
+
- Remove `to_ary` from Response ([@tenderlove](https://github.com/tenderlove))
|
49
|
+
- Deprecate `Rack::Session::Memcache` in favor of `Rack::Session::Dalli` from dalli gem ([@fatkodima](https://github.com/fatkodima))
|
30
50
|
|
31
|
-
|
32
|
-
the response is being made (this will be handy for h2 pushes).
|
51
|
+
### Documentation
|
33
52
|
|
34
|
-
|
53
|
+
- Update broken example in `Session::Abstract::ID` documentation. ([tonytonyjan](https://github.com/tonytonyjan))
|
54
|
+
- Add Padrino to the list of frameworks implmenting Rack. ([@wikimatze](https://github.com/wikimatze))
|
55
|
+
- Remove Mongrel from the suggested server options in the help output. ([@tricknotes](https://github.com/tricknotes))
|
56
|
+
- Replace `HISTORY.md` and `NEWS.md` with `CHANGELOG.md`. ([@twitnithegirl](https://github.com/twitnithegirl))
|
57
|
+
- Backfill `CHANGELOG.md` from 2.0.1 to 2.0.7 releases. ([@drenmi](https://github.com/Drenmi))
|
35
58
|
|
36
|
-
|
37
|
-
Use this for setting cache control headers on your response objects.
|
59
|
+
## [2.0.8] - 2019-12-08
|
38
60
|
|
39
|
-
|
61
|
+
- [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. BREAKING CHANGE: Session ID is now a SessionId instance instead of a String. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca))
|
40
62
|
|
41
|
-
|
42
|
-
setting etag values on the response.
|
63
|
+
## [1.6.12] - 2019-12-08
|
43
64
|
|
44
|
-
|
65
|
+
- [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. BREAKING CHANGE: Session ID is now a SessionId instance instead of a String. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca))
|
45
66
|
|
46
|
-
|
47
|
-
multi-valued response header. Implemented in terms of other
|
48
|
-
`Response#*_header` methods, so it's available to any response-like
|
49
|
-
class that includes the `Helpers` module.
|
67
|
+
## [2.0.7] - 2019-04-02
|
50
68
|
|
51
|
-
|
69
|
+
### Fixed
|
52
70
|
|
53
|
-
|
71
|
+
- Remove calls to `#eof?` on Rack input in `Multipart::Parser`, as this breaks the specification. ([@matthewd](https://github.com/matthewd))
|
72
|
+
- Preserve forwarded IP addresses for trusted proxy chains. ([@SamSaffron](https://github.com/SamSaffron))
|
54
73
|
|
55
|
-
|
56
|
-
`Rack::Session::Abstract::Persisted`.
|
57
|
-
`Rack::Session::Abstract::Persisted` uses a request object rather than
|
58
|
-
the `env` hash.
|
74
|
+
## [2.0.6] - 2018-11-05
|
59
75
|
|
60
|
-
|
76
|
+
### Fixed
|
61
77
|
|
62
|
-
|
63
|
-
|
64
|
-
|
78
|
+
- [[CVE-2018-16470](https://nvd.nist.gov/vuln/detail/CVE-2018-16470)] Reduce buffer size of `Multipart::Parser` to avoid pathological parsing. ([@tenderlove](https://github.com/tenderlove))
|
79
|
+
- Fix a call to a non-existing method `#accepts_html` in the `ShowExceptions` middleware. ([@tomelm](https://github.com/tomelm))
|
80
|
+
- [[CVE-2018-16471](https://nvd.nist.gov/vuln/detail/CVE-2018-16471)] Whitelist HTTP and HTTPS schemes in `Request#scheme` to prevent a possible XSS attack. ([@PatrickTulskie](https://github.com/PatrickTulskie))
|
65
81
|
|
66
|
-
|
82
|
+
## [2.0.5] - 2018-04-23
|
67
83
|
|
68
|
-
|
69
|
-
`Rack::Request::Helpers` and use public API to get values from the
|
70
|
-
request object. This enables users to mix `Rack::Request::Helpers` in
|
71
|
-
to their own objects so they can implement
|
72
|
-
`(get|set|fetch|each)_header` as they see fit (for example a proxy
|
73
|
-
object).
