rack 2.2.10 → 2.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/rack/common_logger.rb +3 -2
  4. data/lib/rack/version.rb +1 -1
  5. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 89c25f75ddd66c4ab311ec7afaad215f5417ab7c0478fb8da65bef7288b25ead
4
- data.tar.gz: 35bef5623220a06f4f1f54a752c0d5d67b23539d9521470446a323a03b25b3fa
3
+ metadata.gz: 5a52d0aaca2ecd96be997b263d21b759f488a509acbe537dd49daa71b58ee7a9
4
+ data.tar.gz: 87e641041f1e3269a0c21c932efe8ae4462777696408e4782dcdc69d0aa01579
5
5
  SHA512:
6
- metadata.gz: 82b9812778a5e19704f7014a87b5dccffea6122e7a55295cfff5bfc2a581a11d718af4282b1503dc63bd16984ab286367da26ba533081dd7453c5c44d37a3616
7
- data.tar.gz: e7231940003fac65c76d7ed327e4f90d3b2ab31f665651e609a607e37952a43ced1b764429f052fef431e849f2bbc6a8841141ce4c51ac898d6bd34f54660b8e
6
+ metadata.gz: f4eb2e25547ce0a4fbab24a4f2629f2492e4da9fbcdd152e0d10ff335bd1e312c8aa8c0937612196878cc046c7f991d092c40b3856117a00c8e725dea2853d4a
7
+ data.tar.gz: 2188b85ac67e13c93304ef3c4b9c4f6e045dedba6c62cb2ad2d0520288b72caff4bffac0a0862d6e7d07c42f0123435ebea99a887ef7d8a76a60b8cf38cd515c
data/CHANGELOG.md CHANGED
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. For info on
4
4
 
5
5
  ## Unreleased
6
6
 
7
+ ## [3.1.11] - 2025-02-12
8
+
9
+ ### Security
10
+
11
+ - [CVE-2025-25184](https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in Rack::CommonLogger.
12
+
7
13
  ## [2.2.10] - 2024-10-14
8
14
 
9
15
  - Fix compatibility issues with Ruby v3.4.0. ([#2248](https://github.com/rack/rack/pull/2248), [@byroot](https://github.com/byroot))
data/lib/rack/common_logger.rb CHANGED
@@ -15,7 +15,7 @@ module Rack
15
15
  # The actual format is slightly different than the above due to the
16
16
  # separation of SCRIPT_NAME and PATH_INFO, and because the elapsed
17
17
  # time in seconds is included at the end.
18
- FORMAT = %{%s - %s [%s] "%s %s%s%s %s" %d %s %0.4f\n}
18
+ FORMAT = %{%s - %s [%s] "%s %s%s%s %s" %d %s %0.4f }
19
19
 
20
20
  # +logger+ can be any object that supports the +write+ or +<<+ methods,
21
21
  # which includes the standard library Logger. These methods are called
@@ -60,7 +60,8 @@ module Rack
60
60
  length,
61
61
  Utils.clock_time - began_at ]
62
62
 
63
- msg.gsub!(/[^[:print:]\n]/) { |c| "\\x#{c.ord}" }
63
+ msg.gsub!(/[^[:print:]]/) { |c| sprintf("\\x%x", c.ord) }
64
+ msg[-1] = "\n"
64
65
 
65
66
  logger = @logger || env[RACK_ERRORS]
66
67
 
data/lib/rack/version.rb CHANGED
@@ -20,7 +20,7 @@ module Rack
20
20
  VERSION.join(".")
21
21
  end
22
22
 
23
- RELEASE = "2.2.10"
23
+ RELEASE = "2.2.11"
24
24
 
25
25
  # Return the Rack release as a dotted string.
26
26
  def self.release
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.10
4
+ version: 2.2.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Leah Neukirchen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-10-14 00:00:00.000000000 Z
11
+ date: 2025-02-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest
@@ -184,7 +184,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
184
184
  - !ruby/object:Gem::Version
185
185
  version: '0'
186
186
  requirements: []
187
- rubygems_version: 3.5.11
187
+ rubygems_version: 3.5.22
188
188
  signing_key:
189
189
  specification_version: 4
190
190
  summary: A modular Ruby webserver interface.