rack 2.0.9.2 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/{HISTORY.md → CHANGELOG.md} +216 -162
- data/{COPYING → MIT-LICENSE} +4 -2
- data/README.rdoc +77 -117
- data/Rakefile +25 -18
- data/SPEC +9 -9
- data/bin/rackup +1 -0
- data/example/lobster.ru +2 -0
- data/example/protectedlobster.rb +3 -1
- data/example/protectedlobster.ru +2 -0
- data/lib/rack/auth/abstract/handler.rb +3 -1
- data/lib/rack/auth/abstract/request.rb +2 -0
- data/lib/rack/auth/basic.rb +4 -1
- data/lib/rack/auth/digest/md5.rb +9 -7
- data/lib/rack/auth/digest/nonce.rb +6 -3
- data/lib/rack/auth/digest/params.rb +4 -2
- data/lib/rack/auth/digest/request.rb +2 -0
- data/lib/rack/body_proxy.rb +3 -6
- data/lib/rack/builder.rb +38 -15
- data/lib/rack/cascade.rb +6 -5
- data/lib/rack/chunked.rb +29 -6
- data/lib/rack/common_logger.rb +9 -11
- data/lib/rack/conditional_get.rb +3 -1
- data/lib/rack/config.rb +2 -0
- data/lib/rack/content_length.rb +3 -1
- data/lib/rack/content_type.rb +3 -1
- data/lib/rack/core_ext/regexp.rb +14 -0
- data/lib/rack/deflater.rb +28 -17
- data/lib/rack/directory.rb +17 -14
- data/lib/rack/etag.rb +3 -1
- data/lib/rack/events.rb +5 -3
- data/lib/rack/file.rb +5 -173
- data/lib/rack/files.rb +178 -0
- data/lib/rack/handler/cgi.rb +3 -1
- data/lib/rack/handler/fastcgi.rb +4 -2
- data/lib/rack/handler/lsws.rb +3 -1
- data/lib/rack/handler/scgi.rb +9 -6
- data/lib/rack/handler/thin.rb +3 -1
- data/lib/rack/handler/webrick.rb +4 -2
- data/lib/rack/handler.rb +7 -2
- data/lib/rack/head.rb +2 -0
- data/lib/rack/lint.rb +15 -12
- data/lib/rack/lobster.rb +7 -5
- data/lib/rack/lock.rb +2 -0
- data/lib/rack/logger.rb +2 -0
- data/lib/rack/media_type.rb +10 -5
- data/lib/rack/method_override.rb +4 -2
- data/lib/rack/mime.rb +9 -1
- data/lib/rack/mock.rb +74 -15
- data/lib/rack/multipart/generator.rb +6 -7
- data/lib/rack/multipart/parser.rb +52 -47
- data/lib/rack/multipart/uploaded_file.rb +2 -0
- data/lib/rack/multipart.rb +6 -3
- data/lib/rack/null_logger.rb +2 -0
- data/lib/rack/query_parser.rb +51 -25
- data/lib/rack/recursive.rb +7 -5
- data/lib/rack/reloader.rb +10 -4
- data/lib/rack/request.rb +79 -26
- data/lib/rack/response.rb +71 -31
- data/lib/rack/rewindable_input.rb +4 -2
- data/lib/rack/runtime.rb +4 -2
- data/lib/rack/sendfile.rb +15 -8
- data/lib/rack/server.rb +88 -16
- data/lib/rack/session/abstract/id.rb +40 -22
- data/lib/rack/session/cookie.rb +10 -9
- data/lib/rack/session/memcache.rb +4 -93
- data/lib/rack/session/pool.rb +4 -2
- data/lib/rack/show_exceptions.rb +15 -9
- data/lib/rack/show_status.rb +4 -2
- data/lib/rack/static.rb +15 -10
- data/lib/rack/tempfile_reaper.rb +2 -0
- data/lib/rack/urlmap.rb +11 -2
- data/lib/rack/utils.rb +58 -76
- data/lib/rack.rb +63 -60
- data/rack.gemspec +17 -7
- metadata +33 -175
- data/test/builder/an_underscore_app.rb +0 -5
- data/test/builder/anything.rb +0 -5
- data/test/builder/comment.ru +0 -4
- data/test/builder/end.ru +0 -5
- data/test/builder/line.ru +0 -1
- data/test/builder/options.ru +0 -2
- data/test/cgi/assets/folder/test.js +0 -1
- data/test/cgi/assets/fonts/font.eot +0 -1
- data/test/cgi/assets/images/image.png +0 -1
- data/test/cgi/assets/index.html +0 -1
- data/test/cgi/assets/javascripts/app.js +0 -1
- data/test/cgi/assets/stylesheets/app.css +0 -1
- data/test/cgi/lighttpd.conf +0 -26
- data/test/cgi/rackup_stub.rb +0 -6
- data/test/cgi/sample_rackup.ru +0 -5
- data/test/cgi/test +0 -9
- data/test/cgi/test+directory/test+file +0 -1
- data/test/cgi/test.fcgi +0 -9
- data/test/cgi/test.gz +0 -0
- data/test/cgi/test.ru +0 -5
- data/test/gemloader.rb +0 -10
- data/test/helper.rb +0 -34
- data/test/multipart/bad_robots +0 -259
- data/test/multipart/binary +0 -0
- data/test/multipart/content_type_and_no_filename +0 -6
- data/test/multipart/empty +0 -10
- data/test/multipart/fail_16384_nofile +0 -814
- data/test/multipart/file1.txt +0 -1
- data/test/multipart/filename_and_modification_param +0 -7
- data/test/multipart/filename_and_no_name +0 -6
- data/test/multipart/filename_with_encoded_words +0 -7
- data/test/multipart/filename_with_escaped_quotes +0 -6
- data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
- data/test/multipart/filename_with_null_byte +0 -7
- data/test/multipart/filename_with_percent_escaped_quotes +0 -6
- data/test/multipart/filename_with_single_quote +0 -7
- data/test/multipart/filename_with_unescaped_percentages +0 -6
- data/test/multipart/filename_with_unescaped_percentages2 +0 -6
