rack 2.1.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +377 -16
- data/CONTRIBUTING.md +144 -0
- data/MIT-LICENSE +1 -1
- data/README.md +328 -0
- data/SPEC.rdoc +365 -0
- data/lib/rack/auth/abstract/handler.rb +3 -1
- data/lib/rack/auth/abstract/request.rb +2 -2
- data/lib/rack/auth/basic.rb +4 -7
- data/lib/rack/bad_request.rb +8 -0
- data/lib/rack/body_proxy.rb +34 -12
- data/lib/rack/builder.rb +162 -59
- data/lib/rack/cascade.rb +24 -10
- data/lib/rack/common_logger.rb +43 -28
- data/lib/rack/conditional_get.rb +30 -25
- data/lib/rack/constants.rb +66 -0
- data/lib/rack/content_length.rb +10 -16
- data/lib/rack/content_type.rb +9 -7
- data/lib/rack/deflater.rb +78 -50
- data/lib/rack/directory.rb +86 -63
- data/lib/rack/etag.rb +14 -22
- data/lib/rack/events.rb +18 -17
- data/lib/rack/files.rb +99 -61
- data/lib/rack/head.rb +8 -9
- data/lib/rack/headers.rb +238 -0
- data/lib/rack/lint.rb +868 -642
- data/lib/rack/lock.rb +2 -6
- data/lib/rack/logger.rb +3 -0
- data/lib/rack/media_type.rb +9 -4
- data/lib/rack/method_override.rb +6 -2
- data/lib/rack/mime.rb +14 -5
- data/lib/rack/mock.rb +1 -253
- data/lib/rack/mock_request.rb +171 -0
- data/lib/rack/mock_response.rb +124 -0
- data/lib/rack/multipart/generator.rb +15 -8
- data/lib/rack/multipart/parser.rb +238 -107
- data/lib/rack/multipart/uploaded_file.rb +17 -7
- data/lib/rack/multipart.rb +54 -42
- data/lib/rack/null_logger.rb +9 -0
- data/lib/rack/query_parser.rb +87 -105
- data/lib/rack/recursive.rb +3 -1
- data/lib/rack/reloader.rb +0 -4
- data/lib/rack/request.rb +366 -135
- data/lib/rack/response.rb +186 -68
- data/lib/rack/rewindable_input.rb +24 -6
- data/lib/rack/runtime.rb +8 -7
- data/lib/rack/sendfile.rb +29 -27
- data/lib/rack/show_exceptions.rb +27 -12
- data/lib/rack/show_status.rb +21 -13
- data/lib/rack/static.rb +19 -12
- data/lib/rack/tempfile_reaper.rb +14 -5
- data/lib/rack/urlmap.rb +5 -6
- data/lib/rack/utils.rb +274 -260
- data/lib/rack/version.rb +21 -0
- data/lib/rack.rb +18 -103
- metadata +25 -52
- data/README.rdoc +0 -262
- data/Rakefile +0 -123
- data/SPEC +0 -263
- data/bin/rackup +0 -5
- data/contrib/rack.png +0 -0
- data/contrib/rack.svg +0 -150
- data/contrib/rack_logo.svg +0 -164
- data/contrib/rdoc.css +0 -412
- data/example/lobster.ru +0 -6
- data/example/protectedlobster.rb +0 -16
- data/example/protectedlobster.ru +0 -10
- data/lib/rack/auth/digest/md5.rb +0 -131
- data/lib/rack/auth/digest/nonce.rb +0 -54
- data/lib/rack/auth/digest/params.rb +0 -54
- data/lib/rack/auth/digest/request.rb +0 -43
- data/lib/rack/chunked.rb +0 -92
- data/lib/rack/core_ext/regexp.rb +0 -14
- data/lib/rack/file.rb +0 -8
- data/lib/rack/handler/cgi.rb +0 -62
- data/lib/rack/handler/fastcgi.rb +0 -102
- data/lib/rack/handler/lsws.rb +0 -63
- data/lib/rack/handler/scgi.rb +0 -73
- data/lib/rack/handler/thin.rb +0 -38
- data/lib/rack/handler/webrick.rb +0 -122
- data/lib/rack/handler.rb +0 -104
- data/lib/rack/lobster.rb +0 -72
- data/lib/rack/server.rb +0 -467
- data/lib/rack/session/abstract/id.rb +0 -528
- data/lib/rack/session/cookie.rb +0 -205
- data/lib/rack/session/memcache.rb +0 -10
- data/lib/rack/session/pool.rb +0 -85
- data/rack.gemspec +0 -44
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f7f3809c29e2dad213f5abbdace8e3b7633072c2d3741ef484346ca07b8a9e0d
|
4
|
+
data.tar.gz: a05cea9deeb8173edc7a5e5a0647abbf0f8ff1906f74543ad6970311ab4d3a52
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 357615f5163669e77b81660145353bf29d926ab5d92e36e958ae65063c993d9c9411b868090bc99fa6e72a8bd7e82ba5cb430343556a399e2d75acdb45000b62
|
7
|
+
data.tar.gz: 840039910ee854ec1bccff2d3078fb5b187f093480836d6023e290c49925e36e953a1a37372d619a5d3118f1d52fb7b904fed7623688c9b41ea7a7803960fcbb
|
data/CHANGELOG.md
CHANGED
@@ -2,9 +2,354 @@
|
|
2
2
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
4
4
|
|
5
|
-
##
|
5
|
+
## [3.1.0] - 2024-06-11
|
6
6
|
|
7
|
-
|
7
|
+
### SPEC Changes
|
8
|
+
|
9
|
+
- `rack.input` is now optional. ([#1997](https://github.com/rack/rack/pull/1997), [@ioquatix])
|
10
|
+
- `PATH_INFO` is now validated according to the HTTP/1.1 specification. ([#2117](https://github.com/rack/rack/pull/2117), [@ioquatix])
|
11
|
+
- `rack.protocol` is an optional environment key and response header for handling connection upgrades.
