sinatra 4.1.0 → 4.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -1
  3. data/Gemfile +1 -0
  4. data/README.md +23 -21
  5. data/VERSION +1 -1
  6. data/lib/sinatra/base.rb +1 -1
  7. data/lib/sinatra/version.rb +1 -1
  8. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a487551e0b40831dadeffd669ae0a8fb408fc5880825f2257105beec8be727ec
4
- data.tar.gz: f7999f252d7d1c2192a3c909911ff5879075a811a8c742c89a2d700bf1db8b82
3
+ metadata.gz: 491154a9e29e4c218d9245fd73024818e7dfa6c75ba1d74220e46498841bb54e
4
+ data.tar.gz: 42259b9becde7268d9b95abc783d896c864a6c84b3e1dd6d40d7f351a350f626
5
5
  SHA512:
6
- metadata.gz: 611bf8733959bae4110a357e22be091cd3c044a5f810d133a9833993c84e2ae7a3b2c3999fd13991338c44e72ac5ab6b9b3af8bc9d4667384fd97b7715c086d2
7
- data.tar.gz: 824f4f37c5cc5fde671bdf286c63cd67672566c10fadcf80b841eddc9685f92b88a9032ee8b711a2b859a5529afc082fe11f09ac1204f8b04659501f13a03747
6
+ metadata.gz: 43a69c7f07afab191eacc80d7837d9bdbd81701a51973309395b47e9efacb010234a0a66e27503b6edc213f5f8321e426f2f8ad9f7cc7e247e908613d14081c6
7
+ data.tar.gz: f2fb4deeb5f8e44a5a6a59663080f143c2a1dac1d21a5ca8301728b265a8ba2fcf3e0815c692af0791230289d4ddaf548a317e2f4295cf24b45e5cdec47dc86e
data/CHANGELOG.md CHANGED
@@ -1,8 +1,12 @@
1
+ ## 4.1.1 / 2024-11-20
2
+
3
+ * Fix: Restore WEBrick support ([#2067](https://github.com/sinatra/sinatra/pull/2067))
4
+
1
5
  ## 4.1.0 / 2024-11-18
2
6
 
3
7
  * New: Add `host_authorization` setting ([#2053](https://github.com/sinatra/sinatra/pull/2053))
4
8
  * Defaults to `.localhost`, `.test` and any IP address in development mode.
5
- * Security: addresses [CVE-2018-11627](https://github.com/advisories/GHSA-hxx2-7vcw-mqr3).
9
+ * Security: addresses [CVE-2024-21510](https://github.com/advisories/GHSA-hxx2-7vcw-mqr3).
6
10
  * Fix: Return an instance of `Sinatra::IndifferentHash` when calling `#except` ([#2044](https://github.com/sinatra/sinatra/pull/2044))
7
11
  * Fix: Address warning from `URI` for Ruby 3.4 ([#2060](https://github.com/sinatra/sinatra/pull/2060))
8
12
  * Fix: `rackup` no longer depends on WEBrick, recommend Puma instead ([`4a558503`](https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6))
data/Gemfile CHANGED
@@ -55,6 +55,7 @@ gem 'redcarpet', platforms: [:ruby]
55
55
  gem 'simplecov', require: false
56
56
  gem 'slim', '~> 5'
57
57
  gem 'yajl-ruby', platforms: [:ruby]
58
+ gem 'webrick'
58
59
 
59
60
  # sass-embedded depends on google-protobuf
60
61
  # which fails to be installed on JRuby and TruffleRuby under aarch64
data/README.md CHANGED
@@ -1994,27 +1994,29 @@ set :protection, :session => true
1994
1994
 
