rack 3.1.15 → 3.1.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 896b72d03d6dc508b253d4c42cef77142a3e8c762ed714db76716aaab4559c85
-  data.tar.gz: 2f4389afc58270dc839771c211af18f17855239f4d915b99a869006053e70bbe
+  metadata.gz: 9cfb0a3abaaa98c515919466c018ed20c30b3f4d025d0ec68cfc61614735270f
+  data.tar.gz: 4fd015b49d2c70a01d6518ea38b593d14b6d93de09132c3142390ab5fd719ff2
 SHA512:
-  metadata.gz: 2e71e0d00426e7d32763fd1ba73e61a755983a318e3ea87e2afcde76c420d6d17303fc56ad3dd021213b3069caad0b407246814e74333d698fc107a90f2acf95
-  data.tar.gz: 305486495349ad80067568bea8564095699e9730d8f60f0a12186eb3723f0032bba166e9748ab57d8f2f6bcd452158c5ba99070c3ca7a346c32f50f495687440
+  metadata.gz: db64e3a6431f22b41af6ec7a31d38465d4db45612843f402692893665d88c904d4058469137372b208dbc6d79d7dcde12460e4fb7707681d81de8d3a6dc8e45f
+  data.tar.gz: 695b14f7308dfb1a6be5304fb9bcf460ee855e296308ad114d8b9f12b9dcb420a17d4af3883f3a47f3fc66df2e28793fe4871965dec51b557840d136de14c22c

data/CHANGELOG.md

@@ -143,11 +143,14 @@ Rack v3.1 is primarily a maintenance release that removes features deprecated in
 
 - In `Rack::Files`, ignore the `Range` header if served file is 0 bytes. ([#2159](https://github.com/rack/rack/pull/2159), [@zarqman])
 
+## [3.0.18] - 2025-05-22
+
+- Fix incorrect backport of optional `CGI::Cookie` support. ([#2335](https://github.com/rack/rack/pull/2335), [@jeremyevans])
+
 ## [3.0.17] - 2025-05-18
 
 - Optional support for `CGI::Cookie` if not available. ([#2327](https://github.com/rack/rack/pull/2327), [#2333](https://github.com/rack/rack/pull/2333), [@earlopain])
 
-
 ## [3.0.16] - 2025-05-06
 
 ### Security
@@ -170,6 +173,10 @@ Rack v3.1 is primarily a maintenance release that removes features deprecated in
 
 - [CVE-2025-27111](https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v) Possible Log Injection in `Rack::Sendfile`.
 
+### Fixed
+
+- Remove autoloads for constants no longer shipped with Rack. ([#2269](https://github.com/rack/rack/pull/2269), [@ccutrer](https://github.com/ccutrer))
+
 ## [3.0.12] - 2025-02-12
 
 ### Security
@@ -304,7 +311,7 @@ Rack v3.1 is primarily a maintenance release that removes features deprecated in
 - Remove deprecated Rack::Request::SCHEME_WHITELIST. ([@jeremyevans])
 - Remove internal cookie deletion using pattern matching, there are very few practical cases where it would be useful and browsers handle it correctly without us doing anything special. ([#1844](https://github.com/rack/rack/pull/1844), [@ioquatix])
 - Remove `rack.version` as it comes too late to be useful. ([#1938](https://github.com/rack/rack/pull/1938), [@ioquatix])
-- Extract `rackup` command, `Rack::Server`, `Rack::Handler`, `Rack::Lobster` and related code into a separate gem. ([#1937](https://github.com/rack/rack/pull/1937), [@ioquatix])
+- Extract `rackup` command, `Rack::Server`, `Rack::Handler` and related code into a separate gem. ([#1937](https://github.com/rack/rack/pull/1937), [@ioquatix])
 
 ### Added
 
@@ -352,6 +359,10 @@ Rack v3.1 is primarily a maintenance release that removes features deprecated in
 - Fix multipart filename generation for filenames that contain spaces. Encode spaces as "%20" instead of "+" which will be decoded properly by the multipart parser. ([#1736](https://github.com/rack/rack/pull/1645), [@muirdm](https://github.com/muirdm))
 - `Rack::Request#scheme` returns `ws` or `wss` when one of the `X-Forwarded-Scheme` / `X-Forwarded-Proto` headers is set to `ws` or `wss`, respectively. ([#1730](https://github.com/rack/rack/issues/1730), [@erwanst](https://github.com/erwanst))
 
+## [2.2.16] - 2025-05-22
+
+- Fix incorrect backport of optional `CGI::Cookie` support. ([#2335](https://github.com/rack/rack/pull/2335), [@jeremyevans])
+
 ## [2.2.15] - 2025-05-18
 
 - Optional support for `CGI::Cookie` if not available. ([#2327](https://github.com/rack/rack/pull/2327), [#2333](https://github.com/rack/rack/pull/2333), [@earlopain])

data/lib/rack/multipart/parser.rb

@@ -31,10 +31,12 @@ module Rack
     Error = BoundaryTooLongError
 
     EOL = "\r\n"
+    FWS = /[ \t]+(?:\r\n[ \t]+)?/ # whitespace with optional folding
+    HEADER_VALUE = "(?:[^\r\n]|\r\n[ \t])*" # anything but a non-folding CRLF
     MULTIPART = %r|\Amultipart/.*boundary=\"?([^\";,]+)\"?|ni
-    MULTIPART_CONTENT_TYPE = /Content-Type: (.*)#{EOL}/ni
-    MULTIPART_CONTENT_DISPOSITION = /Content-Disposition:(.*)(?=#{EOL}(\S|\z))/ni
-    MULTIPART_CONTENT_ID = /Content-ID:\s*([^#{EOL}]*)/ni
+    MULTIPART_CONTENT_TYPE = /^Content-Type:#{FWS}?(#{HEADER_VALUE})/ni
+    MULTIPART_CONTENT_DISPOSITION = /^Content-Disposition:#{FWS}?(#{HEADER_VALUE})/ni
+    MULTIPART_CONTENT_ID = /^Content-ID:#{FWS}?(#{HEADER_VALUE})/ni
 
     class Parser
       BUFSIZE = 1_048_576

data/lib/rack/version.rb

@@ -12,7 +12,7 @@
 # so it should be enough just to <tt>require 'rack'</tt> in your code.
 
 module Rack
-  RELEASE = "3.1.15"
+  RELEASE = "3.1.16"
 
   # Return the Rack release as a dotted string.
   def self.release

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rack
 version: !ruby/object:Gem::Version
-  version: 3.1.15
+  version: 3.1.16
 platform: ruby
 authors:
 - Leah Neukirchen
 bindir: bin
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2025-06-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -75,9 +75,9 @@ email: leah@vuxu.org
 executables: []
 extensions: []
 extra_rdoc_files:
+- README.md
 - CHANGELOG.md
 - CONTRIBUTING.md
-- README.md
 files:
 - CHANGELOG.md
 - CONTRIBUTING.md
@@ -156,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.2
 specification_version: 4
 summary: A modular Ruby webserver interface.
 test_files: []