rack 2.2.11 → 2.2.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a52d0aaca2ecd96be997b263d21b759f488a509acbe537dd49daa71b58ee7a9
-  data.tar.gz: 87e641041f1e3269a0c21c932efe8ae4462777696408e4782dcdc69d0aa01579
+  metadata.gz: '09a6d038df42d0af44940110fca3a8f9eb37a56a2acea9f1ad02f6fc39c685a9'
+  data.tar.gz: d4a25103cf82081f357f621ee9a44027a799cda9c566f1ad4ffff3ec9d45a603
 SHA512:
-  metadata.gz: f4eb2e25547ce0a4fbab24a4f2629f2492e4da9fbcdd152e0d10ff335bd1e312c8aa8c0937612196878cc046c7f991d092c40b3856117a00c8e725dea2853d4a
-  data.tar.gz: 2188b85ac67e13c93304ef3c4b9c4f6e045dedba6c62cb2ad2d0520288b72caff4bffac0a0862d6e7d07c42f0123435ebea99a887ef7d8a76a60b8cf38cd515c
+  metadata.gz: 6324e627506aa9605cab9ad4778303ccb24dffa41d2877e5a9008813556f84cc4660f2638fa00431b36a23cac528c81fa23884d21e907f56370634a67f94070c
+  data.tar.gz: bc7cabae2f718457165de32fa8905028d0cbb85bcfe150ac2a7871e78ad57b3651d1881aedfc9a366fb9aa11ca009a1344e180ad2c470f1792b4e2befb629034

data/CHANGELOG.md

@@ -2,13 +2,23 @@
 
 All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## Unreleased
+## [2.2.13] - 2025-03-11
 
-## [3.1.11] - 2025-02-12
+### Security
+
+- [CVE-2025-27610](https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
+
+## [2.2.12] - 2025-03-04
+
+### Security
+
+- [CVE-2025-27111](https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
+
+## [2.2.11] - 2025-02-12
 
 ### Security
 
-- [CVE-2025-25184](https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in Rack::CommonLogger.
+- [CVE-2025-25184](https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
 
 ## [2.2.10] - 2024-10-14
 

data/lib/rack/sendfile.rb

@@ -133,7 +133,7 @@ module Rack
           end
         when '', nil
         else
-          env[RACK_ERRORS].puts "Unknown x-sendfile variation: '#{type}'.\n"
+          env[RACK_ERRORS].puts "Unknown x-sendfile variation: #{type.inspect}"
         end
       end
       [status, headers, body]

data/lib/rack/static.rb

@@ -122,8 +122,9 @@ module Rack
 
     def call(env)
       path = env[PATH_INFO]
+      actual_path = Utils.clean_path_info(Utils.unescape_path(path))
 
-      if can_serve(path)
+      if can_serve(actual_path)
         if overwrite_file_path(path)
           env[PATH_INFO] = (add_index_root?(path) ? path + @index : @urls[path])
         elsif @gzip && env['HTTP_ACCEPT_ENCODING'] && /\bgzip\b/.match?(env['HTTP_ACCEPT_ENCODING'])

data/lib/rack/version.rb

@@ -20,7 +20,7 @@ module Rack
     VERSION.join(".")
   end
 
-  RELEASE = "2.2.11"
+  RELEASE = "2.2.13"
 
   # Return the Rack release as a dotted string.
   def self.release

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 2.2.11
+  version: 2.2.13
 platform: ruby
 authors:
 - Leah Neukirchen
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-12 00:00:00.000000000 Z
+date: 2025-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -169,7 +168,6 @@ metadata:
   changelog_uri: https://github.com/rack/rack/blob/master/CHANGELOG.md
   documentation_uri: https://rubydoc.info/github/rack/rack
   source_code_uri: https://github.com/rack/rack
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -184,8 +182,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: A modular Ruby webserver interface.
 test_files: []