| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: ruby3.3-rubygem-rack | Distribution: openSUSE Tumbleweed |
| Version: 3.0.9.1 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Feb 27 23:09:57 2024 |
| Group: Development/Languages/Ruby | Build host: i01-armsrv3 |
| Size: 472305 | Source RPM: rubygem-rack-3.0.9.1-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://github.com/rack/rack | |
| Summary: A modular Ruby webserver interface | |
Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
MIT
* Tue Feb 27 2024 pgajdos@suse.com
- version update to 3.0.9.1
* Fixed ReDoS in Accept header parsing [CVE-2024-26146][bsc#1220248]
* Fixed ReDoS in Content Type header parsing [CVE-2024-25126][bsc#1220239]
* Reject Range headers which are too large [CVE-2024-26141][bsc#1220242]
* Fix content-length calcuation in Rack:Response#write #2150
* Tue Nov 14 2023 Dan Čermák <dan.cermak@posteo.net>
- 3.0.8:
[#]# What's Changed
* Backport "Fix some unused variable verbose warnings" by @skipkayhil in https://github.com/rack/rack/pull/2084
[#]# New Contributors
* @skipkayhil made their first contribution in https://github.com/rack/rack/pull/2084
* *Full Changelog**: https://github.com/rack/rack/compare/v3.0.7...v3.0.8
* Mon Mar 20 2023 pgajdos@suse.com
- version update to 3.0.7
[3.0.7] - 2023-03-16
Make query parameters without = have nil values. (#2059, @jeremyevans)
[3.0.6.1] - 2023-03-13
[CVE-2023-27539] Avoid ReDoS in header parsing [bsc#1209503]
[3.0.6] - 2023-03-13
Add QueryParser#missing_value for handling missing values + tests. (#2052, @ioquatix)
[3.0.5] - 2023-03-13
Split form/query parsing into two steps. (#2038, @matthewd)
* Thu Mar 09 2023 pgajdos@suse.com
- version update to 3.0.4.2
* rack.input is now optional, and if missing, will raise an error.
Use this to fail on multipart parsing a request without an input body.
(#2018, @ioquatix)
* Introduce module Rack::BadRequest which is included in multipart and
query parser errors. (#2019, @ioquatix)
* MIME type for JavaScript files (.js) changed from application/javascript
to text/javascript (1bd0f15)
* fixes CVE-2023-27530 [bsc#1209095]
* Fri Jan 20 2023 Hendrik Vogelsang <hvogel@suse.com>
updated to version 3.0.4.1
[CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
[CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
[CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
For more detailed information see the installed CHANGELOG.md
* Wed Dec 07 2022 Stephan Kulow <coolo@suse.com>
updated to version 3.0.2
see installed CHANGELOG.md
[#]# [3.0.2] -2022-12-05
[#]## Fixed
- `Utils.build_nested_query` URL-encodes nested field names including the square brackets.
- Allow `Rack::Response` to pass through streaming bodies. ([#1993](https://github.com/rack/rack/pull/1993), [@ioquatix])
[#]# [3.0.1] - 2022-11-18
[#]## Fixed
- `MethodOverride` does not look for an override if a request does not include form/parseable data.
- `Rack::Lint::Wrapper` correctly handles `respond_to?` with `to_ary`, `each`, `call` and `to_path`, forwarding to the body. ([#1981](https://github.com/rack/rack/pull/1981), [@ioquatix])
* Mon Oct 10 2022 Stephan Kulow <coolo@suse.com>
updated to version 3.0.0
see installed CHANGELOG.md
[#]# [3.0.0] - 2022-09-06
- No changes
[#]# [3.0.0.rc1] - 2022-09-04
[#]## SPEC Changes
- Stream argument must implement `<<` https://github.com/rack/rack/pull/1959
- `close` may be called on `rack.input` https://github.com/rack/rack/pull/1956
- `rack.response_finished` may be used for executing code after the response has been finished https://github.com/rack/rack/pull/1952
[#]# [3.0.0.beta1] - 2022-08-08
[#]## Security
- Do not use semicolon as GET parameter separator. ([#1733](https://github.com/rack/rack/pull/1733), [@jeremyevans])
[#]## SPEC Changes
- Response array must now be non-frozen.