|
12
|
+
|
13
|
+
### Added
|
14
|
+
|
15
|
+
- Introduce `module Rack::BadRequest` which is included in multipart and query parser errors. ([#2019](https://github.com/rack/rack/pull/2019), [@ioquatix])
|
16
|
+
- Add `.mjs` MIME type ([#2057](https://github.com/rack/rack/pull/2057), [@axilleas])
|
17
|
+
- `set_cookie_header` utility now supports the `partitioned` cookie attribute. This is required by Chrome in some embedded contexts. ([#2131](https://github.com/rack/rack/pull/2131), [@flavio-b])
|
18
|
+
- `rack.early_hints` is now officially supported as an optional feature (already implemented by Unicorn, Puma, and Falcon). ([#1831](https://github.com/rack/rack/pull/1831), [@casperisfine, @jeremyevans])
|
19
|
+
|
20
|
+
### Changed
|
21
|
+
|
22
|
+
- `rack.input` is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. ([#2018](https://github.com/rack/rack/pull/2018), [@ioquatix])
|
23
|
+
- MIME type for JavaScript files (`.js`) changed from `application/javascript` to `text/javascript` ([`1bd0f15`](https://github.com/rack/rack/commit/1bd0f1597d8f4a90d47115f3e156a8ce7870c9c8))
|
24
|
+
- Update MIME types associated to `.ttf`, `.woff`, `.woff2` and `.otf` extensions to use mondern `font/*` types. ([#2065](https://github.com/rack/rack/pull/2065), [@davidstosik])
|
25
|
+
- `Rack::Utils.escape_html` is now delegated to `CGI.escapeHTML`. `'` is escaped to `#39;` instead of `#x27;`. (decimal vs hexadecimal) ([#2099](https://github.com/rack/rack/pull/2099), [@JunichiIto](https://github.com/JunichiIto))
|
26
|
+
- Only cookie keys that are not valid according to the HTTP specifications are escaped. We are planning to deprecate this behaviour, so now a deprecation message will be emitted in this case. In the future, invalid cookie keys may not be accepted. ([#2191](https://github.com/rack/rack/pull/2191), [@ioquatix])
|
27
|
+
|
28
|
+
### Removed
|
29
|
+
|
30
|
+
- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
|
31
|
+
- Add fallback lookup and deprecation warning for obsolete status symbols. ([#2137](https://github.com/rack/rack/pull/2137), [@wtn])
|
32
|
+
- Deprecate automatic cache invalidation in `Request#{GET,POST}` ([#2073](https://github.com/rack/rack/pull/2073) ([@jeremyevans])
|
33
|
+
- `Rack::Logger` is deprecated. ([#2197](https://github.com/rack/rack/pull/2197), [@ioquatix])
|
34
|
+
|
35
|
+
### Fixed
|
36
|
+
|
37
|
+
- In `Rack::Files`, ignore the `Range` header if served file is 0 bytes. ([#2159](https://github.com/rack/rack/pull/2159), [@zarqman])
|
38
|
+
|
39
|
+
## [3.0.11] - 2024-05-10
|
40
|
+
|
41
|
+
- Backport #2062 to 3-0-stable: Do not allow `BodyProxy` to respond to `to_str`, make `to_ary` call close . ([#2062](https://github.com/rack/rack/pull/2062), [@jeremyevans](https://github.com/jeremyevans))
|
42
|
+
|
43
|
+
## [3.0.10] - 2024-03-21
|
44
|
+
|
45
|
+
- Backport #2104 to 3-0-stable: Return empty when parsing a multi-part POST with only one end delimiter. ([#2164](https://github.com/rack/rack/pull/2164), [@JoeDupuis](https://github.com/JoeDupuis))
|
46
|
+
|
47
|
+
## [3.0.9.1] - 2024-02-21
|
48
|
+
|
49
|
+
### Security
|
50
|
+
|
51
|
+
* [CVE-2024-26146] Fixed ReDoS in Accept header parsing
|
52
|
+
* [CVE-2024-25126] Fixed ReDoS in Content Type header parsing
|
53
|
+
* [CVE-2024-26141] Reject Range headers which are too large
|
54
|
+
|
55
|
+
[CVE-2024-26146]: https://github.com/advisories/GHSA-54rr-7fvw-6x8f
|
56
|
+
[CVE-2024-25126]: https://github.com/advisories/GHSA-22f2-v57c-j9cx
|
57
|
+
[CVE-2024-26141]: https://github.com/advisories/GHSA-xj5v-6v4g-jfw6
|
58
|
+
|
59
|
+
## [3.0.9] - 2024-01-31
|
60
|
+
|
61
|
+
- Fix incorrect content-length header that was emitted when `Rack::Response#write` was used in some situations. ([#2150](https://github.com/rack/rack/pull/2150), [@mattbrictson](https://github.com/mattbrictson))
|
62
|
+
|
63
|
+
## [3.0.8] - 2023-06-14
|
64
|
+
|
65
|
+
- Fix some unused variable verbose warnings. ([#2084](https://github.com/rack/rack/pull/2084), [@jeremyevans], [@skipkayhil](https://github.com/skipkayhil))
|
66
|
+
|
67
|
+
## [3.0.7] - 2023-03-16
|
68
|
+
|
69
|
+
- Make query parameters without `=` have `nil` values. ([#2059](https://github.com/rack/rack/pull/2059), [@jeremyevans])
|
70
|
+
|
71
|
+
## [3.0.6.1] - 2023-03-13
|
72
|
+
|
73
|
+
### Security
|
74
|
+
|
75
|
+
- [CVE-2023-27539] Avoid ReDoS in header parsing
|
76
|
+
|
77
|
+
## [3.0.6] - 2023-03-13
|
78
|
+
|
79
|
+
- Add `QueryParser#missing_value` for handling missing values + tests. ([#2052](https://github.com/rack/rack/pull/2052), [@ioquatix])
|
80
|
+
|
81
|
+
## [3.0.5] - 2023-03-13
|
82
|
+
|
83
|
+
- Split form/query parsing into two steps. ([#2038](https://github.com/rack/rack/pull/2038), [@matthewd](https://github.com/matthewd))
|
84
|
+
|
85
|
+
## [3.0.4.2] - 2023-03-02
|
86
|
+
|
87
|
+
### Security
|
88
|
+
|
89
|
+
- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
|
90
|
+
|
91
|
+
## [3.0.4.1] - 2023-01-17
|
92
|
+
|
93
|
+
### Security
|
94
|
+
|
95
|
+
- [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
|
96
|
+
- [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
|
97
|
+
- [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
|
98
|
+
|
99
|
+
## [3.0.4] - 2023-01-17
|
100
|
+
|
101
|
+
- `Rack::Request#POST` should consistently raise errors. Cache errors that occur when invoking `Rack::Request#POST` so they can be raised again later. ([#2010](https://github.com/rack/rack/pull/2010), [@ioquatix])
|
102
|
+
- Fix `Rack::Lint` error message for `HTTP_CONTENT_TYPE` and `HTTP_CONTENT_LENGTH`. ([#2007](https://github.com/rack/rack/pull/2007), [@byroot](https://github.com/byroot))
|
103
|
+
- Extend `Rack::MethodOverride` to handle `QueryParser::ParamsTooDeepError` error. ([#2006](https://github.com/rack/rack/pull/2006), [@byroot](https://github.com/byroot))
|
104
|
+
|
105
|
+
## [3.0.3] - 2022-12-27
|
106
|
+
|
107
|
+
### Fixed
|
108
|
+
|
109
|
+
- `Rack::URLMap` uses non-deprecated form of `Regexp.new`. ([#1998](https://github.com/rack/rack/pull/1998), [@weizheheng](https://github.com/weizheheng))
|
110
|
+
|
111
|
+
## [3.0.2] -2022-12-05
|
112
|
+
|
113
|
+
### Fixed
|
114
|
+
|
115
|
+
- `Utils.build_nested_query` URL-encodes nested field names including the square brackets.
