rack 3.0.12 → 3.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +69 -1
- data/lib/rack/sendfile.rb +1 -1
- data/lib/rack/version.rb +1 -1
- data/lib/rack.rb +10 -14
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1c864d1b0b86355469b17edefb5ac47e659ae4e47d156070615f12ba012117ce
|
|
4
|
+
data.tar.gz: 82fd6ccbc59081e2483e8bf541d669c3c1be5caa36418306b1009d0a2c396fff
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f1425831596a8893831d295947e6cb33936616397aaf106855a2f30410b3b8b590d04a405d7de5211ff8a64608abd5a7fa9b02e1fce0b182bff37a0f9a57f095
|
|
7
|
+
data.tar.gz: a84716c10271fd19d6d3ae199424358615252136dcab72baf87ccf8ed9384c1b59a66a316d016937d28c555b556afd6d81084b3dfd75d5832ad14b05edb190c1
|
data/CHANGELOG.md
CHANGED
|
@@ -2,11 +2,21 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
|
4
4
|
|
|
5
|
+
## [3.0.13] - 2025-03-04
|
|
6
|
+
|
|
7
|
+
### Security
|
|
8
|
+
|
|
9
|
+
- [CVE-2025-27111](https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
|
|
10
|
+
|
|
11
|
+
### Fixed
|
|
12
|
+
|
|
13
|
+
- Remove autoloads for constants no longer shipped with Rack. ([#2269](https://github.com/rack/rack/pull/2269), [@ccutrer](https://github.com/ccutrer))
|
|
14
|
+
|
|
5
15
|
## [3.0.12] - 2025-02-12
|
|
6
16
|
|
|
7
17
|
### Security
|
|
8
18
|
|
|
9
|
-
- [CVE-2025-25184](https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in Rack::CommonLogger
|
|
19
|
+
- [CVE-2025-25184](https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
|
|
10
20
|
|
|
11
21
|
## [3.0.11] - 2024-05-10
|
|
12
22
|
|
|
@@ -184,6 +194,64 @@ All notable changes to this project will be documented in this file. For info on
|
|
|
184
194
|
- Fix multipart filename generation for filenames that contain spaces. Encode spaces as "%20" instead of "+" which will be decoded properly by the multipart parser. ([#1736](https://github.com/rack/rack/pull/1645), [@muirdm](https://github.com/muirdm))
|
|
185
195
|
- `Rack::Request#scheme` returns `ws` or `wss` when one of the `X-Forwarded-Scheme` / `X-Forwarded-Proto` headers is set to `ws` or `wss`, respectively. ([#1730](https://github.com/rack/rack/issues/1730), [@erwanst](https://github.com/erwanst))
|
|
186
196
|
|
|
197
|
+
## [2.2.12] - 2025-03-04
|
|
198
|
+
|
|
199
|
+
### Security
|
|
200
|
+
|
|
201
|
+
- [CVE-2025-27111](https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
|
|
202
|
+
|
|
203
|
+
## [2.2.11] - 2025-02-12
|
|
204
|
+
|
|
205
|
+
### Security
|
|
206
|
+
|
|
207
|
+
- [CVE-2025-25184](https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg) Possible Log Injection in `Rack::CommonLogger`.
|
|
208
|
+
|
|
209
|
+
## [2.2.10] - 2024-10-14
|
|
210
|
+
|
|
211
|
+
- Fix compatibility issues with Ruby v3.4.0. ([#2248](https://github.com/rack/rack/pull/2248), [@byroot](https://github.com/byroot))
|
|
212
|
+
|
|
213
|
+
## [2.2.9] - 2023-03-21
|
|
214
|
+
|
|
215
|
+
- Return empty when parsing a multi-part POST with only one end delimiter. ([#2104](https://github.com/rack/rack/pull/2104), [@alpaca-tc])
|
|
216
|
+
|
|
217
|
+
## [2.2.8] - 2023-07-31
|
|
218
|
+
|
|
219
|
+
- Regenerate SPEC ([#2102](https://github.com/rack/rack/pull/2102), [@skipkayhil](https://github.com/skipkayhil))
|
|
220
|
+
- Limit file extension length of multipart tempfiles ([#2015](https://github.com/rack/rack/pull/2015), [@dentarg](https://github.com/dentarg))
|
|
221
|
+
- Fix "undefined method DelegateClass for Rack::Session::Cookie:Class" ([#2092](https://github.com/rack/rack/pull/2092), [@onigra](https://github.com/onigra) [@dchandekstark](https://github.com/dchandekstark))
|
|
222
|
+
|
|
223
|
+
## [2.2.7] - 2023-03-13
|
|
224
|
+
|
|
225
|
+
- Correct the year number in the changelog ([#2015](https://github.com/rack/rack/pull/2015), [@kimulab](https://github.com/kimulab))
|
|
226
|
+
- Support underscore in host names for Rack 2.2 (Fixes [#2070](https://github.com/rack/rack/issues/2070)) ([#2015](https://github.com/rack/rack/pull/2071), [@jeremyevans](https://github.com/jeremyevans))
|
|
227
|
+
|
|
228
|
+
## [2.2.6.4] - 2023-03-13
|
|
229
|
+
|
|
230
|
+
- [CVE-2023-27539] Avoid ReDoS in header parsing
|
|
231
|
+
|
|
232
|
+
## [2.2.6.3] - 2023-03-02
|
|
233
|
+
|
|
234
|
+
- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
|
|
235
|
+
|
|
236
|
+
## [2.2.6.2] - 2023-01-17
|
|
237
|
+
|
|
238
|
+