- Response `status` must now be an integer greater than or equal to 100.
- Response `headers` must now be an unfrozen hash.
- Response header keys can no longer include uppercase characters.
- Response header values can be an `Array` to handle multiple values (and no longer supports `\n` encoded headers).
- Response body can now respond to `#call` (streaming body) instead of `#each` (enumerable body), for the equivalent of response hijacking in previous versions.
- Middleware must no longer call `#each` on the body, but they can call `#to_ary` on the body if it responds to `#to_ary`.
- `rack.input` is no longer required to be rewindable.
- `rack.multithread`/`rack.multiprocess`/`rack.run_once`/`rack.version` are no longer required environment keys.
- `SERVER_PROTOCOL` is now a required environment key, matching the HTTP protocol used in the request.
- `rack.hijack?` (partial hijack) and `rack.hijack` (full hijack) are now independently optional.
- `rack.hijack_io` has been removed completely.
- `rack.response_finished` is an optional environment key which contains an array of callable objects that must accept `#call(env, status, headers, error)` and are invoked after the response is finished (either successfully or unsucessfully).
- It is okay to call `#close` on `rack.input` to indicate that you no longer need or care about the input.
- The stream argument supplied to the streaming body and hijack must support `#<<` for writing output.
[#]## Removed
- Remove `rack.multithread`/`rack.multiprocess`/`rack.run_once`. These variables generally come too late to be useful. ([#1720](https://github.com/rack/rack/pull/1720), [@ioquatix], [@jeremyevans]))
- Remove deprecated Rack::Request::SCHEME_WHITELIST. ([@jeremyevans])
- Remove internal cookie deletion using pattern matching, there are very few practical cases where it would be useful and browsers handle it correctly without us doing anything special. ([#1844](https://github.com/rack/rack/pull/1844), [@ioquatix])
- Remove `rack.version` as it comes too late to be useful. ([#1938](https://github.com/rack/rack/pull/1938), [@ioquatix])
- Extract `rackup` command, `Rack::Server`, `Rack::Handler` and related code into a separate gem. ([#1937](https://github.com/rack/rack/pull/1937), [@ioquatix])
[#]## Added
- `Rack::Headers` added to support lower-case header keys. ([@jeremyevans])
- `Rack::Utils#set_cookie_header` now supports `escape_key: false` to avoid key escaping. ([@jeremyevans])
- `Rack::RewindableInput` supports size. ([@ahorek](https://github.com/ahorek))
- `Rack::RewindableInput::Middleware` added for making `rack.input` rewindable. ([@jeremyevans])
- The RFC 7239 Forwarded header is now supported and considered by default when looking for information on forwarding, falling back to the X-Forwarded-* headers. `Rack::Request.forwarded_priority` accessor has been added for configuring the priority of which header to check. ([#1423](https://github.com/rack/rack/issues/1423), [@jeremyevans])
- Allow response headers to contain array of values. ([#1598](https://github.com/rack/rack/issues/1598), [@ioquatix])
- Support callable body for explicit streaming support and clarify streaming response body behaviour. ([#1745](https://github.com/rack/rack/pull/1745), [@ioquatix], [#1748](https://github.com/rack/rack/pull/1748), [@wjordan])
- Allow `Rack::Builder#run` to take a block instead of an argument. ([#1942](https://github.com/rack/rack/pull/1942), [@ioquatix])
- Add `rack.response_finished` to `Rack::Lint`. ([#1802](https://github.com/rack/rack/pull/1802), [@BlakeWilliams], [#1952](https://github.com/rack/rack/pull/1952), [@ioquatix])
- The stream argument must implement `#<<`. ([#1959](https://github.com/rack/rack/pull/1959), [@ioquatix])
[#]## Changed
- BREAKING CHANGE: Require `status` to be an Integer. ([#1662](https://github.com/rack/rack/pull/1662), [@olleolleolle](https://github.com/olleolleolle))
- BREAKING CHANGE: Query parsing now treats parameters without `=` as having the empty string value instead of nil value, to conform to the URL spec. ([#1696](https://github.com/rack/rack/issues/1696), [@jeremyevans])
- Relax validations around `Rack::Request#host` and `Rack::Request#hostname`. ([#1606](https://github.com/rack/rack/issues/1606), [@pvande](https://github.com/pvande))
- Removed antiquated handlers: FCGI, LSWS, SCGI, Thin. ([#1658](https://github.com/rack/rack/pull/1658), [@ioquatix])
- Removed options from `Rack::Builder.parse_file` and `Rack::Builder.load_file`. ([#1663](https://github.com/rack/rack/pull/1663), [@ioquatix])