|
116
|
+
- Allow `Rack::Response` to pass through streaming bodies. ([#1993](https://github.com/rack/rack/pull/1993), [@ioquatix])
|
117
|
+
|
118
|
+
## [3.0.1] - 2022-11-18
|
119
|
+
|
120
|
+
### Fixed
|
121
|
+
|
122
|
+
- `MethodOverride` does not look for an override if a request does not include form/parseable data.
|
123
|
+
- `Rack::Lint::Wrapper` correctly handles `respond_to?` with `to_ary`, `each`, `call` and `to_path`, forwarding to the body. ([#1981](https://github.com/rack/rack/pull/1981), [@ioquatix])
|
124
|
+
|
125
|
+
## [3.0.0] - 2022-09-06
|
126
|
+
|
127
|
+
- No changes
|
128
|
+
|
129
|
+
## [3.0.0.rc1] - 2022-09-04
|
130
|
+
|
131
|
+
### SPEC Changes
|
132
|
+
|
133
|
+
- Stream argument must implement `<<` https://github.com/rack/rack/pull/1959
|
134
|
+
- `close` may be called on `rack.input` https://github.com/rack/rack/pull/1956
|
135
|
+
- `rack.response_finished` may be used for executing code after the response has been finished https://github.com/rack/rack/pull/1952
|
136
|
+
|
137
|
+
## [3.0.0.beta1] - 2022-08-08
|
138
|
+
|
139
|
+
### Security
|
140
|
+
|
141
|
+
- Do not use semicolon as GET parameter separator. ([#1733](https://github.com/rack/rack/pull/1733), [@jeremyevans])
|
142
|
+
|
143
|
+
### SPEC Changes
|
144
|
+
|
145
|
+
- Response array must now be non-frozen.
|
146
|
+
- Response `status` must now be an integer greater than or equal to 100.
|
147
|
+
- Response `headers` must now be an unfrozen hash.
|
148
|
+
- Response header keys can no longer include uppercase characters.
|
149
|
+
- Response header values can be an `Array` to handle multiple values (and no longer supports `\n` encoded headers).
|
150
|
+
- Response body can now respond to `#call` (streaming body) instead of `#each` (enumerable body), for the equivalent of response hijacking in previous versions.
|
151
|
+
- Middleware must no longer call `#each` on the body, but they can call `#to_ary` on the body if it responds to `#to_ary`.
|
152
|
+
- `rack.input` is no longer required to be rewindable.
|
153
|
+
- `rack.multithread`/`rack.multiprocess`/`rack.run_once`/`rack.version` are no longer required environment keys.
|
154
|
+
- `SERVER_PROTOCOL` is now a required environment key, matching the HTTP protocol used in the request.
|
155
|
+
- `rack.hijack?` (partial hijack) and `rack.hijack` (full hijack) are now independently optional.
|
156
|
+
- `rack.hijack_io` has been removed completely.
|
157
|
+
- `rack.response_finished` is an optional environment key which contains an array of callable objects that must accept `#call(env, status, headers, error)` and are invoked after the response is finished (either successfully or unsuccessfully).
|
158
|
+
- It is okay to call `#close` on `rack.input` to indicate that you no longer need or care about the input.
|
159
|
+
- The stream argument supplied to the streaming body and hijack must support `#<<` for writing output.
|
160
|
+
|
161
|
+
### Removed
|
162
|
+
|
163
|
+
- Remove `rack.multithread`/`rack.multiprocess`/`rack.run_once`. These variables generally come too late to be useful. ([#1720](https://github.com/rack/rack/pull/1720), [@ioquatix], [@jeremyevans]))
|
164
|
+
- Remove deprecated Rack::Request::SCHEME_WHITELIST. ([@jeremyevans])
|
165
|
+
- Remove internal cookie deletion using pattern matching, there are very few practical cases where it would be useful and browsers handle it correctly without us doing anything special. ([#1844](https://github.com/rack/rack/pull/1844), [@ioquatix])
|
166
|
+
- Remove `rack.version` as it comes too late to be useful. ([#1938](https://github.com/rack/rack/pull/1938), [@ioquatix])
|
167
|
+
- Extract `rackup` command, `Rack::Server`, `Rack::Handler`, `Rack::Lobster` and related code into a separate gem. ([#1937](https://github.com/rack/rack/pull/1937), [@ioquatix])
|
168
|
+
|
169
|
+
### Added
|
170
|
+
|
171
|
+
- `Rack::Headers` added to support lower-case header keys. ([@jeremyevans])
|
172
|
+
- `Rack::Utils#set_cookie_header` now supports `escape_key: false` to avoid key escaping. ([@jeremyevans])
|
173
|
+
- `Rack::RewindableInput` supports size. ([@ahorek](https://github.com/ahorek))
|
174
|
+
- `Rack::RewindableInput::Middleware` added for making `rack.input` rewindable. ([@jeremyevans])
|
175
|
+
- The RFC 7239 Forwarded header is now supported and considered by default when looking for information on forwarding, falling back to the X-Forwarded-* headers. `Rack::Request.forwarded_priority` accessor has been added for configuring the priority of which header to check. ([#1423](https://github.com/rack/rack/issues/1423), [@jeremyevans])
|
176
|
+
- Allow response headers to contain array of values. ([#1598](https://github.com/rack/rack/issues/1598), [@ioquatix])
|
177
|
+
- Support callable body for explicit streaming support and clarify streaming response body behaviour. ([#1745](https://github.com/rack/rack/pull/1745), [@ioquatix], [#1748](https://github.com/rack/rack/pull/1748), [@wjordan])
|
178
|
+
- Allow `Rack::Builder#run` to take a block instead of an argument. ([#1942](https://github.com/rack/rack/pull/1942), [@ioquatix])
|
179
|
+
- Add `rack.response_finished` to `Rack::Lint`. ([#1802](https://github.com/rack/rack/pull/1802), [@BlakeWilliams], [#1952](https://github.com/rack/rack/pull/1952), [@ioquatix])
|
180
|
+
- The stream argument must implement `#<<`. ([#1959](https://github.com/rack/rack/pull/1959), [@ioquatix])
|
181
|
+
|
182
|
+
### Changed
|
183
|
+
|
184
|
+
- BREAKING CHANGE: Require `status` to be an Integer. ([#1662](https://github.com/rack/rack/pull/1662), [@olleolleolle](https://github.com/olleolleolle))
|
185
|
+
- BREAKING CHANGE: Query parsing now treats parameters without `=` as having the empty string value instead of nil value, to conform to the URL spec. ([#1696](https://github.com/rack/rack/issues/1696), [@jeremyevans])
|
186
|
+
- Relax validations around `Rack::Request#host` and `Rack::Request#hostname`. ([#1606](https://github.com/rack/rack/issues/1606), [@pvande](https://github.com/pvande))
|
187
|
+
- Removed antiquated handlers: FCGI, LSWS, SCGI, Thin. ([#1658](https://github.com/rack/rack/pull/1658), [@ioquatix])
|
188
|
+
- Removed options from `Rack::Builder.parse_file` and `Rack::Builder.load_file`. ([#1663](https://github.com/rack/rack/pull/1663), [@ioquatix])
|
189
|
+
- `Rack::HTTP_VERSION` has been removed and the `HTTP_VERSION` env setting is no longer set in the CGI and Webrick handlers. ([#970](https://github.com/rack/rack/issues/970), [@jeremyevans])
|
190
|
+
- `Rack::Request#[]` and `#[]=` now warn even in non-verbose mode. ([#1277](https://github.com/rack/rack/issues/1277), [@jeremyevans])
|
191
|
+
- Decrease default allowed parameter recursion level from 100 to 32. ([#1640](https://github.com/rack/rack/issues/1640), [@jeremyevans])
|
192
|
+
- Attempting to parse a multipart response with an empty body now raises Rack::Multipart::EmptyContentError. ([#1603](https://github.com/rack/rack/issues/1603), [@jeremyevans])
|
193
|
+
- `Rack::Utils.secure_compare` uses OpenSSL's faster implementation if available. ([#1711](https://github.com/rack/rack/pull/1711), [@bdewater](https://github.com/bdewater))
|
194
|
+
- `Rack::Request#POST` now caches an empty hash if input content type is not parseable. ([#749](https://github.com/rack/rack/pull/749), [@jeremyevans])
|
195
|
+
- BREAKING CHANGE: Updated `trusted_proxy?` to match full 127.0.0.0/8 network. ([#1781](https://github.com/rack/rack/pull/1781), [@snbloch](https://github.com/snbloch))
|
196
|
+
- Explicitly deprecate `Rack::File` which was an alias for `Rack::Files`. ([#1811](https://github.com/rack/rack/pull/1720), [@ioquatix]).