|
84
|
+
### Fixed
|
74
85
|
|
75
|
-
|
86
|
+
- Record errors originating from invalid UTF8 in `MethodOverride` middleware instead of breaking. ([@mclark](https://github.com/mclark))
|
76
87
|
|
77
|
-
|
78
|
-
Rather than unescaping paths like a form, we unescape with a URI
|
79
|
-
parser using `Rack::Utils.unescape_path`. Fixes #265
|
88
|
+
## [2.0.4] - 2018-01-31
|
80
89
|
|
81
|
-
|
90
|
+
### Changed
|
82
91
|
|
83
|
-
|
84
|
-
|
92
|
+
- Ensure the `Lock` middleware passes the original `env` object. ([@lugray](https://github.com/lugray))
|
93
|
+
- Improve performance of `Multipart::Parser` when uploading large files. ([@tompng](https://github.com/tompng))
|
94
|
+
- Increase buffer size in `Multipart::Parser` for better performance. ([@jkowens](https://github.com/jkowens))
|
95
|
+
- Reduce memory usage of `Multipart::Parser` when uploading large files. ([@tompng](https://github.com/tompng))
|
96
|
+
- Replace ConcurrentRuby dependency with native `Queue`. ([@devmchakan](https://github.com/devmchakan))
|
85
97
|
|
86
|
-
|
98
|
+
### Fixed
|
87
99
|
|
88
|
-
|
89
|
-
they're stored as a Hash. Response-like classes may include the
|
90
|
-
Rack::Response::Helpers module if they define these methods:
|
100
|
+
- Require the correct digest algorithm in the `ETag` middleware. ([@matthewd](https://github.com/matthewd))
|
91
101
|
|
92
|
-
|
93
|
-
* Rack::Response#get_header
|
94
|
-
* Rack::Response#set_header
|
95
|
-
* Rack::Response#delete_header
|
102
|
+
### Documentation
|
96
103
|
|
97
|
-
|
104
|
+
- Update homepage links to use SSL. ([@hugoabonizio](https://github.com/hugoabonizio))
|
98
105
|
|
99
|
-
|
100
|
-
HTTP_RANGE string passed to it without depending on the `env` hash.
|
101
|
-
`byte_ranges` is deprecated in favor of this method.
|
106
|
+
## [2.0.3] - 2017-05-15
|
102
107
|
|
103
|
-
|
108
|
+
### Changed
|
104
109
|
|
105
|
-
|
106
|
-
session information. This allows us to only allocate one request
|
107
|
-
object when dealing with session objects (rather than doing it every
|
108
|
-
time we need to manipulate cookies, etc).
|
110
|
+
- Ensure `env` values are ASCII 8-bit encoded. ([@eileencodes](https://github.com/eileencodes))
|
109
111
|
|
110
|
-
|
112
|
+
### Fixed
|
111
113
|
|
112
|
-
|
113
|
-
the request gets duped.
|
114
|
+
- Prevent exceptions when a class with mixins inherits from `Session::Abstract::ID`. ([@jnraine](https://github.com/jnraine))
|
114
115
|
|
115
|
-
|
116
|
+
## [2.0.2] - 2017-05-08
|
116
117
|
|
117
|
-
|
118
|
-
|
119
|
-
|
118
|
+
### Added
|
119
|
+
|
120
|
+
- Allow `Session::Abstract::SessionHash#fetch` to accept a block with a default value. ([@yannvanhalewyn](https://github.com/yannvanhalewyn))
|
121
|
+
- Add `Builder#freeze_app` to freeze application and all middleware. ([@jeremyevans](https://github.com/jeremyevans))
|
122
|
+
|
123
|
+
### Changed
|
124
|
+
|
125
|
+
- Freeze default session options to avoid accidental mutation. ([@kirs](https://github.com/kirs))
|
126
|
+
- Detect partial hijack without hash headers. ([@devmchakan](https://github.com/devmchakan))
|
127
|
+
- Update tests to use MiniTest 6 matchers. ([@tonytonyjan](https://github.com/tonytonyjan))
|
128
|
+
- Allow 205 Reset Content responses to set a Content-Length, as RFC 7231 proposes setting this to 0. ([@devmchakan](https://github.com/devmchakan))
|
129
|
+
|
130
|
+
### Fixed
|
131
|
+
|
132
|
+
- Handle `NULL` bytes in multipart filenames. ([@casperisfine](https://github.com/casperisfine))
|
133
|
+
- Remove warnings due to miscapitalized global. ([@ioquatix](https://github.com/ioquatix))
|
134
|
+
- Prevent exceptions caused by a race condition on multi-threaded servers. ([@sophiedeziel](https://github.com/sophiedeziel))
|
135
|
+