- data/test/multipart/filename_with_unescaped_percentages3 +0 -6
- data/test/multipart/filename_with_unescaped_quotes +0 -6
- data/test/multipart/ie +0 -6
- data/test/multipart/invalid_character +0 -6
- data/test/multipart/mixed_files +0 -21
- data/test/multipart/nested +0 -10
- data/test/multipart/none +0 -9
- data/test/multipart/quoted +0 -15
- data/test/multipart/rack-logo.png +0 -0
- data/test/multipart/semicolon +0 -6
- data/test/multipart/text +0 -15
- data/test/multipart/three_files_three_fields +0 -31
- data/test/multipart/unity3d_wwwform +0 -11
- data/test/multipart/webkit +0 -32
- data/test/rackup/config.ru +0 -31
- data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
- data/test/spec_auth_basic.rb +0 -89
- data/test/spec_auth_digest.rb +0 -260
- data/test/spec_body_proxy.rb +0 -85
- data/test/spec_builder.rb +0 -233
- data/test/spec_cascade.rb +0 -63
- data/test/spec_cgi.rb +0 -84
- data/test/spec_chunked.rb +0 -103
- data/test/spec_common_logger.rb +0 -107
- data/test/spec_conditional_get.rb +0 -103
- data/test/spec_config.rb +0 -23
- data/test/spec_content_length.rb +0 -86
- data/test/spec_content_type.rb +0 -46
- data/test/spec_deflater.rb +0 -375
- data/test/spec_directory.rb +0 -148
- data/test/spec_etag.rb +0 -108
- data/test/spec_events.rb +0 -133
- data/test/spec_fastcgi.rb +0 -85
- data/test/spec_file.rb +0 -264
- data/test/spec_handler.rb +0 -57
- data/test/spec_head.rb +0 -46
- data/test/spec_lint.rb +0 -520
- data/test/spec_lobster.rb +0 -59
- data/test/spec_lock.rb +0 -204
- data/test/spec_logger.rb +0 -24
- data/test/spec_media_type.rb +0 -42
- data/test/spec_method_override.rb +0 -110
- data/test/spec_mime.rb +0 -51
- data/test/spec_mock.rb +0 -359
- data/test/spec_multipart.rb +0 -709
- data/test/spec_null_logger.rb +0 -21
- data/test/spec_recursive.rb +0 -75
- data/test/spec_request.rb +0 -1407
- data/test/spec_response.rb +0 -528
- data/test/spec_rewindable_input.rb +0 -128
- data/test/spec_runtime.rb +0 -50
- data/test/spec_sendfile.rb +0 -125
- data/test/spec_server.rb +0 -193
- data/test/spec_session_abstract_id.rb +0 -31
- data/test/spec_session_abstract_session_hash.rb +0 -45
- data/test/spec_session_cookie.rb +0 -442
- data/test/spec_session_memcache.rb +0 -357
- data/test/spec_session_persisted_secure_secure_session_hash.rb +0 -73
- data/test/spec_session_pool.rb +0 -247
- data/test/spec_show_exceptions.rb +0 -93
- data/test/spec_show_status.rb +0 -104
- data/test/spec_static.rb +0 -184
- data/test/spec_tempfile_reaper.rb +0 -64
- data/test/spec_thin.rb +0 -96
- data/test/spec_urlmap.rb +0 -237
- data/test/spec_utils.rb +0 -742
- data/test/spec_version.rb +0 -11
- data/test/spec_webrick.rb +0 -206
- data/test/static/another/index.html +0 -1
- data/test/static/foo.html +0 -1
- data/test/static/index.html +0 -1
- data/test/testrequest.rb +0 -78
- data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
- data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e12f073e1e04051923534a08cf31f175959a4217f1a793f43283e1bb902a7225
|
4
|
+
data.tar.gz: e96008a1e0f77466d55c3834da7df2a4c640ec213306bab87e19bad5a9042c2c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f73e64b61cd21153bb90d23811b28026caa652f8eb4c682ebc02d8d5967b537f07c08d3d1b6d70cc14482d687637a2e539b384b119eb5b9be0d40c994577a2e7
|
7
|
+
data.tar.gz: 512be9498bf6b40a18a7c4d3bcce2e2bc1818185e30e522def5c9461cfaa8ad68282b09f6457f40a38779e7711b732cc9dc0b126f96b35f3b451b8709cc45f9b
|
data/{HISTORY.md → CHANGELOG.md}
RENAMED
@@ -1,173 +1,229 @@
|
|
1
|
-
|
1
|
+
# Changelog
|
2
2
|
|
3
|
-
|
4
|
-
* [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
|
5
|
-
* [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
|
3
|
+
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
6
4
|
|
7
|
-
|
5
|
+
## Unreleased
|
8
6
|
|
9
|
-
|
10
|
-
* [CVE-2022-30122] Restrict parsing of broken MIME attachments
|
7
|
+
_Note: There are many unreleased changes in Rack (`master` is around 300 commits ahead of `2-0-stable`), and below is not an exhaustive list. If you would like to help out and document some of the unreleased changes, PRs are welcome._
|
11
8
|
|
12
|
-
|
9
|
+
### Added
|
13
10
|
|
14
|
-
|
15
|
-
|
11
|
+
- Add support for `SameSite=None` cookie value. ([@hennikul](https://github.com/hennikul))
|
12
|
+
- Add trailer headers. ([@eileencodes](https://github.com/eileencodes))
|
13
|
+
- Add MIME Types for video streaming. ([@styd](https://github.com/styd))
|
14
|
+
- Add MIME Type for WASM. ([@buildrtech](https://github.com/buildrtech))
