rack 2.1.3 → 2.1.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/lib/rack.rb +1 -1
- data/lib/rack/directory.rb +1 -0
- data/lib/rack/utils.rb +6 -2
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3851dcf1bb18356cc36d8d390c8b2f7e9abde5a7068dac862246e8280a9d7c41
|
|
4
|
+
data.tar.gz: 5a5b9b318ba267f8ac3bd726048e6e826ff3feed3bb150252df91c7d038951cc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7d071738226e954ce7bf0507422e41857bba7a10ceed70c22263b279cbbd19d362066a6ac62999a47212878f7e26e659e396c6c6ee51eb5dc4d5617a41859597
|
|
7
|
+
data.tar.gz: 2d0ff8ec9f7fe54a4c0d88fd4ae51424b506df4c9a15324830ea36961dda8e5327250637f8b0a4168d4f66e95c815d0f2cc773c56f5a70dcadf5d50491723614
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
## [2.1.4] - 2020-06-15
|
|
2
|
+
|
|
3
|
+
- [CVE-2020-8184] When parsing cookies, only decode the value
|
|
4
|
+
|
|
5
|
+
## [2.1.3] - 2020-05-12
|
|
6
|
+
|
|
7
|
+
- [CVE-2020-8161] Use Dir.entries instead of Dir[glob] to prevent user-specified glob metacharacters
|
|
8
|
+
-
|
|
1
9
|
## [2.1.2] - 2020-01-27
|
|
2
10
|
|
|
3
11
|
- Fix multipart parser for some files to prevent denial of service ([@aiomaster](https://github.com/aiomaster))
|
data/lib/rack.rb
CHANGED
data/lib/rack/directory.rb
CHANGED
data/lib/rack/utils.rb
CHANGED
|
@@ -215,8 +215,12 @@ module Rack
|
|
|
215
215
|
# the Cookie header such that those with more specific Path attributes
|
|
216
216
|
# precede those with less specific. Ordering with respect to other
|
|
217
217
|
# attributes (e.g., Domain) is unspecified.
|
|
218
|
-
|
|
219
|
-
|
|
218
|
+
return {} unless header
|
|
219
|
+
header.split(/[;,] */n).each_with_object({}) do |cookie, cookies|
|
|
220
|
+
next if cookie.empty?
|
|
221
|
+
key, value = cookie.split('=', 2)
|
|
222
|
+
cookies[key] = (unescape(value) rescue value) unless cookies.key?(key)
|
|
223
|
+
end
|
|
220
224
|
end
|
|
221
225
|
module_function :parse_cookies_header
|
|
222
226
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.
|
|
4
|
+
version: 2.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Leah Neukirchen
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-06-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|
|
@@ -170,7 +170,7 @@ metadata:
|
|
|
170
170
|
homepage_uri: https://rack.github.io
|
|
171
171
|
mailing_list_uri: https://groups.google.com/forum/#!forum/rack-devel
|
|
172
172
|
source_code_uri: https://github.com/rack/rack
|
|
173
|
-
post_install_message:
|
|
173
|
+
post_install_message:
|
|
174
174
|
rdoc_options: []
|
|
175
175
|
require_paths:
|
|
176
176
|
- lib
|
|
@@ -185,8 +185,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
185
185
|
- !ruby/object:Gem::Version
|
|
186
186
|
version: '0'
|
|
187
187
|
requirements: []
|
|
188
|
-
rubygems_version: 3.0.
|
|
189
|
-
signing_key:
|
|
188
|
+
rubygems_version: 3.2.0.pre1
|
|
189
|
+
signing_key:
|
|
190
190
|
specification_version: 4
|
|
191
191
|
summary: a modular Ruby webserver interface
|
|
192
192
|
test_files: []
|