- [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
|
|
239
|
+
|
|
240
|
+
## [2.2.6.1] - 2023-01-17
|
|
241
|
+
|
|
242
|
+
- [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
|
|
243
|
+
- [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
|
|
244
|
+
|
|
245
|
+
## [2.2.6] - 2023-01-17
|
|
246
|
+
|
|
247
|
+
- Extend `Rack::MethodOverride` to handle `QueryParser::ParamsTooDeepError` error. ([#2011](https://github.com/rack/rack/pull/2011), [@byroot](https://github.com/byroot))
|
|
248
|
+
|
|
249
|
+
## [2.2.5] - 2022-12-27
|
|
250
|
+
|
|
251
|
+
### Fixed
|
|
252
|
+
|
|
253
|
+
- `Rack::URLMap` uses non-deprecated form of `Regexp.new`. ([#1998](https://github.com/rack/rack/pull/1998), [@weizheheng](https://github.com/weizheheng))
|
|
254
|
+
|
|
187
255
|
## [2.2.4] - 2022-06-30
|
|
188
256
|
|
|
189
257
|
- Better support for lower case headers in `Rack::ETag` middleware. ([#1919](https://github.com/rack/rack/pull/1919), [@ioquatix](https://github.com/ioquatix))
|
data/lib/rack/sendfile.rb
CHANGED
data/lib/rack/version.rb
CHANGED
data/lib/rack.rb
CHANGED
|
@@ -15,8 +15,8 @@ require_relative 'rack/version'
|
|
|
15
15
|
require_relative 'rack/constants'
|
|
16
16
|
|
|
17
17
|
module Rack
|
|
18
|
-
autoload :Builder, "rack/builder"
|
|
19
18
|
autoload :BodyProxy, "rack/body_proxy"
|
|
19
|
+
autoload :Builder, "rack/builder"
|
|
20
20
|
autoload :Cascade, "rack/cascade"
|
|
21
21
|
autoload :Chunked, "rack/chunked"
|
|
22
22
|
autoload :CommonLogger, "rack/common_logger"
|
|
@@ -24,14 +24,13 @@ module Rack
|
|
|
24
24
|
autoload :Config, "rack/config"
|
|
25
25
|
autoload :ContentLength, "rack/content_length"
|
|
26
26
|
autoload :ContentType, "rack/content_type"
|
|
27
|
+
autoload :Deflater, "rack/deflater"
|
|
28
|
+
autoload :Directory, "rack/directory"
|
|
27
29
|
autoload :ETag, "rack/etag"
|
|
28
30
|
autoload :Events, "rack/events"
|
|
29
31
|
autoload :File, "rack/file"
|
|
30
32
|
autoload :Files, "rack/files"
|
|
31
|
-
autoload :Deflater, "rack/deflater"
|
|
32
|
-
autoload :Directory, "rack/directory"
|
|
33
33
|
autoload :ForwardRequest, "rack/recursive"
|
|
34
|
-
autoload :Handler, "rack/handler"
|
|
35
34
|
autoload :Head, "rack/head"
|
|
36
35
|
autoload :Headers, "rack/headers"
|
|
37
36
|
autoload :Lint, "rack/lint"
|
|
@@ -40,32 +39,29 @@ module Rack
|
|
|
40
39
|
autoload :MediaType, "rack/media_type"
|
|
41
40
|
autoload :MethodOverride, "rack/method_override"
|
|
42
41
|
autoload :Mime, "rack/mime"
|
|
42
|
+
autoload :MockRequest, "rack/mock_request"
|
|
43
|
+
autoload :MockResponse, "rack/mock_response"
|
|
44
|
+
autoload :Multipart, "rack/multipart"
|
|
43
45
|
autoload :NullLogger, "rack/null_logger"
|
|
44
46
|
autoload :QueryParser, "rack/query_parser"
|
|
45
47
|
autoload :Recursive, "rack/recursive"
|
|
46
48
|
autoload :Reloader, "rack/reloader"
|
|
49
|
+
autoload :Request, "rack/request"
|
|
50
|
+
autoload :Response, "rack/response"
|
|
47
51
|
autoload :RewindableInput, "rack/rewindable_input"
|
|
48
52
|
autoload :Runtime, "rack/runtime"
|
|
49
53
|
autoload :Sendfile, "rack/sendfile"
|
|
50
|
-
autoload :Server, "rack/server"
|
|
51
54
|
autoload :ShowExceptions, "rack/show_exceptions"
|
|
52
55
|
autoload :ShowStatus, "rack/show_status"
|
|
53
56
|
autoload :Static, "rack/static"
|
|
54
57
|
autoload :TempfileReaper, "rack/tempfile_reaper"
|
|
55
58
|
autoload :URLMap, "rack/urlmap"
|
|
56
59
|
autoload :Utils, "rack/utils"
|
|
57
|
-
autoload :Multipart, "rack/multipart"
|
|
58
|
-
|
|
59
|
-
autoload :MockRequest, "rack/mock_request"
|
|
60
|
-
autoload :MockResponse, "rack/mock_response"
|
|
61
|
-
|
|
62
|
-
autoload :Request, "rack/request"
|
|
63
|
-
autoload :Response, "rack/response"
|
|
64
60
|
|
|
65
61
|
module Auth
|
|
66
62
|
autoload :Basic, "rack/auth/basic"
|
|
67
|
-
autoload :AbstractRequest, "rack/auth/abstract/request"
|
|
68
|
-
autoload :AbstractHandler, "rack/auth/abstract/handler"
|
|
69
63
|
autoload :Digest, "rack/auth/digest"
|
|
64
|
+
autoload :AbstractHandler, "rack/auth/abstract/handler"
|
|
65
|
+
autoload :AbstractRequest, "rack/auth/abstract/request"
|
|
70
66
|
end
|
|
71
67
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Leah Neukirchen
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date: 2025-
|
|
10
|
+
date: 2025-03-04 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: minitest
|