|
15
|
+
- Add `Early Hints(103)` to status codes. ([@egtra](https://github.com/egtra))
|
16
|
+
- Add `Too Early(425)` to status codes. ([@y-yagi]((https://github.com/y-yagi)))
|
17
|
+
- Add `Bandwidth Limit Exceeded(509)` to status codes. ([@CJKinni](https://github.com/CJKinni))
|
18
|
+
- Add method for custom `ip_filter`. ([@svcastaneda](https://github.com/svcastaneda))
|
19
|
+
- Add boot-time profiling capabilities to `rackup`. ([@tenderlove](https://github.com/tenderlove))
|
20
|
+
- Add multi mapping support for `X-Accel-Mappings` header. ([@yoshuki](https://github.com/yoshuki))
|
21
|
+
- Add `sync: false` option to `Rack::Deflater`. (Eric Wong)
|
22
|
+
- Add `Builder#freeze_app` to freeze application and all middleware instances. ([@jeremyevans](https://github.com/jeremyevans))
|
23
|
+
- Add API to extract cookies from `Rack::MockResponse`. ([@petercline](https://github.com/petercline))
|
16
24
|
|
17
|
-
|
18
|
-
response.set_cookie 'foo', value: 'bar', same_site: true
|
19
|
-
or `same_site: :lax` to use Lax enforcement:
|
20
|
-
response.set_cookie 'foo', value: 'bar', same_site: :lax
|
25
|
+
### Changed
|
21
26
|
|
22
|
-
|
23
|
-
|
27
|
+
- Don't propagate nil values from middleware. ([@ioquatix](https://github.com/ioquatix))
|
28
|
+
- Lazily initialize the response body and only buffer it if required. ([@ioquatix](https://github.com/ioquatix))
|
29
|
+
- Fix deflater zlib buffer errors on empty body part. ([@felixbuenemann](https://github.com/felixbuenemann))
|
30
|
+
- Set `X-Accel-Redirect` to percent-encoded path. ([@diskkid](https://github.com/diskkid))
|
31
|
+
- Remove unnecessary buffer growing when parsing multipart. ([@tainoe](https://github.com/tainoe))
|
32
|
+
- Expand the root path in `Rack::Static` upon initialization. ([@rosenfeld](https://github.com/rosenfeld))
|
33
|
+
- Make `ShowExceptions` work with binary data. ([@axyjo](https://github.com/axyjo))
|
34
|
+
- Use buffer string when parsing multipart requests. ([@janko-m](https://github.com/janko-m))
|
35
|
+
- Support optional UTF-8 Byte Order Mark (BOM) in config.ru. ([@mikegee](https://github.com/mikegee))
|
36
|
+
- Handle `X-Forwarded-For` with optional port. ([@dpritchett](https://github.com/dpritchett))
|
37
|
+
- Use `Time#httpdate` format for Expires, as proposed by RFC 7231. ([@nanaya](https://github.com/nanaya))
|
38
|
+
- Make `Utils.status_code` raise an error when the status symbol is invalid instead of `500`. ([@adambutler](https://github.com/adambutler))
|
39
|
+
- Rename `Request::SCHEME_WHITELIST` to `Request::ALLOWED_SCHEMES`.
|
40
|
+
- Make `Multipart::Parser.get_filename` accept files with `+` in their name. ([@lucaskanashiro](https://github.com/lucaskanashiro))
|
41
|
+
- Add Falcon to the default handler fallbacks. ([@ioquatix](https://github.com/ioquatix))
|
42
|
+
- Update codebase to avoid string mutations in preparation for `frozen_string_literals`. ([@pat](https://github.com/pat))
|
43
|
+
- Change `MockRequest#env_for` to rely on the input optionally responding to `#size` instead of `#length`. ([@janko](https://github.com/janko))
|
44
|
+
- Rename `Rack::File` -> `Rack::Files` and add deprecation notice. ([@postmodern](https://github.com/postmodern)).
|
24
45
|
|
25
|
-
|
26
|
-
updating to drafts 5 and 7.
|
46
|
+
### Removed
|
27
47
|
|
28
|
-
|
48
|
+
- Remove `to_ary` from Response ([@tenderlove](https://github.com/tenderlove))
|
49
|
+
- Deprecate `Rack::Session::Memcache` in favor of `Rack::Session::Dalli` from dalli gem ([@fatkodima](https://github.com/fatkodima))
|
29
50
|
|
30
|
-
|
31
|
-
middleware that does not care about the response body, but only cares
|
32
|
-
about doing work at particular points in the request / response
|
33
|
-
lifecycle.
|
51
|
+
### Documentation
|
34
52
|
|
35
|
-
|
53
|
+
- Update broken example in `Session::Abstract::ID` documentation. ([tonytonyjan](https://github.com/tonytonyjan))
|
54
|
+
- Add Padrino to the list of frameworks implmenting Rack. ([@wikimatze](https://github.com/wikimatze))
|
55
|
+
- Remove Mongrel from the suggested server options in the help output. ([@tricknotes](https://github.com/tricknotes))
|
56
|
+
- Replace `HISTORY.md` and `NEWS.md` with `CHANGELOG.md`. ([@twitnithegirl](https://github.com/twitnithegirl))
|
57
|
+
- Backfill `CHANGELOG.md` from 2.0.1 to 2.0.7 releases. ([@drenmi](https://github.com/Drenmi))
|
36
58
|
|
37
|
-
|
38
|
-
the response is being made (this will be handy for h2 pushes).