|
197
|
+
- Moved `Rack::Session` into [separate gem](https://github.com/rack/rack-session). ([#1805](https://github.com/rack/rack/pull/1805), [@ioquatix])
|
198
|
+
- `rackup -D` option to daemonizes no longer changes the working directory to the root. ([#1813](https://github.com/rack/rack/pull/1813), [@jeremyevans])
|
199
|
+
- The `x-forwarded-proto` header is now considered before the `x-forwarded-scheme` header for determining the forwarded protocol. `Rack::Request.x_forwarded_proto_priority` accessor has been added for configuring the priority of which header to check. ([#1809](https://github.com/rack/rack/issues/1809), [@jeremyevans])
|
200
|
+
- `Rack::Request.forwarded_authority` (and methods that call it, such as `host`) now returns the last authority in the forwarded header, instead of the first, as earlier forwarded authorities can be forged by clients. This restores the Rack 2.1 behavior. ([#1829](https://github.com/rack/rack/issues/1809), [@jeremyevans])
|
201
|
+
- Use lower case cookie attributes when creating cookies, and fold cookie attributes to lower case when reading cookies (specifically impacting `secure` and `httponly` attributes). ([#1849](https://github.com/rack/rack/pull/1849), [@ioquatix])
|
202
|
+
- The response array must now be mutable (non-frozen) so middleware can modify it without allocating a new Array,therefore reducing object allocations. ([#1887](https://github.com/rack/rack/pull/1887), [#1927](https://github.com/rack/rack/pull/1927), [@amatsuda], [@ioquatix])
|
203
|
+
- `rack.hijack?` (partial hijack) and `rack.hijack` (full hijack) are now independently optional. `rack.hijack_io` is no longer required/specified. ([#1939](https://github.com/rack/rack/pull/1939), [@ioquatix])
|
204
|
+
- Allow calling close on `rack.input`. ([#1956](https://github.com/rack/rack/pull/1956), [@ioquatix])
|
205
|
+
|
206
|
+
### Fixed
|
207
|
+
|
208
|
+
- Make Rack::MockResponse handle non-hash headers. ([#1629](https://github.com/rack/rack/issues/1629), [@jeremyevans])
|
209
|
+
- TempfileReaper now deletes temp files if application raises an exception. ([#1679](https://github.com/rack/rack/issues/1679), [@jeremyevans])
|
210
|
+
- Handle cookies with values that end in '=' ([#1645](https://github.com/rack/rack/pull/1645), [@lukaso](https://github.com/lukaso))
|
211
|
+
- Make `Rack::NullLogger` respond to `#fatal!` [@jeremyevans])
|
212
|
+
- Fix multipart filename generation for filenames that contain spaces. Encode spaces as "%20" instead of "+" which will be decoded properly by the multipart parser. ([#1736](https://github.com/rack/rack/pull/1645), [@muirdm](https://github.com/muirdm))
|
213
|
+
- `Rack::Request#scheme` returns `ws` or `wss` when one of the `X-Forwarded-Scheme` / `X-Forwarded-Proto` headers is set to `ws` or `wss`, respectively. ([#1730](https://github.com/rack/rack/issues/1730), [@erwanst](https://github.com/erwanst))
|
214
|
+
|
215
|
+
## [2.2.4] - 2022-06-30
|
216
|
+
|
217
|
+
- Better support for lower case headers in `Rack::ETag` middleware. ([#1919](https://github.com/rack/rack/pull/1919), [@ioquatix](https://github.com/ioquatix))
|
218
|
+
- Use custom exception on params too deep error. ([#1838](https://github.com/rack/rack/pull/1838), [@simi](https://github.com/simi))
|
219
|
+
|
220
|
+
## [2.2.3.1] - 2022-05-27
|
221
|
+
|
222
|
+
### Security
|
223
|
+
|
224
|
+
- [CVE-2022-30123] Fix shell escaping issue in Common Logger
|
225
|
+
- [CVE-2022-30122] Restrict parsing of broken MIME attachments
|
226
|
+
|
227
|
+
## [2.2.3] - 2020-06-15
|
228
|
+
|
229
|
+
### Security
|
230
|
+
|
231
|
+
- [[CVE-2020-8184](https://nvd.nist.gov/vuln/detail/CVE-2020-8184)] Do not allow percent-encoded cookie name to override existing cookie names. BREAKING CHANGE: Accessing cookie names that require URL encoding with decoded name no longer works. ([@fletchto99](https://github.com/fletchto99))
|
232
|
+
|
233
|
+
## [2.2.2] - 2020-02-11
|
234
|
+
|
235
|
+
### Fixed
|
236
|
+
|
237
|
+
- Fix incorrect `Rack::Request#host` value. ([#1591](https://github.com/rack/rack/pull/1591), [@ioquatix])
|
238
|
+
- Revert `Rack::Handler::Thin` implementation. ([#1583](https://github.com/rack/rack/pull/1583), [@jeremyevans])
|
239
|
+
- Double assignment is still needed to prevent an "unused variable" warning. ([#1589](https://github.com/rack/rack/pull/1589), [@kamipo](https://github.com/kamipo))
|
240
|
+
- Fix to handle same_site option for session pool. ([#1587](https://github.com/rack/rack/pull/1587), [@kamipo](https://github.com/kamipo))
|
241
|
+
|
242
|
+
## [2.2.1] - 2020-02-09
|
243
|
+
|
244
|
+
### Fixed
|
245
|
+
|
246
|
+
- Rework `Rack::Request#ip` to handle empty `forwarded_for`. ([#1577](https://github.com/rack/rack/pull/1577), [@ioquatix])
|
247
|
+
|
248
|
+
## [2.2.0] - 2020-02-08
|
249
|
+
|
250
|
+
### SPEC Changes
|
251
|
+
|
252
|
+
- `rack.session` request environment entry must respond to `to_hash` and return unfrozen Hash. ([@jeremyevans])
|
253
|
+
- Request environment cannot be frozen. ([@jeremyevans])
|
254
|
+
- CGI values in the request environment with non-ASCII characters must use ASCII-8BIT encoding. ([@jeremyevans])
|
255
|
+
- Improve SPEC/lint relating to SERVER_NAME, SERVER_PORT and HTTP_HOST. ([#1561](https://github.com/rack/rack/pull/1561), [@ioquatix])
|
256
|
+
|
257
|
+
### Added
|
258
