All Versions
65
Latest Version
Avg Release Cycle
136 days
Latest Release
488 days ago

Changelog History
Page 1

  • v2.2.3 Changes

    June 15, 2020

    πŸ”’ Security

    • [CVE-2020-8184] Do not allow percent-encoded cookie name to override existing cookie names. BREAKING CHANGE: Accessing cookie names that require URL encoding with decoded name no longer works. (@fletchto99)
  • v2.2.2 Changes

    February 11, 2020

    πŸ›  Fixed

    • πŸ›  Fix incorrect Rack::Request#host value. (#1591, @ioquatix)
    • βͺ Revert Rack::Handler::Thin implementation. (#1583, @jeremyevans)
    • ⚠ Double assignment is still needed to prevent an "unused variable" warning. (#1589, @kamipo)
    • πŸ›  Fix to handle same_site option for session pool. (#1587, @kamipo)
  • v2.2.1 Changes

    February 09, 2020

    πŸ›  Fixed

    • Rework Rack::Request#ip to handle empty forwarded_for. (#1577, @ioquatix)
  • v2.2.0 Changes

    February 08, 2020

    SPEC Changes

    • rack.session request environment entry must respond to to_hash and return unfrozen Hash. (@jeremyevans)
    • Request environment cannot be frozen. (@jeremyevans)
    • CGI values in the request environment with non-ASCII characters must use ASCII-8BIT encoding. (@jeremyevans)
    • Improve SPEC/lint relating to SERVER_NAME, SERVER_PORT and HTTP_HOST. (#1561, @ioquatix)

    βž• Added

    • πŸ‘ rackup supports multiple -r options and will require all arguments. (@jeremyevans)
    • πŸ‘ Server supports an array of paths to require for the :require option. (@khotta)
    • πŸ‘ Files supports multipart range requests. (@fatkodima)
    • πŸ‘ Multipart::UploadedFile supports an IO-like object instead of using the filesystem, using :filename and :io options. (@jeremyevans)
    • πŸ‘ Multipart::UploadedFile supports keyword arguments :path, :content_type, and :binary in addition to positional arguments. (@jeremyevans)
    • πŸ‘ Static supports a :cascade option for calling the app if there is no matching file. (@jeremyevans)
    • Session::Abstract::SessionHash#dig. (@jeremyevans)
    • 🀑 Response.[] and MockResponse.[] for creating instances using status, headers, and body. (@ioquatix)
    • Convenient cache and content type methods for Rack::Response. (#1555, @ioquatix)

    πŸ”„ Changed

    • Request#params no longer rescues EOFError. (@jeremyevans)
    • Directory uses a streaming approach, significantly improving time to first byte for large directories. (@jeremyevans)
    • Directory no longer includes a Parent directory link in the root directory index. (@jeremyevans)
    • QueryParser#parse_nested_query uses original backtrace when reraising exception with new class. (@jeremyevans)
    • ConditionalGet follows RFC 7232 precedence if both If-None-Match and If-Modified-Since headers are provided. (@jeremyevans)
    • πŸ‘ .ru files supports the frozen-string-literal magic comment. (@eregon)
    • Rely on autoload to load constants instead of requiring internal files, make sure to require 'rack' and not just 'rack/...'. (@jeremyevans)
    • Etag will continue sending ETag even if the response should not be cached. (@henm)
    • Request#host_with_port no longer includes a colon for a missing or empty port. (@AlexWayfer)
    • All handlers uses keywords arguments instead of an options hash argument. (@ioquatix)
    • πŸ‘ Files handling of range requests no longer return a body that supports to_path, to ensure range requests are handled correctly. (@jeremyevans)
    • Multipart::Generator only includes Content-Length for files with paths, and Content-Disposition filename if the UploadedFile instance has one. (@jeremyevans)
    • Request#ssl? is true for the wss scheme (secure websockets). (@jeremyevans)
    • 0️⃣ Rack::HeaderHash is memoized by default. (#1549, @ioquatix)
    • Rack::Directory allow directory traversal inside root directory. (#1417, @ThomasSevestre)
    • Sort encodings by server preference. (#1184, @ioquatix, @wjordan)
    • Rework host/hostname/authority implementation in Rack::Request. #host and #host_with_port have been changed to correctly return IPv6 addresses formatted with square brackets, as defined by RFC3986. (#1561, @ioquatix)
    • πŸ— Rack::Builder parsing options on first #\ line is deprecated. (#1574, @ioquatix)