|
59
|
+
## [2.0.8] - 2019-12-08
|
39
60
|
|
40
|
-
|
61
|
+
- [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. BREAKING CHANGE: Session ID is now a SessionId instance instead of a String. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca))
|
41
62
|
|
42
|
-
|
43
|
-
Use this for setting cache control headers on your response objects.
|
63
|
+
## [1.6.12] - 2019-12-08
|
44
64
|
|
45
|
-
|
65
|
+
- [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. BREAKING CHANGE: Session ID is now a SessionId instance instead of a String. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca))
|
46
66
|
|
47
|
-
|
48
|
-
setting etag values on the response.
|
67
|
+
## [2.0.7] - 2019-04-02
|
49
68
|
|
50
|
-
|
69
|
+
### Fixed
|
51
70
|
|
52
|
-
|
53
|
-
|
54
|
-
`Response#*_header` methods, so it's available to any response-like
|
55
|
-
class that includes the `Helpers` module.
|
71
|
+
- Remove calls to `#eof?` on Rack input in `Multipart::Parser`, as this breaks the specification. ([@matthewd](https://github.com/matthewd))
|
72
|
+
- Preserve forwarded IP addresses for trusted proxy chains. ([@SamSaffron](https://github.com/SamSaffron))
|
56
73
|
|
57
|
-
|
74
|
+
## [2.0.6] - 2018-11-05
|
58
75
|
|
59
|
-
|
76
|
+
### Fixed
|
60
77
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
the `env` hash.
|
78
|
+
- [[CVE-2018-16470](https://nvd.nist.gov/vuln/detail/CVE-2018-16470)] Reduce buffer size of `Multipart::Parser` to avoid pathological parsing. ([@tenderlove](https://github.com/tenderlove))
|
79
|
+
- Fix a call to a non-existing method `#accepts_html` in the `ShowExceptions` middleware. ([@tomelm](https://github.com/tomelm))
|
80
|
+
- [[CVE-2018-16471](https://nvd.nist.gov/vuln/detail/CVE-2018-16471)] Whitelist HTTP and HTTPS schemes in `Request#scheme` to prevent a possible XSS attack. ([@PatrickTulskie](https://github.com/PatrickTulskie))
|
65
81
|
|
66
|
-
|
82
|
+
## [2.0.5] - 2018-04-23
|
67
83
|
|
68
|
-
|
69
|
-
will help with legacy Request objects that are ENV based but don't
|
70
|
-
want to inherit from Rack::Request
|
84
|
+
### Fixed
|
71
85
|
|
72
|
-
|
86
|
+
- Record errors originating from invalid UTF8 in `MethodOverride` middleware instead of breaking. ([@mclark](https://github.com/mclark))
|
73
87
|
|
74
|
-
|
75
|
-
`Rack::Request::Helpers` and use public API to get values from the
|
76
|
-
request object. This enables users to mix `Rack::Request::Helpers` in
|
77
|
-
to their own objects so they can implement
|
78
|
-
`(get|set|fetch|each)_header` as they see fit (for example a proxy
|
79
|
-
object).
|
88
|
+
## [2.0.4] - 2018-01-31
|
80
89
|
|
81
|
-
|
90
|
+
### Changed
|
82
91
|
|
83
|
-
|
84
|
-
|
85
|
-
|
92
|
+
- Ensure the `Lock` middleware passes the original `env` object. ([@lugray](https://github.com/lugray))
|
93
|
+
- Improve performance of `Multipart::Parser` when uploading large files. ([@tompng](https://github.com/tompng))
|
94
|
+
- Increase buffer size in `Multipart::Parser` for better performance. ([@jkowens](https://github.com/jkowens))
|
95
|
+
- Reduce memory usage of `Multipart::Parser` when uploading large files. ([@tompng](https://github.com/tompng))
|
96
|
+
- Replace ConcurrentRuby dependency with native `Queue`. ([@devmchakan](https://github.com/devmchakan))
|
86
97
|
|
87
|
-
|
98
|
+
### Fixed
|
88
99
|
|
89
|
-
|
90
|
-
many posted.
|
100
|
+
- Require the correct digest algorithm in the `ETag` middleware. ([@matthewd](https://github.com/matthewd))
|
91
101
|
|
92
|
-
|
102
|
+
### Documentation
|
93
103
|
|
94
|
-
|
95
|
-
they're stored as a Hash. Response-like classes may include the
|
96
|
-
Rack::Response::Helpers module if they define these methods:
|
104
|
+
- Update homepage links to use SSL. ([@hugoabonizio](https://github.com/hugoabonizio))
|
97
105
|
|
98
|
-
|
99
|
-
* Rack::Response#get_header
|
100
|
-
* Rack::Response#set_header
|
101
|
-
* Rack::Response#delete_header
|
106
|
+
## [2.0.3] - 2017-05-15
|
102
107
|
|
103
|
-
|
108
|
+
### Changed
|
104
109
|
|
105
|
-
|
106
|
-
HTTP_RANGE string passed to it without depending on the `env` hash.
|
107
|
-
`byte_ranges` is deprecated in favor of this method.
|
110
|
+
- Ensure `env` values are ASCII 8-bit encoded. ([@eileencodes](https://github.com/eileencodes))
|
108
111
|
|
109
|
-
|
112
|
+
### Fixed
|
110
113
|
|
111
|
-
|
112
|
-
session information. This allows us to only allocate one request
|
113
|
-
object when dealing with session objects (rather than doing it every
|
114
|
-
time we need to manipulate cookies, etc).
|
114
|
+
- Prevent exceptions when a class with mixins inherits from `Session::Abstract::ID`. ([@jnraine](https://github.com/jnraine))
|
115
115
|
|
116
|
-
|
116
|
+
## [2.0.2] - 2017-05-08
|
117
117
|
|
118
|
-
|
119
|
-
the request gets duped.