- `Rack::HTTP_VERSION` has been removed and the `HTTP_VERSION` env setting is no longer set in the CGI and Webrick handlers. ([#970](https://github.com/rack/rack/issues/970), [@jeremyevans])
- `Rack::Request#[]` and `#[]=` now warn even in non-verbose mode. ([#1277](https://github.com/rack/rack/issues/1277), [@jeremyevans])
- Decrease default allowed parameter recursion level from 100 to 32. ([#1640](https://github.com/rack/rack/issues/1640), [@jeremyevans])
- Attempting to parse a multipart response with an empty body now raises Rack::Multipart::EmptyContentError. ([#1603](https://github.com/rack/rack/issues/1603), [@jeremyevans])
- `Rack::Utils.secure_compare` uses OpenSSL's faster implementation if available. ([#1711](https://github.com/rack/rack/pull/1711), [@bdewater](https://github.com/bdewater))
- `Rack::Request#POST` now caches an empty hash if input content type is not parseable. ([#749](https://github.com/rack/rack/pull/749), [@jeremyevans])
- BREAKING CHANGE: Updated `trusted_proxy?` to match full 127.0.0.0/8 network. ([#1781](https://github.com/rack/rack/pull/1781), [@snbloch](https://github.com/snbloch))
- Explicitly deprecate `Rack::File` which was an alias for `Rack::Files`. ([#1811](https://github.com/rack/rack/pull/1720), [@ioquatix]).
- Moved `Rack::Session` into [separate gem](https://github.com/rack/rack-session). ([#1805](https://github.com/rack/rack/pull/1805), [@ioquatix])
- `rackup -D` option to daemonizes no longer changes the working directory to the root. ([#1813](https://github.com/rack/rack/pull/1813), [@jeremyevans])
- The `x-forwarded-proto` header is now considered before the `x-forwarded-scheme` header for determining the forwarded protocol. `Rack::Request.x_forwarded_proto_priority` accessor has been added for configuring the priority of which header to check. ([#1809](https://github.com/rack/rack/issues/1809), [@jeremyevans])
- `Rack::Request.forwarded_authority` (and methods that call it, such as `host`) now returns the last authority in the forwarded header, instead of the first, as earlier forwarded authorities can be forged by clients. This restores the Rack 2.1 behavior. ([#1829](https://github.com/rack/rack/issues/1809), [@jeremyevans])
- Use lower case cookie attributes when creating cookies, and fold cookie attributes to lower case when reading cookies (specifically impacting `secure` and `httponly` attributes). ([#1849](https://github.com/rack/rack/pull/1849), [@ioquatix])
- The response array must now be mutable (non-frozen) so middleware can modify it without allocating a new Array,therefore reducing object allocations. ([#1887](https://github.com/rack/rack/pull/1887), [#1927](https://github.com/rack/rack/pull/1927), [@amatsuda], [@ioquatix])
- `rack.hijack?` (partial hijack) and `rack.hijack` (full hijack) are now independently optional. `rack.hijack_io` is no longer required/specified. ([#1939](https://github.com/rack/rack/pull/1939), [@ioquatix])
- Allow calling close on `rack.input`. ([#1956](https://github.com/rack/rack/pull/1956), [@ioquatix])
[#]## Fixed
- Make Rack::MockResponse handle non-hash headers. ([#1629](https://github.com/rack/rack/issues/1629), [@jeremyevans])
- TempfileReaper now deletes temp files if application raises an exception. ([#1679](https://github.com/rack/rack/issues/1679), [@jeremyevans])
- Handle cookies with values that end in '=' ([#1645](https://github.com/rack/rack/pull/1645), [@lukaso](https://github.com/lukaso))
- Make `Rack::NullLogger` respond to `#fatal!` [@jeremyevans])
- Fix multipart filename generation for filenames that contain spaces. Encode spaces as "%20" instead of "+" which will be decoded properly by the multipart parser. ([#1736](https://github.com/rack/rack/pull/1645), [@muirdm](https://github.com/muirdm))
- `Rack::Request#scheme` returns `ws` or `wss` when one of the `X-Forwarded-Scheme` / `X-Forwarded-Proto` headers is set to `ws` or `wss`, respectively. ([#1730](https://github.com/rack/rack/issues/1730), [@erwanst](https://github.com/erwanst))
* Fri Jul 08 2022 Manuel Schnitzer <mschnitzer@suse.com>
- updated to version 2.2.4
* Better support for lower case headers in `Rack::ETag` middleware. ([#1919](https://github.com/rack/rack/pull/1919), [@ioquatix](https://github.com/ioquatix))
* Use custom exception on params too deep error. ([#1838](https://github.com/rack/rack/pull/1838), [@simi](https://github.com/simi))
* Mon May 30 2022 Hendrik Vogelsang <hvogel@suse.com>
- updated to version 2.2.3.1
[CVE-2022-30123] Fix shell escaping issue in Common Logger
[CVE-2022-30122] Restrict parsing of broken MIME attachments
* Thu Jun 18 2020 Eduardo Navarro <enavarro@suse.com>
- updated to version 2.2.3
see installed CHANGELOG.md
[#]# [2.2.3] - 2020-06-15
[CVE-2020-8184] Only decode cookie values
/usr/lib/ruby/gems/3.3.0/build_info /usr/lib/ruby/gems/3.3.0/cache/rack-3.0.9.1.gem /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1 /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/CHANGELOG.md /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/CONTRIBUTING.md /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/MIT-LICENSE /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/README.md /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/SPEC.rdoc /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/abstract /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/abstract/handler.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/abstract/request.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/basic.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/digest /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/digest.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/digest/md5.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/digest/nonce.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/digest/params.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/auth/digest/request.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/body_proxy.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/builder.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/cascade.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/chunked.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/common_logger.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/conditional_get.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/config.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/constants.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/content_length.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/content_type.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/deflater.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/directory.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/etag.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/events.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/file.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/files.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/head.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/headers.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/lint.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/lock.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/logger.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/media_type.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/method_override.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/mime.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/mock.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/mock_request.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/mock_response.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/multipart /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/multipart.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/multipart/generator.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/multipart/parser.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/multipart/uploaded_file.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/null_logger.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/query_parser.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/recursive.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/reloader.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/request.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/response.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/rewindable_input.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/runtime.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/sendfile.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/show_exceptions.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/show_status.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/static.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/tempfile_reaper.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/urlmap.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/utils.rb /usr/lib/ruby/gems/3.3.0/gems/rack-3.0.9.1/lib/rack/version.rb /usr/lib/ruby/gems/3.3.0/specifications/rack-3.0.9.1.gemspec /usr/share/doc/packages/ruby3.3-rubygem-rack /usr/share/doc/packages/ruby3.3-rubygem-rack/CHANGELOG.md /usr/share/doc/packages/ruby3.3-rubygem-rack/MIT-LICENSE /usr/share/doc/packages/ruby3.3-rubygem-rack/README.md
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Apr 27 00:31:59 2024