rack 3.1.3 → 3.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -1
- data/lib/rack/lint.rb +1 -1
- data/lib/rack/request.rb +14 -2
- data/lib/rack/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eaf18cf63641b74f599535734eddaf9886c6ffa7f7b00d9aca768715b25498f9
|
|
4
|
+
data.tar.gz: 375ef784b899a1f936505dfffef3d6da3ee0f546e0f90d475a9a4db3264281cc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 41667c1b8b3e3fe9ac3dd9c22f456a8eb5b756c310c28af98dd7b9ce998eed1a224c39c680019dabb3dedd32cff762d1274a63770f2372a12874f92d026713a6
|
|
7
|
+
data.tar.gz: ca3837da3ae9a4bf02cf540661c00755e9db416d6c2b268e92df759f77a882646da3b3cb229668ccc409d0764fccb70fcba34134cbece934927adda5a14e5564
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,22 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
|
4
4
|
|
|
5
|
+
## [3.1.6] - 2024-07-03
|
|
6
|
+
|
|
7
|
+
- Fix several edge cases in `Rack::Request#parse_http_accept_header`'s implementation. ([#2226](https://github.com/rack/rack/pull/2226), [@ioquatix])
|
|
8
|
+
|
|
9
|
+
## [3.1.5] - 2024-07-02
|
|
10
|
+
|
|
11
|
+
### Security
|
|
12
|
+
|
|
13
|
+
- Fix potential ReDoS attack in `Rack::Request#parse_http_accept_header`. ([GHSA-cj83-2ww7-mvq7](https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7), [@dwisiswant0](https://github.com/dwisiswant0))
|
|
14
|
+
|
|
15
|
+
## [3.1.4] - 2024-06-22
|
|
16
|
+
|
|
17
|
+
### Fixed
|
|
18
|
+
|
|
19
|
+
- Fix `Rack::Lint` matching some paths incorrectly as authority form. ([#2220](https://github.com/rack/rack/pull/2220), [@ioquatix])
|
|
20
|
+
|
|
5
21
|
## [3.1.3] - 2024-06-12
|
|
6
22
|
|
|
7
23
|
### Fixed
|
|
@@ -125,7 +141,7 @@ All notable changes to this project will be documented in this file. For info on
|
|
|
125
141
|
|
|
126
142
|
- `Rack::URLMap` uses non-deprecated form of `Regexp.new`. ([#1998](https://github.com/rack/rack/pull/1998), [@weizheheng](https://github.com/weizheheng))
|
|
127
143
|
|
|
128
|
-
## [3.0.2] -2022-12-05
|
|
144
|
+
## [3.0.2] - 2022-12-05
|
|
129
145
|
|
|
130
146
|
### Fixed
|
|
131
147
|
|
data/lib/rack/lint.rb
CHANGED
|
@@ -13,7 +13,7 @@ module Rack
|
|
|
13
13
|
class Lint
|
|
14
14
|
REQUEST_PATH_ORIGIN_FORM = /\A\/[^#]*\z/
|
|
15
15
|
REQUEST_PATH_ABSOLUTE_FORM = /\A#{URI::DEFAULT_PARSER.make_regexp}\z/
|
|
16
|
-
REQUEST_PATH_AUTHORITY_FORM = /\A
|
|
16
|
+
REQUEST_PATH_AUTHORITY_FORM = /\A[^\/:]+:\d+\z/
|
|
17
17
|
REQUEST_PATH_ASTERISK_FORM = '*'
|
|
18
18
|
|
|
19
19
|
def initialize(app)
|
data/lib/rack/request.rb
CHANGED
|
@@ -642,14 +642,26 @@ module Rack
|
|
|
642
642
|
end
|
|
643
643
|
|
|
644
644
|
def parse_http_accept_header(header)
|
|
645
|
-
|
|
646
|
-
|
|
645
|
+
# It would be nice to use filter_map here, but it's Ruby 2.7+
|
|
646
|
+
parts = header.to_s.split(',')
|
|
647
|
+
|
|
648
|
+
parts.map! do |part|
|
|
649
|
+
part.strip!
|
|
650
|
+
next if part.empty?
|
|
651
|
+
|
|
652
|
+
attribute, parameters = part.split(';', 2)
|
|
653
|
+
attribute.strip!
|
|
654
|
+
parameters&.strip!
|
|
647
655
|
quality = 1.0
|
|
648
656
|
if parameters and /\Aq=([\d.]+)/ =~ parameters
|
|
649
657
|
quality = $1.to_f
|
|
650
658
|
end
|
|
651
659
|
[attribute, quality]
|
|
652
660
|
end
|
|
661
|
+
|
|
662
|
+
parts.compact!
|
|
663
|
+
|
|
664
|
+
parts
|
|
653
665
|
end
|
|
654
666
|
|
|
655
667
|
# Get an array of values set in the RFC 7239 `Forwarded` request header.
|
data/lib/rack/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Leah Neukirchen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-07-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|
|
@@ -158,7 +158,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
158
158
|
- !ruby/object:Gem::Version
|
|
159
159
|
version: '0'
|
|
160
160
|
requirements: []
|
|
161
|
-
rubygems_version: 3.5.
|
|
161
|
+
rubygems_version: 3.5.11
|
|
162
162
|
signing_key:
|
|
163
163
|
specification_version: 4
|
|
164
164
|
summary: A modular Ruby webserver interface.
|