- Add RDoc as an explicit depencency for `doc` group. ([@tonytonyjan](https://github.com/tonytonyjan))
|
136
|
+
- Record errors originating from `Multipart::Parser` in the `MethodOverride` middleware instead of letting them bubble up. ([@carlzulauf](https://github.com/carlzulauf))
|
137
|
+
- Remove remaining use of removed `Utils#bytesize` method from the `File` middleware. ([@brauliomartinezlm](https://github.com/brauliomartinezlm))
|
138
|
+
|
139
|
+
### Removed
|
140
|
+
|
141
|
+
- Remove `deflate` encoding support to reduce caching overhead. ([@devmchakan](https://github.com/devmchakan))
|
142
|
+
|
143
|
+
### Documentation
|
120
144
|
|
121
|
-
|
122
|
-
* Rack::Request#get_header
|
123
|
-
* Rack::Request#fetch_header
|
124
|
-
* Rack::Request#each_header
|
125
|
-
* Rack::Request#set_header
|
126
|
-
* Rack::Request#delete_header
|
145
|
+
- Update broken example in `Deflater` documentation. ([@mwpastore](https://github.com/mwpastore))
|
127
146
|
|
128
|
-
|
147
|
+
## [2.0.1] - 2016-06-30
|
129
148
|
|
130
|
-
|
149
|
+
### Changed
|
150
|
+
|
151
|
+
- Remove JSON as an explicit dependency. ([@mperham](https://github.com/mperham))
|
152
|
+
|
153
|
+
|
154
|
+
# History/News Archive
|
155
|
+
Items below this line are from the previously maintained HISTORY.md and NEWS.md files.
|
156
|
+
|
157
|
+
## [2.0.0.rc1] 2016-05-06
|
158
|
+
- Rack::Session::Abstract::ID is deprecated. Please change to use Rack::Session::Abstract::Persisted
|
159
|
+
|
160
|
+
## [2.0.0.alpha] 2015-12-04
|
161
|
+
- First-party "SameSite" cookies. Browsers omit SameSite cookies from third-party requests, closing the door on many CSRF attacks.
|
162
|
+
- Pass `same_site: true` (or `:strict`) to enable: response.set_cookie 'foo', value: 'bar', same_site: true or `same_site: :lax` to use Lax enforcement: response.set_cookie 'foo', value: 'bar', same_site: :lax
|
163
|
+
- Based on version 7 of the Same-site Cookies internet draft:
|
164
|
+
https://tools.ietf.org/html/draft-west-first-party-cookies-07
|
165
|
+
- Thanks to Ben Toews (@mastahyeti) and Bob Long (@bobjflong) for updating to drafts 5 and 7.
|
166
|
+
- Add `Rack::Events` middleware for adding event based middleware: middleware that does not care about the response body, but only cares about doing work at particular points in the request / response lifecycle.
|
167
|
+
- Add `Rack::Request#authority` to calculate the authority under which the response is being made (this will be handy for h2 pushes).
|
168
|
+
- Add `Rack::Response::Helpers#cache_control` and `cache_control=`. Use this for setting cache control headers on your response objects.
|
169
|
+
- Add `Rack::Response::Helpers#etag` and `etag=`. Use this for setting etag values on the response.
|
170
|
+
- Introduce `Rack::Response::Helpers#add_header` to add a value to a multi-valued response header. Implemented in terms of other `Response#*_header` methods, so it's available to any response-like class that includes the `Helpers` module.
|
171
|
+
- Add `Rack::Request#add_header` to match.
|
172
|
+
- `Rack::Session::Abstract::ID` IS DEPRECATED. Please switch to `Rack::Session::Abstract::Persisted`. `Rack::Session::Abstract::Persisted` uses a request object rather than the `env` hash.
|
173
|
+
- Pull `ENV` access inside the request object in to a module. This will help with legacy Request objects that are ENV based but don't want to inherit from Rack::Request
|
174
|
+
- Move most methods on the `Rack::Request` to a module `Rack::Request::Helpers` and use public API to get values from the request object. This enables users to mix `Rack::Request::Helpers` in to their own objects so they can implement `(get|set|fetch|each)_header` as they see fit (for example a proxy object).