|
118
|
+
### Added
|
120
119
|
|
121
|
-
|
120
|
+
- Allow `Session::Abstract::SessionHash#fetch` to accept a block with a default value. ([@yannvanhalewyn](https://github.com/yannvanhalewyn))
|
121
|
+
- Add `Builder#freeze_app` to freeze application and all middleware. ([@jeremyevans](https://github.com/jeremyevans))
|
122
122
|
|
123
|
-
|
124
|
-
|
125
|
-
|
123
|
+
### Changed
|
124
|
+
|
125
|
+
- Freeze default session options to avoid accidental mutation. ([@kirs](https://github.com/kirs))
|
126
|
+
- Detect partial hijack without hash headers. ([@devmchakan](https://github.com/devmchakan))
|
127
|
+
- Update tests to use MiniTest 6 matchers. ([@tonytonyjan](https://github.com/tonytonyjan))
|
128
|
+
- Allow 205 Reset Content responses to set a Content-Length, as RFC 7231 proposes setting this to 0. ([@devmchakan](https://github.com/devmchakan))
|
129
|
+
|
130
|
+
### Fixed
|
131
|
+
|
132
|
+
- Handle `NULL` bytes in multipart filenames. ([@casperisfine](https://github.com/casperisfine))
|
133
|
+
- Remove warnings due to miscapitalized global. ([@ioquatix](https://github.com/ioquatix))
|
134
|
+
- Prevent exceptions caused by a race condition on multi-threaded servers. ([@sophiedeziel](https://github.com/sophiedeziel))
|
135
|
+
- Add RDoc as an explicit depencency for `doc` group. ([@tonytonyjan](https://github.com/tonytonyjan))
|
136
|
+
- Record errors originating from `Multipart::Parser` in the `MethodOverride` middleware instead of letting them bubble up. ([@carlzulauf](https://github.com/carlzulauf))
|
137
|
+
- Remove remaining use of removed `Utils#bytesize` method from the `File` middleware. ([@brauliomartinezlm](https://github.com/brauliomartinezlm))
|
138
|
+
|
139
|
+
### Removed
|
140
|
+
|
141
|
+
- Remove `deflate` encoding support to reduce caching overhead. ([@devmchakan](https://github.com/devmchakan))
|
142
|
+
|
143
|
+
### Documentation
|
144
|
+
|
145
|
+
- Update broken example in `Deflater` documentation. ([@mwpastore](https://github.com/mwpastore))
|
126
146
|
|
127
|
-
|
128
|
-
* Rack::Request#get_header
|
129
|
-
* Rack::Request#fetch_header
|
130
|
-
* Rack::Request#each_header
|
131
|
-
* Rack::Request#set_header
|
132
|
-
* Rack::Request#delete_header
|
147
|
+
## [2.0.1] - 2016-06-30
|
133
148
|
|
134
|
-
|
149
|
+
### Changed
|
135
150
|
|
136
|
-
|
151
|
+
- Remove JSON as an explicit dependency. ([@mperham](https://github.com/mperham))
|
152
|
+
|
153
|
+
|
154
|
+
# History/News Archive
|
155
|
+
Items below this line are from the previously maintained HISTORY.md and NEWS.md files.
|
156
|
+
|
157
|
+
## [2.0.0.rc1] 2016-05-06
|
158
|
+
- Rack::Session::Abstract::ID is deprecated. Please change to use Rack::Session::Abstract::Persisted
|
159
|
+
|
160
|
+
## [2.0.0.alpha] 2015-12-04
|
161
|
+
- First-party "SameSite" cookies. Browsers omit SameSite cookies from third-party requests, closing the door on many CSRF attacks.
|
162
|
+
- Pass `same_site: true` (or `:strict`) to enable: response.set_cookie 'foo', value: 'bar', same_site: true or `same_site: :lax` to use Lax enforcement: response.set_cookie 'foo', value: 'bar', same_site: :lax
|
163
|
+
- Based on version 7 of the Same-site Cookies internet draft:
|
164
|
+
https://tools.ietf.org/html/draft-west-first-party-cookies-07
|
165
|
+
- Thanks to Ben Toews (@mastahyeti) and Bob Long (@bobjflong) for updating to drafts 5 and 7.
|
166
|
+
- Add `Rack::Events` middleware for adding event based middleware: middleware that does not care about the response body, but only cares about doing work at particular points in the request / response lifecycle.
|
167
|
+
- Add `Rack::Request#authority` to calculate the authority under which the response is being made (this will be handy for h2 pushes).
|
168
|
+
- Add `Rack::Response::Helpers#cache_control` and `cache_control=`. Use this for setting cache control headers on your response objects.
|
169
|
+
- Add `Rack::Response::Helpers#etag` and `etag=`. Use this for setting etag values on the response.
|
170
|
+
- Introduce `Rack::Response::Helpers#add_header` to add a value to a multi-valued response header. Implemented in terms of other `Response#*_header` methods, so it's available to any response-like class that includes the `Helpers` module.
|
171
|
+
- Add `Rack::Request#add_header` to match.
|
172
|
+
- `Rack::Session::Abstract::ID` IS DEPRECATED. Please switch to `Rack::Session::Abstract::Persisted`. `Rack::Session::Abstract::Persisted` uses a request object rather than the `env` hash.
|
173
|
+
- Pull `ENV` access inside the request object in to a module. This will help with legacy Request objects that are ENV based but don't want to inherit from Rack::Request
|
174
|
+
- Move most methods on the `Rack::Request` to a module `Rack::Request::Helpers` and use public API to get values from the request object. This enables users to mix `Rack::Request::Helpers` in to their own objects so they can implement `(get|set|fetch|each)_header` as they see fit (for example a proxy object).
|
175
|
+
- Files and directories with + in the name are served correctly. Rather than unescaping paths like a form, we unescape with a URI parser using `Rack::Utils.unescape_path`. Fixes #265
|
176
|
+
- Tempfiles are automatically closed in the case that there were too
|
177
|
+
many posted.
