rack 2.2.12 → 2.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/lib/rack/static.rb +2 -1
  4. data/lib/rack/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 167bba569cfd7b2335f6e17741862befa9de899c21e0c77dbf86973204528196
4
- data.tar.gz: ce06a5a6bfbb34b51c107192549bbfb8eefc01c46f73f16dce244881648440cb
3
+ metadata.gz: '09a6d038df42d0af44940110fca3a8f9eb37a56a2acea9f1ad02f6fc39c685a9'
4
+ data.tar.gz: d4a25103cf82081f357f621ee9a44027a799cda9c566f1ad4ffff3ec9d45a603
5
5
  SHA512:
6
- metadata.gz: 35279519ce7d3543c348083fa24359880421b3fc3ac77a3390baf48df15ec84ab83ff4dd38d9ea33e1f013bbdeb623ff5f1a7c858ed914d4e81ca2c3bbf06fa1
7
- data.tar.gz: 32759f2fbb97edff9fb17d081ea618ae062b3b267e74d953037f56fa8387fecd46eec393bca57eabd282b94c187e9586cac6ff4b1ed6d3d97b4280046f0f61a2
6
+ metadata.gz: 6324e627506aa9605cab9ad4778303ccb24dffa41d2877e5a9008813556f84cc4660f2638fa00431b36a23cac528c81fa23884d21e907f56370634a67f94070c
7
+ data.tar.gz: bc7cabae2f718457165de32fa8905028d0cbb85bcfe150ac2a7871e78ad57b3651d1881aedfc9a366fb9aa11ca009a1344e180ad2c470f1792b4e2befb629034
data/CHANGELOG.md CHANGED
@@ -2,6 +2,12 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
4
4
 
5
+ ## [2.2.13] - 2025-03-11
6
+
7
+ ### Security
8
+
9
+ - [CVE-2025-27610](https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v) Local file inclusion in `Rack::Static`.
10
+
5
11
  ## [2.2.12] - 2025-03-04
6
12
 
7
13
  ### Security
data/lib/rack/static.rb CHANGED
@@ -122,8 +122,9 @@ module Rack
122
122
 
123
123
  def call(env)
124
124
  path = env[PATH_INFO]
125
+ actual_path = Utils.clean_path_info(Utils.unescape_path(path))
125
126
 
126
- if can_serve(path)
127
+ if can_serve(actual_path)
127
128
  if overwrite_file_path(path)
128
129
  env[PATH_INFO] = (add_index_root?(path) ? path + @index : @urls[path])
129
130
  elsif @gzip && env['HTTP_ACCEPT_ENCODING'] && /\bgzip\b/.match?(env['HTTP_ACCEPT_ENCODING'])
data/lib/rack/version.rb CHANGED
@@ -20,7 +20,7 @@ module Rack
20
20
  VERSION.join(".")
21
21
  end
22
22
 
23
- RELEASE = "2.2.12"
23
+ RELEASE = "2.2.13"
24
24
 
25
25
  # Return the Rack release as a dotted string.
26
26
  def self.release
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rack
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.12
4
+ version: 2.2.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Leah Neukirchen
8
8
  bindir: bin
9
9
  cert_chain: []
10
- date: 2025-03-04 00:00:00.000000000 Z
10
+ date: 2025-03-10 00:00:00.000000000 Z
11
11
  dependencies:
12
12
  - !ruby/object:Gem::Dependency
13
13
  name: minitest