rack 3.0.9.1 → 3.0.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ebeaad43b1e4e691aa7123f2f0b0abb55bd4e8ccb062a048d3bc636c12780a1c
-  data.tar.gz: 4db213c69e487539b15f2648019de339b3876bd9d9ab39a7e4948c6114a18546
+  metadata.gz: '02708966a52d0c3f5837969a1be34245fe608b2b195e05a5f6d01a192c54a104'
+  data.tar.gz: ce9f131cb863d4c4fd215cfc612cad5f90368187d20eaabd70db6f5cc8fd14ea
 SHA512:
-  metadata.gz: 6c3afb608d9170593f0bc58120d60dcec9d4d3163e72a9805b8a48b2ebd8952a359dd56d2c2f48dc8673d2361647409a628b22073b4e07a6c070f60283265bb9
-  data.tar.gz: fb304999e3568174cdcc7a2b0b43b3ba064448db1882142524b50332cd7d037a2ff44c7042f94a2b18da862ca4db6e43b6eb9ca71b6b73986e1359e4b294eb7c
+  metadata.gz: 5d7a4f539b7abd7e28908da9c34d29ef6df3a1bb80e52ec656dc9324bdf5573b2213e82bb01175327f701c9275f404a790ddb3ee42ceeba7dac0d579f68f6cd6
+  data.tar.gz: 125fb761b1d4e979936a4587146c41623d03c26561c8e36501efb25735cb8ff122bcf2fe77382850ea3c28559ef2aa3f5dba64dba86530c02359a6be6ac0a3bf

data/CHANGELOG.md

@@ -4,9 +4,13 @@ All notable changes to this project will be documented in this file. For info on
 
 ## Unreleased
 
+## [3.0.10] - 2024-03-21
+
+- Backport #2104 to 3-0-stable: Return empty when parsing a multi-part POST with only one end delimiter. ([#2164](https://github.com/rack/rack/pull/2164), [@JoeDupuis](https://github.com/JoeDupuis))
+
 ## [3.0.9] - 2024-01-31
 
-- Fix incorrect content-length header that was emitted when `Rack::Response#write` was used in some situations. ([#2150](https://github.com/rack/rack/pull/2150), [@mattbrictson])
+- Fix incorrect content-length header that was emitted when `Rack::Response#write` was used in some situations. ([#2150](https://github.com/rack/rack/pull/2150), [@mattbrictson](https://github.com/mattbrictson))
 
 ## [3.0.8] - 2023-06-14
 

data/lib/rack/multipart/parser.rb

@@ -213,6 +213,7 @@ module Rack
 
         @sbuf = StringScanner.new("".dup)
         @body_regex = /(?:#{EOL}|\A)--#{Regexp.quote(boundary)}(?:#{EOL}|--)/m
+        @end_boundary_size = boundary.bytesize + 4 # (-- at start, -- at finish)
         @rx_max_size = boundary.bytesize + 6 # (\r\n-- at start, either \r\n or -- at finish)
         @head_regex = /(.*?#{EOL})#{EOL}/m
       end
@@ -279,7 +280,14 @@ module Rack
             @state = :MIME_HEAD
             return
           when :END_BOUNDARY
-            # invalid multipart upload, but retry for opening boundary
+            # invalid multipart upload
+            if @sbuf.pos == @end_boundary_size && @sbuf.rest == EOL
+              # stop parsing a buffer if a buffer is only an end boundary.
+              @state = :DONE
+              return
+            end
+
+            # retry for opening boundary
           else
             # no boundary found, keep reading data
             return :want_read

data/lib/rack/version.rb

@@ -25,7 +25,7 @@ module Rack
     VERSION
   end
 
-  RELEASE = "3.0.9.1"
+  RELEASE = "3.0.10"
 
   # Return the Rack release as a dotted string.
   def self.release

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 3.0.9.1
+  version: 3.0.10
 platform: ruby
 authors:
 - Leah Neukirchen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-02-21 00:00:00.000000000 Z
+date: 2024-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -164,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: A modular Ruby webserver interface.