|
178
|
+
- Added methods for manipulating response headers that don't assume
|
179
|
+
they're stored as a Hash. Response-like classes may include the
|
180
|
+
Rack::Response::Helpers module if they define these methods:
|
181
|
+
- Rack::Response#has_header?
|
182
|
+
- Rack::Response#get_header
|
183
|
+
- Rack::Response#set_header
|
184
|
+
- Rack::Response#delete_header
|
185
|
+
- Introduce Util.get_byte_ranges that will parse the value of the HTTP_RANGE string passed to it without depending on the `env` hash. `byte_ranges` is deprecated in favor of this method.
|
186
|
+
- Change Session internals to use Request objects for looking up session information. This allows us to only allocate one request object when dealing with session objects (rather than doing it every time we need to manipulate cookies, etc).
|
187
|
+
- Add `Rack::Request#initialize_copy` so that the env is duped when the request gets duped.
|
188
|
+
- Added methods for manipulating request specific data. This includes
|
189
|
+
data set as CGI parameters, and just any arbitrary data the user wants
|
190
|
+
to associate with a particular request. New methods:
|
191
|
+
- Rack::Request#has_header?
|
192
|
+
- Rack::Request#get_header
|
193
|
+
- Rack::Request#fetch_header
|
194
|
+
- Rack::Request#each_header
|
195
|
+
- Rack::Request#set_header
|
196
|
+
- Rack::Request#delete_header
|
197
|
+
- lib/rack/utils.rb: add a method for constructing "delete" cookie
|
137
198
|
headers. This allows us to construct cookie headers without depending
|
138
199
|
on the side effects of mutating a hash.
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
-
|
148
|
-
-
|
149
|
-
|
150
|
-
|
151
|
-
-
|
152
|
-
-
|
153
|
-
-
|
154
|
-
|
155
|
-
|
156
|
-
-
|
157
|
-
-
|
158
|
-
-
|
159
|
-
-
|
160
|
-
-
|
161
|
-
-
|
162
|
-
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
- Utils#multipart_part_limit configures the maximum number of parts a request can contain ([#684](https://github.com/rack/rack/pull/684))
|
167
|
-
- Default host to localhost when in development mode ([#514](https://github.com/rack/rack/pull/514))
|
168
|
-
- Various bugfixes and performance improvements (See the full [git history](https://github.com/rack/rack/compare/1.5.2...1.6.0) and [milestone tag](https://github.com/rack/rack/issues?utf8=%E2%9C%93&q=milestone%3A%22Rack+1.6%22))
|
169
|
-
|
170
|
-
### February 7th, 2013, Thirty fifth public release 1.5.2
|
200
|
+
- Prevent extremely deep parameters from being parsed. CVE-2015-3225
|
201
|
+
|
202
|
+
## [1.6.1] 2015-05-06
|
203
|
+
- Fix CVE-2014-9490, denial of service attack in OkJson
|
204
|
+
- Use a monotonic time for Rack::Runtime, if available
|
205
|
+
- RACK_MULTIPART_LIMIT changed to RACK_MULTIPART_PART_LIMIT (RACK_MULTIPART_LIMIT is deprecated and will be removed in 1.7.0)
|
206
|
+
|
207
|
+
## [1.5.3] 2015-05-06
|
208
|
+
- Fix CVE-2014-9490, denial of service attack in OkJson
|
209
|
+
- Backport bug fixes to 1.5 series
|
210
|
+
|
211
|
+
## [1.6.0] 2014-01-18
|
212
|
+
- Response#unauthorized? helper
|
213
|
+
- Deflater now accepts an options hash to control compression on a per-request level
|
214
|
+
- Builder#warmup method for app preloading
|
215
|
+
- Request#accept_language method to extract HTTP_ACCEPT_LANGUAGE
|
216
|
+
- Add quiet mode of rack server, rackup --quiet
|
217
|
+
- Update HTTP Status Codes to RFC 7231
|
218
|
+
- Less strict header name validation according to RFC 2616
|
219
|
+
- SPEC updated to specify headers conform to RFC7230 specification
|
220
|
+
- Etag correctly marks etags as weak
|
221
|
+
- Request#port supports multiple x-http-forwarded-proto values
|
222
|
+
- Utils#multipart_part_limit configures the maximum number of parts a request can contain
|
223
|
+
- Default host to localhost when in development mode
|
224
|
+
- Various bugfixes and performance improvements
|
225
|
+
|
226
|
+
## [1.5.2] 2013-02-07
|
171
227
|
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
|
172
228
|
- Fix CVE-2013-0262, symlink path traversal in Rack::File
|
173
229
|
- Add various methods to Session for enhanced Rails compatibility
|
@@ -177,26 +233,26 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
177
233
|
- Fix a race condition that could result in overwritten pidfiles
|
178
234
|
- Various documentation additions
|
179
235
|
|
180
|
-
|
236
|
+
## [1.4.5] 2013-02-07
|
181
237
|
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
|
182
238
|
- Fix CVE-2013-0262, symlink path traversal in Rack::File
|
183
239
|
|
184
|
-
|
240
|
+
## [1.1.6, 1.2.8, 1.3.10] 2013-02-07
|
185
241
|
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
|
186
242
|
|
187
|
-
|
243
|
+
## [1.5.1] 2013-01-28
|
188
244
|
- Rack::Lint check_hijack now conforms to other parts of SPEC
|
189
245
|
- Added hash-like methods to Abstract::ID::SessionHash for compatibility
|
190
246
|
- Various documentation corrections
|
191
247
|
|
192
|
-
|
248
|
+
## [1.5.0] 2013-01-21
|
193
249
|
- Introduced hijack SPEC, for before-response and after-response hijacking
|
194
250
|
- SessionHash is no longer a Hash subclass
|
195
251
|
- Rack::File cache_control parameter is removed, in place of headers options
|
196
252
|
- Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
|
197
253
|
- Rack::Utils cookie functions now format expires in RFC 2822 format
|
198
254
|
- Rack::File now has a default mime type
|
199
|
-
- rackup -b 'run Rack::
