rack 3.1.3 → 3.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -1
- data/lib/rack/lint.rb +1 -1
- data/lib/rack/request.rb +4 -2
- data/lib/rack/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3c10c6fa362f15e1169822a88e4fe9edfa36b01e48ba5d338bf55e94889a097f
|
4
|
+
data.tar.gz: c205f62d2490fda13b70cc5d0b3be62af5cad3efa950d5ceabc0e1980d3fef83
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 466e3dd3536d81196d86f1cc0a3fa8e833cfe96b523843160aef33267aab0e0e46501d5f163f2a72d4e3401385c43312237f67da26932b2d192c9d1bfb3dcfdc
|
7
|
+
data.tar.gz: 3bcf798901aeaa5a94524864925160077f07ac26ebaa9e3ad6b080afbe45fb0a7f1f9ee89d990720aeae7d5b8dd73e2e1bf82a264323649219b59682b56cc09a
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,18 @@
|
|
2
2
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
4
4
|
|
5
|
+
## [3.1.5] - 2024-07-02
|
6
|
+
|
7
|
+
### Security
|
8
|
+
|
9
|
+
- Fix potential ReDoS attack in `Rack::Request#parse_http_accept_header`. ([GHSA-cj83-2ww7-mvq7](https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7), [@dwisiswant0](https://github.com/dwisiswant0))
|
10
|
+
|
11
|
+
## [3.1.4] - 2024-06-22
|
12
|
+
|
13
|
+
### Fixed
|
14
|
+
|
15
|
+
- Fix `Rack::Lint` matching some paths incorrectly as authority form. ([#2220](https://github.com/rack/rack/pull/2220), [@ioquatix])
|
16
|
+
|
5
17
|
## [3.1.3] - 2024-06-12
|
6
18
|
|
7
19
|
### Fixed
|
@@ -125,7 +137,7 @@ All notable changes to this project will be documented in this file. For info on
|
|
125
137
|
|
126
138
|
- `Rack::URLMap` uses non-deprecated form of `Regexp.new`. ([#1998](https://github.com/rack/rack/pull/1998), [@weizheheng](https://github.com/weizheheng))
|
127
139
|
|
128
|
-
## [3.0.2] -2022-12-05
|
140
|
+
## [3.0.2] - 2022-12-05
|
129
141
|
|
130
142
|
### Fixed
|
131
143
|
|
data/lib/rack/lint.rb
CHANGED
@@ -13,7 +13,7 @@ module Rack
|
|
13
13
|
class Lint
|
14
14
|
REQUEST_PATH_ORIGIN_FORM = /\A\/[^#]*\z/
|
15
15
|
REQUEST_PATH_ABSOLUTE_FORM = /\A#{URI::DEFAULT_PARSER.make_regexp}\z/
|
16
|
-
REQUEST_PATH_AUTHORITY_FORM = /\A
|
16
|
+
REQUEST_PATH_AUTHORITY_FORM = /\A[^\/:]+:\d+\z/
|
17
17
|
REQUEST_PATH_ASTERISK_FORM = '*'
|
18
18
|
|
19
19
|
def initialize(app)
|
data/lib/rack/request.rb
CHANGED
@@ -642,8 +642,10 @@ module Rack
|
|
642
642
|
end
|
643
643
|
|
644
644
|
def parse_http_accept_header(header)
|
645
|
-
header.to_s.split(
|
646
|
-
attribute, parameters = part.split(
|
645
|
+
header.to_s.split(',').map do |part|
|
646
|
+
attribute, parameters = part.split(';', 2)
|
647
|
+
attribute.strip!
|
648
|
+
parameters&.strip!
|
647
649
|
quality = 1.0
|
648
650
|
if parameters and /\Aq=([\d.]+)/ =~ parameters
|
649
651
|
quality = $1.to_f
|
data/lib/rack/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1.
|
4
|
+
version: 3.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Leah Neukirchen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-07-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: minitest
|
@@ -158,7 +158,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
158
158
|
- !ruby/object:Gem::Version
|
159
159
|
version: '0'
|
160
160
|
requirements: []
|
161
|
-
rubygems_version: 3.5.
|
161
|
+
rubygems_version: 3.5.11
|
162
162
|
signing_key:
|
163
163
|
specification_version: 4
|
164
164
|
summary: A modular Ruby webserver interface.
|