|
175
|
+
- Files and directories with + in the name are served correctly. Rather than unescaping paths like a form, we unescape with a URI parser using `Rack::Utils.unescape_path`. Fixes #265
|
176
|
+
- Tempfiles are automatically closed in the case that there were too
|
177
|
+
many posted.
|
178
|
+
- Added methods for manipulating response headers that don't assume
|
179
|
+
they're stored as a Hash. Response-like classes may include the
|
180
|
+
Rack::Response::Helpers module if they define these methods:
|
181
|
+
- Rack::Response#has_header?
|
182
|
+
- Rack::Response#get_header
|
183
|
+
- Rack::Response#set_header
|
184
|
+
- Rack::Response#delete_header
|
185
|
+
- Introduce Util.get_byte_ranges that will parse the value of the HTTP_RANGE string passed to it without depending on the `env` hash. `byte_ranges` is deprecated in favor of this method.
|
186
|
+
- Change Session internals to use Request objects for looking up session information. This allows us to only allocate one request object when dealing with session objects (rather than doing it every time we need to manipulate cookies, etc).
|
187
|
+
- Add `Rack::Request#initialize_copy` so that the env is duped when the request gets duped.
|
188
|
+
- Added methods for manipulating request specific data. This includes
|
189
|
+
data set as CGI parameters, and just any arbitrary data the user wants
|
190
|
+
to associate with a particular request. New methods:
|
191
|
+
- Rack::Request#has_header?
|
192
|
+
- Rack::Request#get_header
|
193
|
+
- Rack::Request#fetch_header
|
194
|
+
- Rack::Request#each_header
|
195
|
+
- Rack::Request#set_header
|
196
|
+
- Rack::Request#delete_header
|
197
|
+
- lib/rack/utils.rb: add a method for constructing "delete" cookie
|
131
198
|
headers. This allows us to construct cookie headers without depending
|
132
199
|
on the side effects of mutating a hash.
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
-
|
142
|
-
-
|
143
|
-
|
144
|
-
|
145
|
-
-
|
146
|
-
-
|
147
|
-
-
|
148
|
-
|
149
|
-
|
150
|
-
-
|
151
|
-
-
|
152
|
-
-
|
153
|
-
-
|
154
|
-
-
|
155
|
-
-
|
156
|
-
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
- Utils#multipart_part_limit configures the maximum number of parts a request can contain ([#684](https://github.com/rack/rack/pull/684))
|
161
|
-
- Default host to localhost when in development mode ([#514](https://github.com/rack/rack/pull/514))
|
162
|
-
- Various bugfixes and performance improvements (See the full [git history](https://github.com/rack/rack/compare/1.5.2...1.6.0) and [milestone tag](https://github.com/rack/rack/issues?utf8=%E2%9C%93&q=milestone%3A%22Rack+1.6%22))
|
163
|
-
|
164
|
-
### February 7th, 2013, Thirty fifth public release 1.5.2
|
200
|
+
- Prevent extremely deep parameters from being parsed. CVE-2015-3225
|
201
|
+
|
202
|
+
## [1.6.1] 2015-05-06
|
203
|
+
- Fix CVE-2014-9490, denial of service attack in OkJson
|
204
|
+
- Use a monotonic time for Rack::Runtime, if available
|
205
|
+
- RACK_MULTIPART_LIMIT changed to RACK_MULTIPART_PART_LIMIT (RACK_MULTIPART_LIMIT is deprecated and will be removed in 1.7.0)
|
206
|
+
|
207
|
+
## [1.5.3] 2015-05-06
|
208
|
+
- Fix CVE-2014-9490, denial of service attack in OkJson
|
209
|
+
- Backport bug fixes to 1.5 series
|
210
|
+
|
211
|
+
## [1.6.0] 2014-01-18
|
212
|
+
- Response#unauthorized? helper
|
213
|
+
- Deflater now accepts an options hash to control compression on a per-request level
|
214
|
+
- Builder#warmup method for app preloading
|
215
|
+
- Request#accept_language method to extract HTTP_ACCEPT_LANGUAGE
|
216
|
+
- Add quiet mode of rack server, rackup --quiet
|
217
|
+
- Update HTTP Status Codes to RFC 7231
|
218
|
+
- Less strict header name validation according to RFC 2616
|
219
|
+
- SPEC updated to specify headers conform to RFC7230 specification
|
220
|
+
- Etag correctly marks etags as weak
|
221
|
+
- Request#port supports multiple x-http-forwarded-proto values
|
222
|
+
- Utils#multipart_part_limit configures the maximum number of parts a request can contain
|
223
|
+
- Default host to localhost when in development mode
|
224
|
+
- Various bugfixes and performance improvements
|
225
|
+
|
226
|
+
## [1.5.2] 2013-02-07
|
165
227
|