1995
1995
  <dt>host_authorization</dt>
1996
1996
  <dd>
1997
- You can pass a hash of options to <tt>host_authorization</tt>,
1998
- to be used by the <tt>Rack::Protection::HostAuthorization</tt> middleware.
1999
- <dd>
2000
- <dd>
2001
- The middleware can block requests with unrecognized hostnames, to prevent DNS rebinding
2002
- and other host header attacks. It checks the <tt>Host</tt>, <tt>X-Forwarded-Host</tt>
2003
- and <tt>Forwarded</tt> headers.
2004
- </dd>
2005
- <dd>
2006
- Useful options are:
2007
- <ul>
2008
- <li><tt>permitted_hosts</tt> – an array of hostnames (and <tt>IPAddr</tt> objects) your app recognizes
2009
- <ul>
2010
- <li>in the <tt>development</tt> environment, it is set to <tt>.localhost</tt>, <tt>.test</tt> and any IPv4/IPv6 address</li>
2011
- <li>if empty, any hostname is permitted (the default for any other environment)</li>
2012
- </ul>
2013
- </li>
2014
- <li><tt>status</tt> – the HTTP status code used in the response when a request is blocked (defaults to <tt>403</tt>)</li>
2015
- <li><tt>message</tt> – the body used in the response when a request is blocked (defaults to <tt>Host not permitted</tt>)</li>
2016
- <li><tt>allow_if</tt> – supply a <tt>Proc</tt> to use custom allow/deny logic, the proc is passed the request environment</li>
2017
- </ul>
1997
+ <p>
1998
+ You can pass a hash of options to <tt>host_authorization</tt>,
1999
+ to be used by the <tt>Rack::Protection::HostAuthorization</tt> middleware.
2000
+ </p>
2001
+ <p>
2002
+ The middleware can block requests with unrecognized hostnames, to prevent DNS rebinding
2003
+ and other host header attacks. It checks the <tt>Host</tt>, <tt>X-Forwarded-Host</tt>
2004
+ and <tt>Forwarded</tt> headers.
2005
+ </p>
2006
+ <p>
2007
+ Useful options are:
2008
+ <ul>
2009
+ <li><tt>permitted_hosts</tt> – an array of hostnames (and <tt>IPAddr</tt> objects) your app recognizes
2010
+ <ul>
2011
+ <li>in the <tt>development</tt> environment, it is set to <tt>.localhost</tt>, <tt>.test</tt> and any IPv4/IPv6 address</li>
2012
+ <li>if empty, any hostname is permitted (the default for any other environment)</li>
2013
+ </ul>
2014
+ </li>
2015
+ <li><tt>status</tt> – the HTTP status code used in the response when a request is blocked (defaults to <tt>403</tt>)</li>
2016
+ <li><tt>message</tt> – the body used in the response when a request is blocked (defaults to <tt>Host not permitted</tt>)</li>
2017
+ <li><tt>allow_if</tt> – supply a <tt>Proc</tt> to use custom allow/deny logic, the proc is passed the request environment</li>
2018
+ </ul>
2019
+ </p>
2018
2020
  </dd>
2019
2021
 
2020
2022
  <dt>logging</dt>
data/VERSION CHANGED
@@ -1 +1 @@
1
- 4.1.0
1
+ 4.1.1
data/lib/sinatra/base.rb CHANGED
@@ -1969,7 +1969,7 @@ module Sinatra
1969
1969
  set :running_server, nil
1970
1970
  set :handler_name, nil
1971
1971
  set :traps, true
1972
- set :server, %w[]
1972
+ set :server, %w[webrick]
1973
1973
  set :bind, proc { development? ? 'localhost' : '0.0.0.0' }
1974
1974
  set :port, Integer(ENV['PORT'] && !ENV['PORT'].empty? ? ENV['PORT'] : 4567)
1975
1975
  set :quiet, false
data/lib/sinatra/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Sinatra
4
- VERSION = '4.1.0'
4
+ VERSION = '4.1.1'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sinatra
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.1.0
4
+ version: 4.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Blake Mizerany
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2024-11-18 00:00:00.000000000 Z
14
+ date: 2024-11-20 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: logger
@@ -67,14 +67,14 @@ dependencies:
67
67
  requirements:
68
68
  - - '='
69
69
  - !ruby/object:Gem::Version
70
- version: 4.1.0
70
+ version: 4.1.1
71
71
  type: :runtime
72
72
  prerelease: false
73
73
  version_requirements: !ruby/object:Gem::Requirement
74
74
  requirements:
75
75
  - - '='
76
76
  - !ruby/object:Gem::Version
77
- version: 4.1.0
77
+ version: 4.1.1
78
78
  - !ruby/object:Gem::Dependency
79
79
  name: rack-session
80
80
  requirement: !ruby/object:Gem::Requirement