|
+
|
259
|
+
- `rackup` supports multiple `-r` options and will require all arguments. ([@jeremyevans])
|
260
|
+
- `Server` supports an array of paths to require for the `:require` option. ([@khotta](https://github.com/khotta))
|
261
|
+
- `Files` supports multipart range requests. ([@fatkodima](https://github.com/fatkodima))
|
262
|
+
- `Multipart::UploadedFile` supports an IO-like object instead of using the filesystem, using `:filename` and `:io` options. ([@jeremyevans])
|
263
|
+
- `Multipart::UploadedFile` supports keyword arguments `:path`, `:content_type`, and `:binary` in addition to positional arguments. ([@jeremyevans])
|
264
|
+
- `Static` supports a `:cascade` option for calling the app if there is no matching file. ([@jeremyevans])
|
265
|
+
- `Session::Abstract::SessionHash#dig`. ([@jeremyevans])
|
266
|
+
- `Response.[]` and `MockResponse.[]` for creating instances using status, headers, and body. ([@ioquatix])
|
267
|
+
- Convenient cache and content type methods for `Rack::Response`. ([#1555](https://github.com/rack/rack/pull/1555), [@ioquatix])
|
268
|
+
|
269
|
+
### Changed
|
270
|
+
|
271
|
+
- `Request#params` no longer rescues EOFError. ([@jeremyevans])
|
272
|
+
- `Directory` uses a streaming approach, significantly improving time to first byte for large directories. ([@jeremyevans])
|
273
|
+
- `Directory` no longer includes a Parent directory link in the root directory index. ([@jeremyevans])
|
274
|
+
- `QueryParser#parse_nested_query` uses original backtrace when reraising exception with new class. ([@jeremyevans])
|
275
|
+
- `ConditionalGet` follows RFC 7232 precedence if both If-None-Match and If-Modified-Since headers are provided. ([@jeremyevans])
|
276
|
+
- `.ru` files supports the `frozen-string-literal` magic comment. ([@eregon](https://github.com/eregon))
|
277
|
+
- Rely on autoload to load constants instead of requiring internal files, make sure to require 'rack' and not just 'rack/...'. ([@jeremyevans])
|
278
|
+
- BREAKING CHANGE: `Etag` will continue sending ETag even if the response should not be cached. Streaming no longer works without a workaround, see [#1619](https://github.com/rack/rack/issues/1619#issuecomment-848460528). ([@henm](https://github.com/henm))
|
279
|
+
- `Request#host_with_port` no longer includes a colon for a missing or empty port. ([@AlexWayfer](https://github.com/AlexWayfer))
|
280
|
+
- All handlers uses keywords arguments instead of an options hash argument. ([@ioquatix])
|
281
|
+
- `Files` handling of range requests no longer return a body that supports `to_path`, to ensure range requests are handled correctly. ([@jeremyevans])
|
282
|
+
- `Multipart::Generator` only includes `Content-Length` for files with paths, and `Content-Disposition` `filename` if the `UploadedFile` instance has one. ([@jeremyevans])
|
283
|
+
- `Request#ssl?` is true for the `wss` scheme (secure websockets). ([@jeremyevans])
|
284
|
+
- `Rack::HeaderHash` is memoized by default. ([#1549](https://github.com/rack/rack/pull/1549), [@ioquatix])
|
285
|
+
- `Rack::Directory` allow directory traversal inside root directory. ([#1417](https://github.com/rack/rack/pull/1417), [@ThomasSevestre](https://github.com/ThomasSevestre))
|
286
|
+
- Sort encodings by server preference. ([#1184](https://github.com/rack/rack/pull/1184), [@ioquatix], [@wjordan](https://github.com/wjordan))
|
287
|
+
- Rework host/hostname/authority implementation in `Rack::Request`. `#host` and `#host_with_port` have been changed to correctly return IPv6 addresses formatted with square brackets, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-3.2.2). ([#1561](https://github.com/rack/rack/pull/1561), [@ioquatix])
|
288
|
+
- `Rack::Builder` parsing options on first `#\` line is deprecated. ([#1574](https://github.com/rack/rack/pull/1574), [@ioquatix])
|
289
|
+
|
290
|
+
### Removed
|
291
|
+
|
292
|
+
- `Directory#path` as it was not used and always returned nil. ([@jeremyevans])
|
293
|
+
- `BodyProxy#each` as it was only needed to work around a bug in Ruby <1.9.3. ([@jeremyevans])
|
294
|
+
- `URLMap::INFINITY` and `URLMap::NEGATIVE_INFINITY`, in favor of `Float::INFINITY`. ([@ch1c0t](https://github.com/ch1c0t))
|
295
|
+
- Deprecation of `Rack::File`. It will be deprecated again in rack 2.2 or 3.0. ([@rafaelfranca](https://github.com/rafaelfranca))
|
296
|
+
- Support for Ruby 2.2 as it is well past EOL. ([@ioquatix])
|
297
|
+
- Remove `Rack::Files#response_body` as the implementation was broken. ([#1153](https://github.com/rack/rack/pull/1153), [@ioquatix])
|
298
|
+
- Remove `SERVER_ADDR` which was never part of the original SPEC. ([#1573](https://github.com/rack/rack/pull/1573), [@ioquatix])
|
299
|
+
|
300
|
+
### Fixed
|
301
|
+
|
302
|
+
- `Directory` correctly handles root paths containing glob metacharacters. ([@jeremyevans])
|
303
|
+
- `Cascade` uses a new response object for each call if initialized with no apps. ([@jeremyevans])
|
304
|
+
- `BodyProxy` correctly delegates keyword arguments to the body object on Ruby 2.7+. ([@jeremyevans])
|
305
|
+
- `BodyProxy#method` correctly handles methods delegated to the body object. ([@jeremyevans])
|
306
|
+
- `Request#host` and `Request#host_with_port` handle IPv6 addresses correctly. ([@AlexWayfer](https://github.com/AlexWayfer))
|
307
|
+