|
255
|
+
- rackup -b 'run Rack::Files.new(".")', option provides command line configs
|
200
256
|
- Rack::Deflater will no longer double encode bodies
|
201
257
|
- Rack::Mime#match? provides convenience for Accept header matching
|
202
258
|
- Rack::Utils#q_values provides splitting for Accept headers
|
@@ -213,17 +269,17 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
213
269
|
- Updated HTTP status codes
|
214
270
|
- Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
|
215
271
|
|
216
|
-
|
272
|
+
## [1.4.4, 1.3.9, 1.2.7, 1.1.5] 2013-01-13
|
217
273
|
- [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
|
218
274
|
- Fixed erroneous test case in the 1.3.x series
|
219
275
|
|
220
|
-
|
276
|
+
## [1.4.3] 2013-01-07
|
221
277
|
- Security: Prevent unbounded reads in large multipart boundaries
|
222
278
|
|
223
|
-
|
279
|
+
## [1.3.8] 2013-01-07
|
224
280
|
- Security: Prevent unbounded reads in large multipart boundaries
|
225
281
|
|
226
|
-
|
282
|
+
## [1.4.2] 2013-01-06
|
227
283
|
- Add warnings when users do not provide a session secret
|
228
284
|
- Fix parsing performance for unquoted filenames
|
229
285
|
- Updated URI backports
|
@@ -253,7 +309,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
253
309
|
- Rack::BodyProxy now explicitly defines #each, useful for C extensions
|
254
310
|
- Cookies that are not URI escaped no longer cause exceptions
|
255
311
|
|
256
|
-
|
312
|
+
## [1.3.7] 2013-01-06
|
257
313
|
- Add warnings when users do not provide a session secret
|
258
314
|
- Fix parsing performance for unquoted filenames
|
259
315
|
- Updated URI backports
|
@@ -270,14 +326,14 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
270
326
|
- Additional notes regarding ECMA escape compatibility issues
|
271
327
|
- Fix the parsing of multiple ranges in range headers
|
272
328
|
|
273
|
-
|
329
|
+
## [1.2.6] 2013-01-06
|
274
330
|
- Add warnings when users do not provide a session secret
|
275
331
|
- Fix parsing performance for unquoted filenames
|
276
332
|
|
277
|
-
|
333
|
+
## [1.1.4] 2013-01-06
|
278
334
|
- Add warnings when users do not provide a session secret
|
279
335
|
|
280
|
-
|
336
|
+
## [1.4.1] 2012-01-22
|
281
337
|
- Alter the keyspace limit calculations to reduce issues with nested params
|
282
338
|
- Add a workaround for multipart parsing where files contain unescaped "%"
|
283
339
|
- Added Rack::Response::Helpers#method_not_allowed? (code 405)
|
@@ -293,7 +349,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
293
349
|
- Rack::Static no longer defaults to serving index files
|
294
350
|
- Rack.release was fixed
|
295
351
|
|
296
|
-
|
352
|
+
## [1.4.0] 2011-12-28
|
297
353
|
- Ruby 1.8.6 support has officially been dropped. Not all tests pass.
|
298
354
|
- Raise sane error messages for broken config.ru
|
299
355
|
- Allow combining run and map in a config.ru
|
@@ -312,32 +368,32 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
312
368
|
- Support added for HTTP_X_FORWARDED_SCHEME
|
313
369
|
- Numerous bug fixes, including many fixes for new and alternate rubies
|
314
370
|
|
315
|
-
|
371
|
+
## [1.1.3] 2011-12-28
|
316
372
|
- Security fix. http://www.ocert.org/advisories/ocert-2011-003.html
|
317
373
|
Further information here: http://jruby.org/2011/12/27/jruby-1-6-5-1
|
318
374
|
|
319
|
-
|
375
|
+
## [1.3.5] 2011-10-17
|
320
376
|
- Fix annoying warnings caused by the backport in 1.3.4
|
321
377
|
|
322
|
-
|
378
|
+
## [1.3.4] 2011-10-01
|
323
379
|
- Backport security fix from 1.9.3, also fixes some roundtrip issues in URI
|
324
380
|
- Small documentation update
|
325
381
|
- Fix an issue where BodyProxy could cause an infinite recursion
|
326
382
|
- Add some supporting files for travis-ci
|
327
383
|
|
328
|
-
|
384
|
+
## [1.2.4] 2011-09-16
|
329
385
|
- Fix a bug with MRI regex engine to prevent XSS by malformed unicode
|
330
386
|
|
331
|
-
|
387
|
+
## [1.3.3] 2011-09-16
|
332
388
|
- Fix bug with broken query parameters in Rack::ShowExceptions
|
333
389
|
- Rack::Request#cookies no longer swallows exceptions on broken input
|
334
390
|
- Prevents XSS attacks enabled by bug in Ruby 1.8's regexp engine
|
335
391
|
- Rack::ConditionalGet handles broken If-Modified-Since helpers
|
336
392
|
|
337
|
-
|
393
|
+
## [1.3.2] 2011-07-16
|
338
394
|
- Fix for Rails and rack-test, Rack::Utils#escape calls to_s
|
339
395
|
|
340
|
-
|
396
|
+
## [1.3.1] 2011-07-13
|
341
397
|
- Fix 1.9.1 support
|
342
398
|
- Fix JRuby support
|
343
399
|
- Properly handle $KCODE in Rack::Utils.escape
|
@@ -348,11 +404,11 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
348
404
|
- Rack::MockResponse calls close on the body object
|
349
405
|
- Fix a DOS vector from MRI stdlib backport
|
350
406
|
|
351
|
-
|
407
|
+
## [1.2.3] 2011-05-22
|
352
408
|
- Pulled in relevant bug fixes from 1.3
|
353
409
|
- Fixed 1.8.6 support
|
354
410
|
|
355
|
-
|
411
|
+
## [1.3.0] 2011-05-22
|
356
412
|
- Various performance optimizations
|
357
413
|
- Various multipart fixes
|
358
414
|
- Various multipart refactors
|
@@ -372,16 +428,16 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
372
428
|
- Cookies respect renew
|
373
429
|
- Session middleware uses SecureRandom.hex
|
374
430
|
|
375
|
-
|
431
|
+
## [1.2.2, 1.1.2] 2011-03-13
|
376
432
|
- Security fix in Rack::Auth::Digest::MD5: when authenticator
|
377
433
|
returned nil, permission was granted on empty password.