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
|
166
228
|
- Fix CVE-2013-0262, symlink path traversal in Rack::File
|
167
229
|
- Add various methods to Session for enhanced Rails compatibility
|
@@ -171,26 +233,26 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
171
233
|
- Fix a race condition that could result in overwritten pidfiles
|
172
234
|
- Various documentation additions
|
173
235
|
|
174
|
-
|
236
|
+
## [1.4.5] 2013-02-07
|
175
237
|
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
|
176
238
|
- Fix CVE-2013-0262, symlink path traversal in Rack::File
|
177
239
|
|
178
|
-
|
240
|
+
## [1.1.6, 1.2.8, 1.3.10] 2013-02-07
|
179
241
|
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
|
180
242
|
|
181
|
-
|
243
|
+
## [1.5.1] 2013-01-28
|
182
244
|
- Rack::Lint check_hijack now conforms to other parts of SPEC
|
183
245
|
- Added hash-like methods to Abstract::ID::SessionHash for compatibility
|
184
246
|
- Various documentation corrections
|
185
247
|
|
186
|
-
|
248
|
+
## [1.5.0] 2013-01-21
|
187
249
|
- Introduced hijack SPEC, for before-response and after-response hijacking
|
188
250
|
- SessionHash is no longer a Hash subclass
|
189
251
|
- Rack::File cache_control parameter is removed, in place of headers options
|
190
252
|
- Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
|
191
253
|
- Rack::Utils cookie functions now format expires in RFC 2822 format
|
192
254
|
- Rack::File now has a default mime type
|
193
|
-
- rackup -b 'run Rack::
|
255
|
+
- rackup -b 'run Rack::Files.new(".")', option provides command line configs
|
194
256
|
- Rack::Deflater will no longer double encode bodies
|
195
257
|
- Rack::Mime#match? provides convenience for Accept header matching
|
196
258
|
- Rack::Utils#q_values provides splitting for Accept headers
|
@@ -207,17 +269,17 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
207
269
|
- Updated HTTP status codes
|
208
270
|
- Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
|
209
271
|
|
210
|
-
|
272
|
+
## [1.4.4, 1.3.9, 1.2.7, 1.1.5] 2013-01-13
|
211
273
|
- [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
|
212
274
|
- Fixed erroneous test case in the 1.3.x series
|
213
275
|
|
214
|
-
|
276
|
+
## [1.4.3] 2013-01-07
|
215
277
|
- Security: Prevent unbounded reads in large multipart boundaries
|
216
278
|
|
217
|
-
|
279
|
+
## [1.3.8] 2013-01-07
|
218
280
|
- Security: Prevent unbounded reads in large multipart boundaries
|
219
281
|
|
220
|
-
|
282
|
+
## [1.4.2] 2013-01-06
|
221
283
|
- Add warnings when users do not provide a session secret
|
222
284
|
- Fix parsing performance for unquoted filenames
|
223
285
|
- Updated URI backports
|
@@ -247,7 +309,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
247
309
|
- Rack::BodyProxy now explicitly defines #each, useful for C extensions
|
248
310
|
- Cookies that are not URI escaped no longer cause exceptions
|
249
311
|
|
250
|
-
|
312
|
+
## [1.3.7] 2013-01-06
|
251
313
|
- Add warnings when users do not provide a session secret
|
252
314
|
- Fix parsing performance for unquoted filenames
|
253
315
|
- Updated URI backports
|
@@ -264,14 +326,14 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
264
326
|
- Additional notes regarding ECMA escape compatibility issues
|
265
327
|
- Fix the parsing of multiple ranges in range headers
|
266
328
|
|
267
|
-
|
329
|
+
## [1.2.6] 2013-01-06
|
268
330
|
- Add warnings when users do not provide a session secret
|
269
331
|
- Fix parsing performance for unquoted filenames
|
270
332
|
|
271
|
-
|
333
|
+
## [1.1.4] 2013-01-06
|
272
334
|
- Add warnings when users do not provide a session secret
|
273
335
|
|
274
|
-
|
336
|
+
## [1.4.1] 2012-01-22
|
275
337
|
- Alter the keyspace limit calculations to reduce issues with nested params
|
276
338
|
- Add a workaround for multipart parsing where files contain unescaped "%"
|
277
339
|
- Added Rack::Response::Helpers#method_not_allowed? (code 405)
|
@@ -287,7 +349,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
287
349
|
- Rack::Static no longer defaults to serving index files
|
288
350
|
- Rack.release was fixed
|
289
351
|
|
290
|
-
|
352
|
+
## [1.4.0] 2011-12-28
|
291
353
|
- Ruby 1.8.6 support has officially been dropped. Not all tests pass.