- `Lint` checks when response hijacking that `rack.hijack` is called with a valid object. ([@jeremyevans])
|
308
|
+
- `Response#write` correctly updates `Content-Length` if initialized with a body. ([@jeremyevans])
|
309
|
+
- `CommonLogger` includes `SCRIPT_NAME` when logging. ([@Erol](https://github.com/Erol))
|
310
|
+
- `Utils.parse_nested_query` correctly handles empty queries, using an empty instance of the params class instead of a hash. ([@jeremyevans])
|
311
|
+
- `Directory` correctly escapes paths in links. ([@yous](https://github.com/yous))
|
312
|
+
- `Request#delete_cookie` and related `Utils` methods handle `:domain` and `:path` options in same call. ([@jeremyevans])
|
313
|
+
- `Request#delete_cookie` and related `Utils` methods do an exact match on `:domain` and `:path` options. ([@jeremyevans])
|
314
|
+
- `Static` no longer adds headers when a gzipped file request has a 304 response. ([@chooh](https://github.com/chooh))
|
315
|
+
- `ContentLength` sets `Content-Length` response header even for bodies not responding to `to_ary`. ([@jeremyevans])
|
316
|
+
- Thin handler supports options passed directly to `Thin::Controllers::Controller`. ([@jeremyevans])
|
317
|
+
- WEBrick handler no longer ignores `:BindAddress` option. ([@jeremyevans])
|
318
|
+
- `ShowExceptions` handles invalid POST data. ([@jeremyevans])
|
319
|
+
- Basic authentication requires a password, even if the password is empty. ([@jeremyevans])
|
320
|
+
- `Lint` checks response is array with 3 elements, per SPEC. ([@jeremyevans])
|
321
|
+
- Support for using `:SSLEnable` option when using WEBrick handler. (Gregor Melhorn)
|
322
|
+
- Close response body after buffering it when buffering. ([@ioquatix])
|
323
|
+
- Only accept `;` as delimiter when parsing cookies. ([@mrageh](https://github.com/mrageh))
|
324
|
+
- `Utils::HeaderHash#clear` clears the name mapping as well. ([@raxoft](https://github.com/raxoft))
|
325
|
+
- Support for passing `nil` `Rack::Files.new`, which notably fixes Rails' current `ActiveStorage::FileServer` implementation. ([@ioquatix])
|
326
|
+
|
327
|
+
### Documentation
|
328
|
+
|
329
|
+
- CHANGELOG updates. ([@aupajo](https://github.com/aupajo))
|
330
|
+
- Added [CONTRIBUTING](CONTRIBUTING.md). ([@dblock](https://github.com/dblock))
|
331
|
+
|
332
|
+
## [2.0.9] - 2020-02-08
|
333
|
+
|
334
|
+
- Handle case where session id key is requested but missing ([@jeremyevans])
|
335
|
+
- Restore support for code relying on `SessionId#to_s`. ([@jeremyevans])
|
336
|
+
- Add support for `SameSite=None` cookie value. ([@hennikul](https://github.com/hennikul))
|
337
|
+
|
338
|
+
## [2.1.2] - 2020-01-27
|
339
|
+
|
340
|
+
- Fix multipart parser for some files to prevent denial of service ([@aiomaster](https://github.com/aiomaster))
|
341
|
+
- Fix `Rack::Builder#use` with keyword arguments ([@kamipo](https://github.com/kamipo))
|
342
|
+
- Skip deflating in Rack::Deflater if Content-Length is 0 ([@jeremyevans])
|
343
|
+
- Remove `SessionHash#transform_keys`, no longer needed ([@pavel](https://github.com/pavel))
|
344
|
+
- Add to_hash to wrap Hash and Session classes ([@oleh-demyanyuk](https://github.com/oleh-demyanyuk))
|
345
|
+
- Handle case where session id key is requested but missing ([@jeremyevans])
|
346
|
+
|
347
|
+
## [2.1.1] - 2020-01-12
|
348
|
+
|
349
|
+
- Remove `Rack::Chunked` from `Rack::Server` default middleware. ([#1475](https://github.com/rack/rack/pull/1475), [@ioquatix])
|
350
|
+
- Restore support for code relying on `SessionId#to_s`. ([@jeremyevans])
|
351
|
+
|
352
|
+
## [2.1.0] - 2020-01-10
|
8
353
|
|
9
354
|
### Added
|
10
355
|
|
@@ -19,13 +364,13 @@ _Note: There are many unreleased changes in Rack (`master` is around 300 commits
|
|
19
364
|
- Add boot-time profiling capabilities to `rackup`. ([@tenderlove](https://github.com/tenderlove))
|
20
365
|
- Add multi mapping support for `X-Accel-Mappings` header. ([@yoshuki](https://github.com/yoshuki))
|
21
366
|
- Add `sync: false` option to `Rack::Deflater`. (Eric Wong)
|
22
|
-
- Add `Builder#freeze_app` to freeze application and all middleware instances. ([@jeremyevans]
|
367
|
+
- Add `Builder#freeze_app` to freeze application and all middleware instances. ([@jeremyevans])
|
23
368
|
- Add API to extract cookies from `Rack::MockResponse`. ([@petercline](https://github.com/petercline))
|
24
369
|
|
25
370
|
### Changed
|
26
371
|
|
27
|
-
- Don't propagate nil values from middleware. ([@ioquatix]
|
28
|
-
- Lazily initialize the response body and only buffer it if required. ([@ioquatix]
|
372
|
+
- Don't propagate nil values from middleware. ([@ioquatix])
|
373
|
+
- Lazily initialize the response body and only buffer it if required. ([@ioquatix])
|
29
374
|
- Fix deflater zlib buffer errors on empty body part. ([@felixbuenemann](https://github.com/felixbuenemann))
|
30
375
|
- Set `X-Accel-Redirect` to percent-encoded path. ([@diskkid](https://github.com/diskkid))
|
31
376
|
- Remove unnecessary buffer growing when parsing multipart. ([@tainoe](https://github.com/tainoe))
|
@@ -38,30 +383,39 @@ _Note: There are many unreleased changes in Rack (`master` is around 300 commits
|
|
38
383
|
- Make `Utils.status_code` raise an error when the status symbol is invalid instead of `500`. ([@adambutler](https://github.com/adambutler))
|
39
384
|
- Rename `Request::SCHEME_WHITELIST` to `Request::ALLOWED_SCHEMES`.
