rack 3.1.4 → 3.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of rack might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d917c34d2fcdaa2370573215d80d8cae52d56db08a1dc3beb404cab4eb22456d
4
- data.tar.gz: e73e6d8c063583b0a0b41a8559ac4791e097ddd1bf3a80285df04198ad7f4c7f
3
+ metadata.gz: 3c10c6fa362f15e1169822a88e4fe9edfa36b01e48ba5d338bf55e94889a097f
4
+ data.tar.gz: c205f62d2490fda13b70cc5d0b3be62af5cad3efa950d5ceabc0e1980d3fef83
5
5
  SHA512:
6
- metadata.gz: 297f63ac060e32452f551675b1de70d988db2e3dd0bfa9f84209c5bb4e607ddec895bf92c350220a70ecf3f0b51a911a1f93844ff542cd9ba7102b151acf0e8c
7
- data.tar.gz: da58b8eb44af3347196d6b965158a90141860ad064bb500c845b80b585953f6f074817c59798f534b71cd8a65814420da519a1157bde86f97f4d0ff67014d41c
6
+ metadata.gz: 466e3dd3536d81196d86f1cc0a3fa8e833cfe96b523843160aef33267aab0e0e46501d5f163f2a72d4e3401385c43312237f67da26932b2d192c9d1bfb3dcfdc
7
+ data.tar.gz: 3bcf798901aeaa5a94524864925160077f07ac26ebaa9e3ad6b080afbe45fb0a7f1f9ee89d990720aeae7d5b8dd73e2e1bf82a264323649219b59682b56cc09a
data/CHANGELOG.md CHANGED
@@ -2,6 +2,12 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
4
4
 
5
+ ## [3.1.5] - 2024-07-02
6
+
7
+ ### Security
8
+
9
+ - Fix potential ReDoS attack in `Rack::Request#parse_http_accept_header`. ([GHSA-cj83-2ww7-mvq7](https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7), [@dwisiswant0](https://github.com/dwisiswant0))
10
+
5
11
  ## [3.1.4] - 2024-06-22
6
12
 
7
13
  ### Fixed
@@ -131,7 +137,7 @@ All notable changes to this project will be documented in this file. For info on
131
137
 
132
138
  - `Rack::URLMap` uses non-deprecated form of `Regexp.new`. ([#1998](https://github.com/rack/rack/pull/1998), [@weizheheng](https://github.com/weizheheng))
133
139
 
134
- ## [3.0.2] -2022-12-05
140
+ ## [3.0.2] - 2022-12-05
135
141
 
136
142
  ### Fixed
137
143
 
data/lib/rack/request.rb CHANGED
@@ -642,8 +642,10 @@ module Rack
642
642
  end
643
643
 
644
644
  def parse_http_accept_header(header)
645
- header.to_s.split(/\s*,\s*/).map do |part|
646
- attribute, parameters = part.split(/\s*;\s*/, 2)
645
+ header.to_s.split(',').map do |part|
646
+ attribute, parameters = part.split(';', 2)
647
+ attribute.strip!
648
+ parameters&.strip!
647
649
  quality = 1.0
648
650
  if parameters and /\Aq=([\d.]+)/ =~ parameters
649
651
  quality = $1.to_f
data/lib/rack/version.rb CHANGED
@@ -12,7 +12,7 @@
12
12
  # so it should be enough just to <tt>require 'rack'</tt> in your code.
13
13
 
14
14
  module Rack
15
- RELEASE = "3.1.4"
15
+ RELEASE = "3.1.5"
16
16
 
17
17
  # Return the Rack release as a dotted string.
18
18
  def self.release
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.4
4
+ version: 3.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Leah Neukirchen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-22 00:00:00.000000000 Z
11
+ date: 2024-07-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest