sinatra 4.1.0 → 4.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -1
- data/Gemfile +1 -0
- data/README.md +23 -21
- data/VERSION +1 -1
- data/lib/sinatra/base.rb +1 -1
- data/lib/sinatra/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 491154a9e29e4c218d9245fd73024818e7dfa6c75ba1d74220e46498841bb54e
|
|
4
|
+
data.tar.gz: 42259b9becde7268d9b95abc783d896c864a6c84b3e1dd6d40d7f351a350f626
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 43a69c7f07afab191eacc80d7837d9bdbd81701a51973309395b47e9efacb010234a0a66e27503b6edc213f5f8321e426f2f8ad9f7cc7e247e908613d14081c6
|
|
7
|
+
data.tar.gz: f2fb4deeb5f8e44a5a6a59663080f143c2a1dac1d21a5ca8301728b265a8ba2fcf3e0815c692af0791230289d4ddaf548a317e2f4295cf24b45e5cdec47dc86e
|
data/CHANGELOG.md
CHANGED
|
@@ -1,8 +1,12 @@
|
|
|
1
|
+
## 4.1.1 / 2024-11-20
|
|
2
|
+
|
|
3
|
+
* Fix: Restore WEBrick support ([#2067](https://github.com/sinatra/sinatra/pull/2067))
|
|
4
|
+
|
|
1
5
|
## 4.1.0 / 2024-11-18
|
|
2
6
|
|
|
3
7
|
* New: Add `host_authorization` setting ([#2053](https://github.com/sinatra/sinatra/pull/2053))
|
|
4
8
|
* Defaults to `.localhost`, `.test` and any IP address in development mode.
|
|
5
|
-
* Security: addresses [CVE-
|
|
9
|
+
* Security: addresses [CVE-2024-21510](https://github.com/advisories/GHSA-hxx2-7vcw-mqr3).
|
|
6
10
|
* Fix: Return an instance of `Sinatra::IndifferentHash` when calling `#except` ([#2044](https://github.com/sinatra/sinatra/pull/2044))
|
|
7
11
|
* Fix: Address warning from `URI` for Ruby 3.4 ([#2060](https://github.com/sinatra/sinatra/pull/2060))
|
|
8
12
|
* Fix: `rackup` no longer depends on WEBrick, recommend Puma instead ([`4a558503`](https://github.com/sinatra/sinatra/commit/4a558503a0ee41f26d4ebc07b478340e8a8a5ed6))
|
data/Gemfile
CHANGED
|
@@ -55,6 +55,7 @@ gem 'redcarpet', platforms: [:ruby]
|
|
|
55
55
|
gem 'simplecov', require: false
|
|
56
56
|
gem 'slim', '~> 5'
|
|
57
57
|
gem 'yajl-ruby', platforms: [:ruby]
|
|
58
|
+
gem 'webrick'
|
|
58
59
|
|
|
59
60
|
# sass-embedded depends on google-protobuf
|
|
60
61
|
# which fails to be installed on JRuby and TruffleRuby under aarch64
|
data/README.md
CHANGED
|
@@ -1994,27 +1994,29 @@ set :protection, :session => true
|
|
|
1994
1994
|
|
|
1995
1995
|
<dt>host_authorization</dt>
|
|
1996
1996
|
<dd>
|
|
1997
|
-
|
|
1998
|
-
|
|
1999
|
-
|
|
2000
|
-
|
|
2001
|
-
|
|
2002
|
-
|
|
2003
|
-
|
|
2004
|
-
|
|
2005
|
-
|
|
2006
|
-
|
|
2007
|
-
|
|
2008
|
-
<
|
|
2009
|
-
<
|
|
2010
|
-
<
|
|
2011
|
-
|
|
2012
|
-
|
|
2013
|
-
|
|
2014
|
-
|
|
2015
|
-
|
|
2016
|
-
|
|
2017
|
-
|
|
1997
|
+
<p>
|
|
1998
|
+
You can pass a hash of options to <tt>host_authorization</tt>,
|
|
1999
|
+
to be used by the <tt>Rack::Protection::HostAuthorization</tt> middleware.