|
40
385
|
- Make `Multipart::Parser.get_filename` accept files with `+` in their name. ([@lucaskanashiro](https://github.com/lucaskanashiro))
|
41
|
-
- Add Falcon to the default handler fallbacks. ([@ioquatix]
|
386
|
+
- Add Falcon to the default handler fallbacks. ([@ioquatix])
|
42
387
|
- Update codebase to avoid string mutations in preparation for `frozen_string_literals`. ([@pat](https://github.com/pat))
|
43
388
|
- Change `MockRequest#env_for` to rely on the input optionally responding to `#size` instead of `#length`. ([@janko](https://github.com/janko))
|
44
|
-
- Rename `Rack::File` -> `Rack::Files` and add deprecation notice. ([@postmodern](https://github.com/postmodern))
|
389
|
+
- Rename `Rack::File` -> `Rack::Files` and add deprecation notice. ([@postmodern](https://github.com/postmodern))
|
390
|
+
- Prefer Base64 “strict encoding” for Base64 cookies. ([@ioquatix])
|
45
391
|
|
46
392
|
### Removed
|
47
393
|
|
48
|
-
- Remove `to_ary` from Response ([@tenderlove](https://github.com/tenderlove))
|
394
|
+
- BREAKING CHANGE: Remove `to_ary` from Response ([@tenderlove](https://github.com/tenderlove))
|
49
395
|
- Deprecate `Rack::Session::Memcache` in favor of `Rack::Session::Dalli` from dalli gem ([@fatkodima](https://github.com/fatkodima))
|
50
396
|
|
397
|
+
### Fixed
|
398
|
+
|
399
|
+
- Eliminate warnings for Ruby 2.7. ([@osamtimizer](https://github.com/osamtimizer]))
|
400
|
+
|
51
401
|
### Documentation
|
52
402
|
|
53
403
|
- Update broken example in `Session::Abstract::ID` documentation. ([tonytonyjan](https://github.com/tonytonyjan))
|
54
|
-
- Add Padrino to the list of frameworks
|
404
|
+
- Add Padrino to the list of frameworks implementing Rack. ([@wikimatze](https://github.com/wikimatze))
|
55
405
|
- Remove Mongrel from the suggested server options in the help output. ([@tricknotes](https://github.com/tricknotes))
|
56
406
|
- Replace `HISTORY.md` and `NEWS.md` with `CHANGELOG.md`. ([@twitnithegirl](https://github.com/twitnithegirl))
|
57
|
-
-
|
407
|
+
- CHANGELOG updates. ([@drenmi](https://github.com/Drenmi), [@p8](https://github.com/p8))
|
58
408
|
|
59
409
|
## [2.0.8] - 2019-12-08
|
60
410
|
|
411
|
+
### Security
|
412
|
+
|
61
413
|
- [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. BREAKING CHANGE: Session ID is now a SessionId instance instead of a String. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca))
|
62
414
|
|
63
415
|
## [1.6.12] - 2019-12-08
|
64
416
|
|
417
|
+
### Security
|
418
|
+
|
65
419
|
- [[CVE-2019-16782](https://nvd.nist.gov/vuln/detail/CVE-2019-16782)] Prevent timing attacks targeted at session ID lookup. BREAKING CHANGE: Session ID is now a SessionId instance instead of a String. ([@tenderlove](https://github.com/tenderlove), [@rafaelfranca](https://github.com/rafaelfranca))
|
66
420
|
|
67
421
|
## [2.0.7] - 2019-04-02
|
@@ -118,7 +472,7 @@ _Note: There are many unreleased changes in Rack (`master` is around 300 commits
|
|
118
472
|
### Added
|
119
473
|
|
120
474
|
- Allow `Session::Abstract::SessionHash#fetch` to accept a block with a default value. ([@yannvanhalewyn](https://github.com/yannvanhalewyn))
|
121
|
-
- Add `Builder#freeze_app` to freeze application and all middleware. ([@jeremyevans]
|
475
|
+
- Add `Builder#freeze_app` to freeze application and all middleware. ([@jeremyevans])
|
122
476
|
|
123
477
|
### Changed
|
124
478
|
|
@@ -130,9 +484,9 @@ _Note: There are many unreleased changes in Rack (`master` is around 300 commits
|
|
130
484
|
### Fixed
|
131
485
|
|
132
486
|
- Handle `NULL` bytes in multipart filenames. ([@casperisfine](https://github.com/casperisfine))
|
133
|
-
- Remove warnings due to miscapitalized global. ([@ioquatix]
|
487
|
+
- Remove warnings due to miscapitalized global. ([@ioquatix])
|
134
488
|
- Prevent exceptions caused by a race condition on multi-threaded servers. ([@sophiedeziel](https://github.com/sophiedeziel))
|
135
|
-
- Add RDoc as an explicit
|
489
|
+
- Add RDoc as an explicit dependency for `doc` group. ([@tonytonyjan](https://github.com/tonytonyjan))
|
136
490
|
- Record errors originating from `Multipart::Parser` in the `MethodOverride` middleware instead of letting them bubble up. ([@carlzulauf](https://github.com/carlzulauf))
|
137
491
|
- Remove remaining use of removed `Utils#bytesize` method from the `File` middleware. ([@brauliomartinezlm](https://github.com/brauliomartinezlm))
|
138
492
|
|
@@ -227,7 +581,7 @@ Items below this line are from the previously maintained HISTORY.md and NEWS.md
|
|
227
581
|
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
|
228
582
|
- Fix CVE-2013-0262, symlink path traversal in Rack::File
|
229
583
|
- Add various methods to Session for enhanced Rails compatibility
|
230
|
-
- Request#trusted_proxy? now only matches whole
|
584
|
+
- Request#trusted_proxy? now only matches whole strings
|
231
585
|
- Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
|
232
586
|
- URLMap host matching in environments that don't set the Host header fixed
|
233
587
|
- Fix a race condition that could result in overwritten pidfiles
|
@@ -450,7 +804,7 @@ Items below this line are from the previously maintained HISTORY.md and NEWS.md
|
|
450
804
|
- Moved Auth::OpenID to rack-contrib.
|
451
805
|
- SPEC change that relaxes Lint slightly to allow subclasses of the
|
452
806
|
required types
|
453
|
-
- SPEC change to document rack.input binary mode in
|
807
|
+
- SPEC change to document rack.input binary mode in greater detail
|
454
808
|
- SPEC define optional rack.logger specification
|
455
809
|
- File servers support X-Cascade header
|
456
810
|
- Imported Config middleware
|
@@ -465,7 +819,7 @@ Items below this line are from the previously maintained HISTORY.md and NEWS.md
|
|
465
819
|
- Add status code lookup utility
|
466
820
|
- Response should call #to_i on the status
|
467
821
|
- Add Request#user_agent
|
468
|
-
- Request#host knows about
|
822
|
+
- Request#host knows about forwarded host
|
469
823
|
- Return an empty string for Request#host if HTTP_HOST and
|
470
824
|
SERVER_NAME are both missing
|
471
825
|
- Allow MockRequest to accept hash params
|
@@ -568,3 +922,10 @@ Items below this line are from the previously maintained HISTORY.md and NEWS.md
|
|
568
922
|
- Removed Rails adapter, was too alpha.
