rack 3.1.4 → 3.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -1
- data/lib/rack/request.rb +14 -2
- data/lib/rack/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eaf18cf63641b74f599535734eddaf9886c6ffa7f7b00d9aca768715b25498f9
|
|
4
|
+
data.tar.gz: 375ef784b899a1f936505dfffef3d6da3ee0f546e0f90d475a9a4db3264281cc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 41667c1b8b3e3fe9ac3dd9c22f456a8eb5b756c310c28af98dd7b9ce998eed1a224c39c680019dabb3dedd32cff762d1274a63770f2372a12874f92d026713a6
|
|
7
|
+
data.tar.gz: ca3837da3ae9a4bf02cf540661c00755e9db416d6c2b268e92df759f77a882646da3b3cb229668ccc409d0764fccb70fcba34134cbece934927adda5a14e5564
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,16 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
|
4
4
|
|
|
5
|
+
## [3.1.6] - 2024-07-03
|
|
6
|
+
|
|
7
|
+
- Fix several edge cases in `Rack::Request#parse_http_accept_header`'s implementation. ([#2226](https://github.com/rack/rack/pull/2226), [@ioquatix])
|
|
8
|
+
|
|
9
|
+
## [3.1.5] - 2024-07-02
|
|
10
|
+
|
|
11
|
+
### Security
|
|
12
|
+
|
|
13
|
+
- Fix potential ReDoS attack in `Rack::Request#parse_http_accept_header`. ([GHSA-cj83-2ww7-mvq7](https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7), [@dwisiswant0](https://github.com/dwisiswant0))
|
|
14
|
+
|
|
5
15
|
## [3.1.4] - 2024-06-22
|
|
6
16
|
|
|
7
17
|
### Fixed
|
|
@@ -131,7 +141,7 @@ All notable changes to this project will be documented in this file. For info on
|
|
|
131
141
|
|
|
132
142
|
- `Rack::URLMap` uses non-deprecated form of `Regexp.new`. ([#1998](https://github.com/rack/rack/pull/1998), [@weizheheng](https://github.com/weizheheng))
|
|
133
143
|
|
|
134
|
-
## [3.0.2] -2022-12-05
|
|
144
|
+
## [3.0.2] - 2022-12-05
|
|
135
145
|
|
|
136
146
|
### Fixed
|
|
137
147
|
|
data/lib/rack/request.rb
CHANGED
|
@@ -642,14 +642,26 @@ module Rack
|
|
|
642
642
|
end
|
|
643
643
|
|
|
644
644
|
def parse_http_accept_header(header)
|
|
645
|
-
|
|
646
|
-
|
|
645
|
+
# It would be nice to use filter_map here, but it's Ruby 2.7+
|
|
646
|
+
parts = header.to_s.split(',')
|
|
647
|
+
|
|
648
|
+
parts.map! do |part|
|
|
649
|
+
part.strip!
|
|
650
|
+
next if part.empty?
|
|
651
|
+
|
|
652
|
+
attribute, parameters = part.split(';', 2)
|
|
653
|
+
attribute.strip!
|
|
654
|
+
parameters&.strip!
|
|
647
655
|
quality = 1.0
|
|
648
656
|
if parameters and /\Aq=([\d.]+)/ =~ parameters
|
|
649
657
|
quality = $1.to_f
|
|
650
658
|
end
|
|
651
659
|
[attribute, quality]
|
|
652
660
|
end
|
|
661
|
+
|
|
662
|
+
parts.compact!
|
|
663
|
+
|
|
664
|
+
parts
|
|
653
665
|
end
|
|
654
666
|
|
|
655
667
|
# Get an array of values set in the RFC 7239 `Forwarded` request header.
|
data/lib/rack/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Leah Neukirchen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-07-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|