    βœ‚ Removed

    • Directory#path as it was not used and always returned nil. (@jeremyevans)
    • β†ͺ BodyProxy#each as it was only needed to work around a bug in Ruby <1.9.3. (@jeremyevans)
    • URLMap::INFINITY and URLMap::NEGATIVE_INFINITY, in favor of Float::INFINITY. (@ch1c0t)
    • πŸ—„ Deprecation of Rack::File. It will be deprecated again in rack 2.2 or 3.0. (@rafaelfranca)
    • πŸ‘Œ Support for Ruby 2.2 as it is well past EOL. (@ioquatix)
    • βœ‚ Remove Rack::Files#response_body as the implementation was broken. (#1153, @ioquatix)
    • βœ‚ Remove SERVER_ADDR which was never part of the original SPEC. (#1573, @ioquatix)

    πŸ›  Fixed

    • Directory correctly handles root paths containing glob metacharacters. (@jeremyevans)
    • Cascade uses a new response object for each call if initialized with no apps. (@jeremyevans)
    • πŸ’Ž BodyProxy correctly delegates keyword arguments to the body object on Ruby 2.7+. (@jeremyevans)
    • BodyProxy#method correctly handles methods delegated to the body object. (@jeremyevans)
    • Request#host and Request#host_with_port handle IPv6 addresses correctly. (@AlexWayfer)
    • πŸ‘• Lint checks when response hijacking that rack.hijack is called with a valid object. (@jeremyevans)
    • ⚑️ Response#write correctly updates Content-Length if initialized with a body. (@jeremyevans)
    • 🌲 CommonLogger includes SCRIPT_NAME when logging. (@Erol)
    • Utils.parse_nested_query correctly handles empty queries, using an empty instance of the params class instead of a hash. (@jeremyevans)
    • Directory correctly escapes paths in links. (@yous)
    • Request#delete_cookie and related Utils methods handle :domain and :path options in same call. (@jeremyevans)
    • Request#delete_cookie and related Utils methods do an exact match on :domain and :path options. (@jeremyevans)
    • Static no longer adds headers when a gzipped file request has a 304 response. (@chooh)
    • ContentLength sets Content-Length response header even for bodies not responding to to_ary. (@jeremyevans)
    • πŸ‘ Thin handler supports options passed directly to Thin::Controllers::Controller. (@jeremyevans)
    • WEBrick handler no longer ignores :BindAddress option. (@jeremyevans)
    • ShowExceptions handles invalid POST data. (@jeremyevans)
    • Basic authentication requires a password, even if the password is empty. (@jeremyevans)
    • πŸ‘• Lint checks response is array with 3 elements, per SPEC. (@jeremyevans)
    • πŸ‘Œ Support for using :SSLEnable option when using WEBrick handler. (Gregor Melhorn)
    • Close response body after buffering it when buffering. (@ioquatix)
    • πŸ“œ Only accept ; as delimiter when parsing cookies. (@mrageh)
    • Utils::HeaderHash#clear clears the name mapping as well. (@raxoft)
    • πŸ‘Œ Support for passing nil Rack::Files.new, which notably fixes Rails' current ActiveStorage::FileServer implementation. (@ioquatix)

    πŸ“š Documentation

    • ⚑️ CHANGELOG updates. (@aupajo)
    • βž• Added [CONTRIBUTING](CONTRIBUTING.md). (@dblock)
  • v2.1.4

