rack 3.1.18 → 3.1.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/lib/rack/multipart/parser.rb +1 -1
- data/lib/rack/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b240dc5ca41313115b62737a54719f60c77729d1e569e086c8808a1e50c24c86
|
|
4
|
+
data.tar.gz: da8d7e1e6f3d7c920f7c74907f17fa1ea5bcbaa9366b2ee3bdac49f0430ae909
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f0ecef2c27279d4a031e05666a43a5748fd3f40a1bbce45bfc2605e548790140849d35b57aa59ea130b256f85813ac0f256c11e36e971447ab423f614f5e228d
|
|
7
|
+
data.tar.gz: 86d41b59621d3e831dede55043bf84d457024a68c67da1f7e9410aed2f1abb55b6e4a8ca3cb2e1517fee71270dec851d67014d0111522d434ca20bcf7f528dc6
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,12 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
|
4
4
|
|
|
5
|
+
## [3.1.19] - 2025-11-03
|
|
6
|
+
|
|
7
|
+
### Fixed
|
|
8
|
+
|
|
9
|
+
- Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
|
|
10
|
+
|
|
5
11
|
## [3.1.18] - 2025-10-10
|
|
6
12
|
|
|
7
13
|
### Security
|
|
@@ -380,6 +386,12 @@ Rack v3.1 is primarily a maintenance release that removes features deprecated in
|
|
|
380
386
|
- Fix multipart filename generation for filenames that contain spaces. Encode spaces as "%20" instead of "+" which will be decoded properly by the multipart parser. ([#1736](https://github.com/rack/rack/pull/1645), [@muirdm](https://github.com/muirdm))
|
|
381
387
|
- `Rack::Request#scheme` returns `ws` or `wss` when one of the `X-Forwarded-Scheme` / `X-Forwarded-Proto` headers is set to `ws` or `wss`, respectively. ([#1730](https://github.com/rack/rack/issues/1730), [@erwanst](https://github.com/erwanst))
|
|
382
388
|
|
|
389
|
+
## [2.2.21] - 2025-11-03
|
|
390
|
+
|
|
391
|
+
### Fixed
|
|
392
|
+
|
|
393
|
+
- Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
|
|
394
|
+
|
|
383
395
|
## [2.2.20] - 2025-10-10
|
|
384
396
|
|
|
385
397
|
### Security
|
|
@@ -444,7 +444,7 @@ module Rack
|
|
|
444
444
|
else
|
|
445
445
|
# We raise if the mime part header is too large, to avoid unbounded memory
|
|
446
446
|
# buffering. Note that the actual limit is the higher of 64KB and the buffer size (1MB by default)
|
|
447
|
-
raise Error, "multipart mime part header too large" if @sbuf.
|
|
447
|
+
raise Error, "multipart mime part header too large" if @sbuf.rest.bytesize > MIME_HEADER_BYTESIZE_LIMIT
|
|
448
448
|
|
|
449
449
|
return :want_read
|
|
450
450
|
end
|
data/lib/rack/version.rb
CHANGED