|
378
434
|
|
379
|
-
|
435
|
+
## [1.2.1] 2010-06-15
|
380
436
|
- Make CGI handler rewindable
|
381
437
|
- Rename spec/ to test/ to not conflict with SPEC on lesser
|
382
438
|
operating systems
|
383
439
|
|
384
|
-
|
440
|
+
## [1.2.0] 2010-06-13
|
385
441
|
- Removed Camping adapter: Camping 2.0 supports Rack as-is
|
386
442
|
- Removed parsing of quoted values
|
387
443
|
- Add Request.trace? and Request.options?
|
@@ -390,7 +446,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
390
446
|
- Various multipart fixes
|
391
447
|
- Switch test suite to bacon
|
392
448
|
|
393
|
-
|
449
|
+
## [1.1.0] 2010-01-03
|
394
450
|
- Moved Auth::OpenID to rack-contrib.
|
395
451
|
- SPEC change that relaxes Lint slightly to allow subclasses of the
|
396
452
|
required types
|
@@ -425,7 +481,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
425
481
|
- Enforce binary encoding in RewindableInput
|
426
482
|
- Set correct external_encoding for handlers that don't use RewindableInput
|
427
483
|
|
428
|
-
|
484
|
+
## [1.0.1] 2009-10-18
|
429
485
|
- Bump remainder of rack.versions.
|
430
486
|
- Support the pure Ruby FCGI implementation.
|
431
487
|
- Fix for form names containing "=": split first then unescape components
|
@@ -436,7 +492,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
436
492
|
- Make sure WEBrick respects the :Host option
|
437
493
|
- Many Ruby 1.9 fixes.
|
438
494
|
|
439
|
-
|
495
|
+
## [1.0.0] 2009-04-25
|
440
496
|
- SPEC change: Rack::VERSION has been pushed to [1,0].
|
441
497
|
- SPEC change: header values must be Strings now, split on "\n".
|
442
498
|
- SPEC change: Content-Length can be missing, in this case chunked transfer
|
@@ -458,10 +514,10 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
458
514
|
- The Rakefile has been rewritten.
|
459
515
|
- Many bugfixes and small improvements.
|
460
516
|
|
461
|
-
|
517
|
+
## [0.9.1] 2009-01-09
|
462
518
|
- Fix directory traversal exploits in Rack::File and Rack::Directory.
|
463
519
|
|
464
|
-
|
520
|
+
## [0.9] 2009-01-06
|
465
521
|
- Rack is now managed by the Rack Core Team.
|
466
522
|
- Rack::Lint is stricter and follows the HTTP RFCs more closely.
|
467
523
|
- Added ConditionalGet middleware.
|
@@ -477,7 +533,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
477
533
|
- Made HeaderHash case-preserving.
|
478
534
|
- Many bugfixes and small improvements.
|
479
535
|
|
480
|
-
|
536
|
+
## [0.4] 2008-08-21
|
481
537
|
- New middleware, Rack::Deflater, by Christoffer Sawicki.
|
482
538
|
- OpenID authentication now needs ruby-openid 2.
|
483
539
|
- New Memcache sessions, by blink.
|
@@ -489,7 +545,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
489
545
|
- Improved tests.
|
490
546
|
- Rack moved to Git.
|
491
547
|
|
492
|
-
|
548
|
+
## [0.3] 2008-02-26
|
493
549
|
- LiteSpeed handler, by Adrian Madrid.
|
494
550
|
- SCGI handler, by Jeremy Evans.
|
495
551
|
- Pool sessions, by blink.
|
@@ -501,7 +557,7 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
501
557
|
- HTTP status 201 can contain a Content-Type and a body now.
|
502
558
|
- Many bugfixes, especially related to Cookie handling.
|
503
559
|
|
504
|
-
|
560
|
+
## [0.2] 2007-05-16
|
505
561
|
- HTTP Basic authentication.
|
506
562
|
- Cookie Sessions.
|
507
563
|
- Static file handler.
|
@@ -511,6 +567,4 @@ Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org>
|
|
511
567
|
- Bug fixes in the Camping adapter.
|
512
568
|
- Removed Rails adapter, was too alpha.
|
513
569
|
|
514
|
-
|
515
|
-
|
516
|
-
/* vim: set filetype=changelog */
|
570
|
+
## [0.1] 2007-03-03
|
data/{COPYING → MIT-LICENSE}
RENAMED
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (C) 2007-2019 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
|
2
4
|
|
3
5
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
6
|
of this software and associated documentation files (the "Software"), to
|
@@ -13,6 +15,6 @@ all copies or substantial portions of the Software.
|
|
13
15
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
16
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
17
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
16
|
-
THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
18
|
+
THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
17
19
|
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
18
20
|
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|