rack 3.2.3 → 3.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +18 -0
  3. data/lib/rack/multipart/parser.rb +1 -1
  4. data/lib/rack/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 19fbcf7ac3f253dc5265f02aa7200b80293cba9497712bef24b3bd9af9a7e1e8
4
- data.tar.gz: fb0dbfc721493fa7483ba1cb4a258b246823bcc2e42dff2ee69519be653ade80
3
+ metadata.gz: 3c8830e7467cbfb11b649492479a89660919c738ea98d4903215d413b981c0ab
4
+ data.tar.gz: 9b5ffea244da69c22d243ebb9a8779f5b38fbe014f5a6992f181c17c2939f198
5
5
  SHA512:
6
- metadata.gz: 44fcb08953ddacf0c82e60513ea4642d95f330fc82d1f4bf06bb8bc9f1e26eb9d19c9c48bf73b639e2b2427173660e1a3d553358b8b536c4236c3e44af2f87df
7
- data.tar.gz: 584b4862cdab33cb37aca49446d3c0bef33c37a4f9a63c5238105d601c23b86c54ab3b277a570b465590006fcf8edbcd8a8b195fa07f0f40375a3b988b299433
6
+ metadata.gz: 604e146a609767332da5dea6f4aef3e9a5dd41b15577a2fa91c6b56fccaf705f0e37b86e11532e252e1c2a70e5950e2c6a59b6d7daddd7de84f33c1946615f18
7
+ data.tar.gz: e1c4d36619ab862546301ce9bcd722e1a432d04d2c39988acf6df636936a1d855b75e133381af683f2a2bb4a8a9b908a2594db68cc6246dfa2d38f1f0956a71a
data/CHANGELOG.md CHANGED
@@ -2,6 +2,12 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
4
4
 
5
+ ## [3.2.4] - 2025-11-03
6
+
7
+ ### Fixed
8
+
9
+ - Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
10
+
5
11
  ## [3.2.3] - 2025-10-10
6
12
 
7
13
  ### Security
@@ -74,6 +80,12 @@ This release continues Rack's evolution toward a cleaner, more efficient foundat
74
80
  - `SERVER_NAME` and `HTTP_HOST` are now more strictly validated according to the relevant specifications. ([#2298](https://github.com/rack/rack/pull/2298), [@ioquatix])
75
81
  - `Rack::Lint` now disallows `PATH_INFO="" SCRIPT_NAME=""`. ([#2298](https://github.com/rack/rack/issues/2307), [@jeremyevans])
76
82
 
83
+ ## [3.1.19] - 2025-11-03
84
+
85
+ ### Fixed
86
+
87
+ - Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
88
+
77
89
  ## [3.1.18] - 2025-10-10
78
90
 
79
91
  ### Security
@@ -458,6 +470,12 @@ This release introduces major improvements to Rack, including enhanced support f
458
470
  - Fix multipart filename generation for filenames that contain spaces. Encode spaces as "%20" instead of "+" which will be decoded properly by the multipart parser. ([#1736](https://github.com/rack/rack/pull/1645), [@muirdm](https://github.com/muirdm))
459
471
  - `Rack::Request#scheme` returns `ws` or `wss` when one of the `X-Forwarded-Scheme` / `X-Forwarded-Proto` headers is set to `ws` or `wss`, respectively. ([#1730](https://github.com/rack/rack/issues/1730), [@erwanst](https://github.com/erwanst))
460
472
 
473
+ ## [2.2.21] - 2025-11-03
474
+
475
+ ### Fixed
476
+
477
+ - Multipart parser: limit MIME header size check to the unread buffer region to avoid false `multipart mime part header too large` errors when previously read data accumulates in the scan buffer. ([#2392](https://github.com/rack/rack/pull/2392), [@alpaca-tc](https://github.com/alpaca-tc), [@willnet](https://github.com/willnet), [@krororo](https://github.com/krororo))
478
+
461
479
  ## [2.2.20] - 2025-10-10
462
480
 
463
481
  ### Security
data/lib/rack/multipart/parser.rb CHANGED
@@ -451,7 +451,7 @@ module Rack
451
451
  else
452
452
  # We raise if the mime part header is too large, to avoid unbounded memory
453
453
  # buffering. Note that the actual limit is the higher of 64KB and the buffer size (1MB by default)
454
- raise Error, "multipart mime part header too large" if @sbuf.string.bytesize > MIME_HEADER_BYTESIZE_LIMIT
454
+ raise Error, "multipart mime part header too large" if @sbuf.rest.bytesize > MIME_HEADER_BYTESIZE_LIMIT
455
455
 
456
456
  return :want_read
457
457
  end
data/lib/rack/version.rb CHANGED
@@ -6,7 +6,7 @@
6
6
  # See MIT-LICENSE or https://opensource.org/licenses/MIT.
7
7
 
8
8
  module Rack
9
- VERSION = "3.2.3"
9
+ VERSION = "3.2.4"
10
10
 
11
11
  RELEASE = VERSION
12
12
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.3
4
+ version: 3.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Leah Neukirchen