|
292
354
|
- Raise sane error messages for broken config.ru
|
293
355
|
- Allow combining run and map in a config.ru
|
@@ -306,32 +368,32 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
306
368
|
- Support added for HTTP_X_FORWARDED_SCHEME
|
307
369
|
- Numerous bug fixes, including many fixes for new and alternate rubies
|
308
370
|
|
309
|
-
|
371
|
+
## [1.1.3] 2011-12-28
|
310
372
|
- Security fix. http://www.ocert.org/advisories/ocert-2011-003.html
|
311
373
|
Further information here: http://jruby.org/2011/12/27/jruby-1-6-5-1
|
312
374
|
|
313
|
-
|
375
|
+
## [1.3.5] 2011-10-17
|
314
376
|
- Fix annoying warnings caused by the backport in 1.3.4
|
315
377
|
|
316
|
-
|
378
|
+
## [1.3.4] 2011-10-01
|
317
379
|
- Backport security fix from 1.9.3, also fixes some roundtrip issues in URI
|
318
380
|
- Small documentation update
|
319
381
|
- Fix an issue where BodyProxy could cause an infinite recursion
|
320
382
|
- Add some supporting files for travis-ci
|
321
383
|
|
322
|
-
|
384
|
+
## [1.2.4] 2011-09-16
|
323
385
|
- Fix a bug with MRI regex engine to prevent XSS by malformed unicode
|
324
386
|
|
325
|
-
|
387
|
+
## [1.3.3] 2011-09-16
|
326
388
|
- Fix bug with broken query parameters in Rack::ShowExceptions
|
327
389
|
- Rack::Request#cookies no longer swallows exceptions on broken input
|
328
390
|
- Prevents XSS attacks enabled by bug in Ruby 1.8's regexp engine
|
329
391
|
- Rack::ConditionalGet handles broken If-Modified-Since helpers
|
330
392
|
|
331
|
-
|
393
|
+
## [1.3.2] 2011-07-16
|
332
394
|
- Fix for Rails and rack-test, Rack::Utils#escape calls to_s
|
333
395
|
|
334
|
-
|
396
|
+
## [1.3.1] 2011-07-13
|
335
397
|
- Fix 1.9.1 support
|
336
398
|
- Fix JRuby support
|
337
399
|
- Properly handle $KCODE in Rack::Utils.escape
|
@@ -342,11 +404,11 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
342
404
|
- Rack::MockResponse calls close on the body object
|
343
405
|
- Fix a DOS vector from MRI stdlib backport
|
344
406
|
|
345
|
-
|
407
|
+
## [1.2.3] 2011-05-22
|
346
408
|
- Pulled in relevant bug fixes from 1.3
|
347
409
|
- Fixed 1.8.6 support
|
348
410
|
|
349
|
-
|
411
|
+
## [1.3.0] 2011-05-22
|
350
412
|
- Various performance optimizations
|
351
413
|
- Various multipart fixes
|
352
414
|
- Various multipart refactors
|
@@ -366,16 +428,16 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
366
428
|
- Cookies respect renew
|
367
429
|
- Session middleware uses SecureRandom.hex
|
368
430
|
|
369
|
-
|
431
|
+
## [1.2.2, 1.1.2] 2011-03-13
|
370
432
|
- Security fix in Rack::Auth::Digest::MD5: when authenticator
|
371
433
|
returned nil, permission was granted on empty password.
|
372
434
|
|
373
|
-
|
435
|
+
## [1.2.1] 2010-06-15
|
374
436
|
- Make CGI handler rewindable
|
375
437
|
- Rename spec/ to test/ to not conflict with SPEC on lesser
|
376
438
|
operating systems
|
377
439
|
|
378
|
-
|
440
|
+
## [1.2.0] 2010-06-13
|
379
441
|
- Removed Camping adapter: Camping 2.0 supports Rack as-is
|
380
442
|
- Removed parsing of quoted values
|
381
443
|
- Add Request.trace? and Request.options?
