All Versions
70
Latest Version
Avg Release Cycle
143 days
Latest Release
652 days ago

Changelog History
Page 4

  • v1.6.8

    May 16, 2017
  • v1.6.7

    May 15, 2017
  • v1.6.1 Changes

    May 06, 2015
    • Fix CVE-2014-9490, denial of service attack in OkJson
    • Use a monotonic time for Rack::Runtime, if available
    • RACK_MULTIPART_LIMIT changed to RACK_MULTIPART_PART_LIMIT (RACK_MULTIPART_LIMIT is deprecated and will be removed in 1.7.0)
  • v1.6.0 Changes

    January 18, 2014
    • Response#unauthorized? helper
    • Deflater now accepts an options hash to control compression on a per-request level
    • Builder#warmup method for app preloading
    • Request#accept_language method to extract HTTP_ACCEPT_LANGUAGE
    • Add quiet mode of rack server, rackup --quiet
    • Update HTTP Status Codes to RFC 7231
    • Less strict header name validation according to RFC 2616
    • SPEC updated to specify headers conform to RFC7230 specification
    • Etag correctly marks etags as weak
    • Request#port supports multiple x-http-forwarded-proto values
    • Utils#multipart_part_limit configures the maximum number of parts a request can contain
    • Default host to localhost when in development mode
    • Various bugfixes and performance improvements
  • v1.5.3 Changes

    May 06, 2015
    • Fix CVE-2014-9490, denial of service attack in OkJson
    • Backport bug fixes to 1.5 series
  • v1.5.2 Changes

    February 07, 2013
    • Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
    • Fix CVE-2013-0262, symlink path traversal in Rack::File
    • Add various methods to Session for enhanced Rails compatibility
    • Request#trusted_proxy? now only matches whole stirngs
    • Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
    • URLMap host matching in environments that don't set the Host header fixed
    • Fix a race condition that could result in overwritten pidfiles
    • Various documentation additions
  • v1.5.1 Changes

    January 28, 2013
    • Rack::Lint check_hijack now conforms to other parts of SPEC
    • Added hash-like methods to Abstract::ID::SessionHash for compatibility
    • Various documentation corrections
  • v1.5.0 Changes

    January 21, 2013
    • Introduced hijack SPEC, for before-response and after-response hijacking
    • SessionHash is no longer a Hash subclass
    • Rack::File cache_control parameter is removed, in place of headers options
    • Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
    • Rack::Utils cookie functions now format expires in RFC 2822 format
    • Rack::File now has a default mime type
    • rackup -b 'run Rack::Files.new(".")', option provides command line configs
    • Rack::Deflater will no longer double encode bodies
    • Rack::Mime#match? provides convenience for Accept header matching
    • Rack::Utils#q_values provides splitting for Accept headers
    • Rack::Utils#best_q_match provides a helper for Accept headers
    • Rack::Handler.pick provides convenience for finding available servers
    • Puma added to the list of default servers (preferred over Webrick)
    • Various middleware now correctly close body when replacing it
    • Rack::Request#params is no longer persistent with only GET params
    • Rack::Request#update_param and #delete_param provide persistent operations
    • Rack::Request#trusted_proxy? now returns true for local unix sockets
    • Rack::Response no longer forces Content-Types
    • Rack::Sendfile provides local mapping configuration options
    • Rack::Utils#rfc2109 provides old netscape style time output
    • Updated HTTP status codes
    • Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
  • v1.4.5 Changes

    February 07, 2013
    • Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
    • Fix CVE-2013-0262, symlink path traversal in Rack::File
  • v1.4.4 Changes

    January 13, 2013
    • [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
    • Fixed erroneous test case in the 1.3.x series