|
569
923
|
|
570
924
|
## [0.1] 2007-03-03
|
925
|
+
|
926
|
+
[@ioquatix]: https://github.com/ioquatix "Samuel Williams"
|
927
|
+
[@jeremyevans]: https://github.com/jeremyevans "Jeremy Evans"
|
928
|
+
[@amatsuda]: https://github.com/amatsuda "Akira Matsuda"
|
929
|
+
[@wjordan]: https://github.com/wjordan "Will Jordan"
|
930
|
+
[@BlakeWilliams]: https://github.com/BlakeWilliams "Blake Williams"
|
931
|
+
[@davidstosik]: https://github.com/davidstosik "David Stosik"
|
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,144 @@
|
|
1
|
+
# Contributing to Rack
|
2
|
+
|
3
|
+
Rack is work of [hundreds of
|
4
|
+
contributors](https://github.com/rack/rack/graphs/contributors). You're
|
5
|
+
encouraged to submit [pull requests](https://github.com/rack/rack/pulls) and
|
6
|
+
[propose features and discuss issues](https://github.com/rack/rack/issues).
|
7
|
+
|
8
|
+
## Backports
|
9
|
+
|
10
|
+
Only security patches are ideal for backporting to non-main release versions. If
|
11
|
+
you're not sure if your bug fix is backportable, you should open a discussion to
|
12
|
+
discuss it first.
|
13
|
+
|
14
|
+
The [Security Policy] documents which release versions will receive security
|
15
|
+
backports.
|
16
|
+
|
17
|
+
## Fork the Project
|
18
|
+
|
19
|
+
Fork the [project on GitHub](https://github.com/rack/rack) and check out your
|
20
|
+
copy.
|
21
|
+
|
22
|
+
```
|
23
|
+
git clone https://github.com/(your-github-username)/rack.git
|
24
|
+
cd rack
|
25
|
+
git remote add upstream https://github.com/rack/rack.git
|
26
|
+
```
|
27
|
+
|
28
|
+
## Create a Topic Branch
|
29
|
+
|
30
|
+
Make sure your fork is up-to-date and create a topic branch for your feature or
|
31
|
+
bug fix.
|
32
|
+
|
33
|
+
```
|
34
|
+
git checkout main
|
35
|
+
git pull upstream main
|
36
|
+
git checkout -b my-feature-branch
|
37
|
+
```
|
38
|
+
|
39
|
+
## Running All Tests
|
40
|
+
|
41
|
+
Install all dependencies.
|
42
|
+
|
43
|
+
```
|
44
|
+
bundle install
|
45
|
+
```
|
46
|
+
|
47
|
+
Run all tests.
|
48
|
+
|
49
|
+
```
|
50
|
+
rake test
|
51
|
+
```
|
52
|
+
|
53
|
+
## Write Tests
|
54
|
+
|
55
|
+
Try to write a test that reproduces the problem you're trying to fix or
|
56
|
+
describes a feature that you want to build.
|
57
|
+
|
58
|
+
We definitely appreciate pull requests that highlight or reproduce a problem,
|
59
|
+
even without a fix.
|
60
|
+
|
61
|
+
## Write Code
|
62
|
+
|
63
|
+
Implement your feature or bug fix.
|
64
|
+
|
65
|
+
Make sure that all tests pass:
|
66
|
+
|
67
|
+
```
|
68
|
+
bundle exec rake test
|
69
|
+
```
|
70
|
+
|
71
|
+
## Write Documentation
|
72
|
+
|
73
|
+
Document any external behavior in the [README](README.md).
|
74
|
+
|
75
|
+
## Update Changelog
|
76
|
+
|
77
|
+
Add a line to [CHANGELOG](CHANGELOG.md).
|
78
|
+
|
79
|
+
## Commit Changes
|
80
|
+
|
81
|
+
Make sure git knows your name and email address:
|
82
|
+
|
83
|
+
```
|
84
|
+
git config --global user.name "Your Name"
|
85
|
+
git config --global user.email "contributor@example.com"
|
86
|
+
```
|
87
|
+
|
88
|
+
Writing good commit logs is important. A commit log should describe what changed
|
89
|
+
and why.
|
90
|
+
|
91
|
+
```
|
92
|
+
git add ...
|
93
|
+
git commit
|
94
|
+
```
|
95
|
+
|
96
|
+
## Push
|
97
|
+
|
98
|
+
```
|
99
|
+
git push origin my-feature-branch
|
100
|
+
```
|
101
|
+
|
102
|
+
## Make a Pull Request
|
103
|
+
|
104
|
+
Go to your fork of rack on GitHub and select your feature branch. Click the
|
105
|
+
'Pull Request' button and fill out the form. Pull requests are usually
|
106
|
+
reviewed within a few days.
|
107
|
+
|
108
|
+
## Rebase
|
109
|
+
|
110
|
+
If you've been working on a change for a while, rebase with upstream/main.
|
111
|
+
|
112
|
+
```
|
113
|
+
git fetch upstream
|
114
|
+
git rebase upstream/main
|
115
|
+
git push origin my-feature-branch -f
|
116
|
+
```
|
117
|
+
|
118
|
+
## Make Required Changes
|
119
|
+
|
120
|
+
Amend your previous commit and force push the changes.
|
121
|
+
|
122
|
+
```
|
123
|
+
git commit --amend
|
124
|
+
git push origin my-feature-branch -f
|
125
|
+
```
|
126
|
+
|
127
|
+
## Check on Your Pull Request
|
128
|
+
|
129
|
+
Go back to your pull request after a few minutes and see whether it passed
|
130
|
+
tests with GitHub Actions. Everything should look green, otherwise fix issues and
|
131
|
+
amend your commit as described above.
|
132
|
+
|
133
|
+
## Be Patient
|
134
|
+
|
135
|
+
It's likely that your change will not be merged and that the nitpicky
|
136
|
+
maintainers will ask you to do more, or fix seemingly benign problems. Hang in
|
137
|
+
there!
|
138
|
+
|
139
|
+
## Thank You
|
140
|
+
|
141
|
+
Please do know that we really appreciate and value your time and work. We love
|
142
|
+
you, really.
|
143
|
+
|
144
|
+
[Security Policy]: SECURITY.md
|
data/MIT-LICENSE
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
The MIT License (MIT)
|
2
2
|
|
3
|
-
Copyright (C) 2007-
|
3
|
+
Copyright (C) 2007-2021 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
|
4
4
|
|
5
5
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
6
|
of this software and associated documentation files (the "Software"), to
|