|
@@ -384,7 +446,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
384
446
|
- Various multipart fixes
|
385
447
|
- Switch test suite to bacon
|
386
448
|
|
387
|
-
|
449
|
+
## [1.1.0] 2010-01-03
|
388
450
|
- Moved Auth::OpenID to rack-contrib.
|
389
451
|
- SPEC change that relaxes Lint slightly to allow subclasses of the
|
390
452
|
required types
|
@@ -419,7 +481,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
419
481
|
- Enforce binary encoding in RewindableInput
|
420
482
|
- Set correct external_encoding for handlers that don't use RewindableInput
|
421
483
|
|
422
|
-
|
484
|
+
## [1.0.1] 2009-10-18
|
423
485
|
- Bump remainder of rack.versions.
|
424
486
|
- Support the pure Ruby FCGI implementation.
|
425
487
|
- Fix for form names containing "=": split first then unescape components
|
@@ -430,7 +492,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
430
492
|
- Make sure WEBrick respects the :Host option
|
431
493
|
- Many Ruby 1.9 fixes.
|
432
494
|
|
433
|
-
|
495
|
+
## [1.0.0] 2009-04-25
|
434
496
|
- SPEC change: Rack::VERSION has been pushed to [1,0].
|
435
497
|
- SPEC change: header values must be Strings now, split on "\n".
|
436
498
|
- SPEC change: Content-Length can be missing, in this case chunked transfer
|
@@ -452,10 +514,10 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
452
514
|
- The Rakefile has been rewritten.
|
453
515
|
- Many bugfixes and small improvements.
|
454
516
|
|
455
|
-
|
517
|
+
## [0.9.1] 2009-01-09
|
456
518
|
- Fix directory traversal exploits in Rack::File and Rack::Directory.
|
457
519
|
|
458
|
-
|
520
|
+
## [0.9] 2009-01-06
|
459
521
|
- Rack is now managed by the Rack Core Team.
|
460
522
|
- Rack::Lint is stricter and follows the HTTP RFCs more closely.
|
461
523
|
- Added ConditionalGet middleware.
|
@@ -471,7 +533,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
471
533
|
- Made HeaderHash case-preserving.
|
472
534
|
- Many bugfixes and small improvements.
|
473
535
|
|
474
|
-
|
536
|
+
## [0.4] 2008-08-21
|
475
537
|
- New middleware, Rack::Deflater, by Christoffer Sawicki.
|
476
538
|
- OpenID authentication now needs ruby-openid 2.
|
477
539
|
- New Memcache sessions, by blink.
|
@@ -483,7 +545,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
483
545
|
- Improved tests.
|
484
546
|
- Rack moved to Git.
|
485
547
|
|
486
|
-
|
548
|
+
## [0.3] 2008-02-26
|
487
549
|
- LiteSpeed handler, by Adrian Madrid.
|
488
550
|
- SCGI handler, by Jeremy Evans.
|
489
551
|
- Pool sessions, by blink.
|
@@ -495,7 +557,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
495
557
|
- HTTP status 201 can contain a Content-Type and a body now.
|
496
558
|
- Many bugfixes, especially related to Cookie handling.
|
497
559
|
|
498
|
-
|
560
|
+
## [0.2] 2007-05-16
|
499
561
|
- HTTP Basic authentication.
|
500
562
|
- Cookie Sessions.
|
501
563
|
- Static file handler.
|
@@ -505,6 +567,4 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
505
567
|
- Bug fixes in the Camping adapter.
|
506
568
|
- Removed Rails adapter, was too alpha.
|
507
569
|
|
508
|
-
|
509
|
-
|
510
|
-
/* vim: set filetype=changelog */
|
570
|
+
## [0.1] 2007-03-03
|
data/{COPYING → MIT-LICENSE}
RENAMED
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (C) 2007-2019 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
|
2
4
|
|
3
5
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
6
|
of this software and associated documentation files (the "Software"), to
|
@@ -13,6 +15,6 @@ all copies or substantial portions of the Software.
|
|
13
15
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
16
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
17
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
16
|
-
THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
17
19
|
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
18
20
|
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|