|
|
2000
|
+
</p>
|
|
2001
|
+
<p>
|
|
2002
|
+
The middleware can block requests with unrecognized hostnames, to prevent DNS rebinding
|
|
2003
|
+
and other host header attacks. It checks the <tt>Host</tt>, <tt>X-Forwarded-Host</tt>
|
|
2004
|
+
and <tt>Forwarded</tt> headers.
|
|
2005
|
+
</p>
|
|
2006
|
+
<p>
|
|
2007
|
+
Useful options are:
|
|
2008
|
+
<ul>
|
|
2009
|
+
<li><tt>permitted_hosts</tt> – an array of hostnames (and <tt>IPAddr</tt> objects) your app recognizes
|
|
2010
|
+
<ul>
|
|
2011
|
+
<li>in the <tt>development</tt> environment, it is set to <tt>.localhost</tt>, <tt>.test</tt> and any IPv4/IPv6 address</li>
|
|
2012
|
+
<li>if empty, any hostname is permitted (the default for any other environment)</li>
|
|
2013
|
+
</ul>
|
|
2014
|
+
</li>
|
|
2015
|
+
<li><tt>status</tt> – the HTTP status code used in the response when a request is blocked (defaults to <tt>403</tt>)</li>
|
|
2016
|
+
<li><tt>message</tt> – the body used in the response when a request is blocked (defaults to <tt>Host not permitted</tt>)</li>
|
|
2017
|
+
<li><tt>allow_if</tt> – supply a <tt>Proc</tt> to use custom allow/deny logic, the proc is passed the request environment</li>
|
|
2018
|
+
</ul>
|
|
2019
|
+
</p>
|
|
2018
2020
|
</dd>
|
|
2019
2021
|
|
|
2020
2022
|
<dt>logging</dt>
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
4.1.
|
|
1
|
+
4.1.1
|
data/lib/sinatra/base.rb
CHANGED
|
@@ -1969,7 +1969,7 @@ module Sinatra
|
|
|
1969
1969
|
set :running_server, nil
|
|
1970
1970
|
set :handler_name, nil
|
|
1971
1971
|
set :traps, true
|
|
1972
|
-
set :server, %w[]
|
|
1972
|
+
set :server, %w[webrick]
|
|
1973
1973
|
set :bind, proc { development? ? 'localhost' : '0.0.0.0' }
|
|
1974
1974
|
set :port, Integer(ENV['PORT'] && !ENV['PORT'].empty? ? ENV['PORT'] : 4567)
|
|
1975
1975
|
set :quiet, false
|
data/lib/sinatra/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sinatra
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.1.
|
|
4
|
+
version: 4.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Blake Mizerany
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2024-11-
|
|
14
|
+
date: 2024-11-20 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: logger
|
|
@@ -67,14 +67,14 @@ dependencies:
|
|
|
67
67
|
requirements:
|
|
68
68
|
- - '='
|
|
69
69
|
- !ruby/object:Gem::Version
|
|
70
|
-
version: 4.1.
|
|
70
|
+
version: 4.1.1
|
|
71
71
|
type: :runtime
|
|
72
72
|
prerelease: false
|
|
73
73
|
version_requirements: !ruby/object:Gem::Requirement
|
|
74
74
|
requirements:
|
|
75
75
|
- - '='
|
|
76
76
|
- !ruby/object:Gem::Version
|
|
77
|
-
version: 4.1.
|
|
77
|
+
version: 4.1.1
|
|
78
78
|
- !ruby/object:Gem::Dependency
|
|
79
79
|
name: rack-session
|
|
80
80
|
requirement: !ruby/object:Gem::Requirement
|