    June 15, 2020
  • v2.1.3

    May 12, 2020
  • v2.1.2 Changes

    January 27, 2020
    • πŸ›  Fix multipart parser for some files to prevent denial of service (@aiomaster)
    • πŸ›  Fix Rack::Builder#use with keyword arguments (@kamipo)
    • Skip deflating in Rack::Deflater if Content-Length is 0 (@jeremyevans)
    • βœ‚ Remove SessionHash#transform_keys, no longer needed (@pavel)
    • βž• Add to_hash to wrap Hash and Session classes (@oleh-demyanyuk)
    • πŸ– Handle case where session id key is requested but missing (@jeremyevans)
  • v2.1.1 Changes

    January 11, 2020
    • βœ‚ Remove Rack::Chunked from Rack::Server default middleware. (#1475, @ioquatix)
    • βͺ Restore support for code relying on SessionId#to_s. (@jeremyevans)
  • v2.1.0 Changes

    January 10, 2020

    βž• Added

    • βž• Add support for SameSite=None cookie value. (@hennikul)
    • βž• Add trailer headers. (@eileencodes)
    • βž• Add MIME Types for video streaming. (@styd)
    • βž• Add MIME Type for WASM. (@buildrtech)
    • βž• Add Early Hints(103) to status codes. (@egtra)
    • βž• Add Too Early(425) to status codes. ([@y-yagi]((https://github.com/y-yagi)))
    • βž• Add Bandwidth Limit Exceeded(509) to status codes. (@CJKinni)
    • βž• Add method for custom ip_filter. (@svcastaneda)
    • βž• Add boot-time profiling capabilities to rackup. (@tenderlove)
    • βž• Add multi mapping support for X-Accel-Mappings header. (@yoshuki)
    • βž• Add sync: false option to Rack::Deflater. (Eric Wong)
    • βž• Add Builder#freeze_app to freeze application and all middleware instances. (@jeremyevans)
    • βž• Add API to extract cookies from Rack::MockResponse. (@petercline)

    πŸ”„ Changed

    • Don't propagate nil values from middleware. (@ioquatix)
    • Lazily initialize the response body and only buffer it if required. (@ioquatix)
    • πŸ›  Fix deflater zlib buffer errors on empty body part. (@felixbuenemann)
    • Set X-Accel-Redirect to percent-encoded path. (@diskkid)
    • βœ‚ Remove unnecessary buffer growing when parsing multipart. (@tainoe)
    • Expand the root path in Rack::Static upon initialization. (@rosenfeld)
    • πŸ‘‰ Make ShowExceptions work with binary data. (@axyjo)
    • πŸ“œ Use buffer string when parsing multipart requests. (@janko-m)
    • πŸ‘Œ Support optional UTF-8 Byte Order Mark (BOM) in config.ru. (@mikegee)
    • πŸ– Handle X-Forwarded-For with optional port. (@dpritchett)
    • πŸ‘‰ Use Time#httpdate format for Expires, as proposed by RFC 7231. (@nanaya)
    • πŸ‘‰ Make Utils.status_code raise an error when the status symbol is invalid instead of 500. (@adambutler)
    • Rename Request::SCHEME_WHITELIST to Request::ALLOWED_SCHEMES.
    • πŸ“œ Make Multipart::Parser.get_filename accept files with + in their name. (@lucaskanashiro)
    • βž• Add Falcon to the default handler fallbacks. (@ioquatix)
    • Update codebase to avoid string mutations in preparation for frozen_string_literals. (@pat)
    • πŸ”„ Change MockRequest#env_for to rely on the input optionally responding to #size instead of #length. (@janko)
    • πŸ—„ Rename Rack::File -> Rack::Files and add deprecation notice. (@postmodern).
    • Prefer Base64 β€œstrict encoding” for Base64 cookies. (@ioquatix)

    βœ‚ Removed

    • πŸ’₯ BREAKING CHANGE: Remove to_ary from Response (@tenderlove)
    • πŸ—„ Deprecate Rack::Session::Memcache in favor of Rack::Session::Dalli from dalli gem (@fatkodima)

    πŸ›  Fixed

    πŸ“š Documentation

    • πŸ“š Update broken example in Session::Abstract::ID documentation. (tonytonyjan)
    • βž• Add Padrino to the list of frameworks implementing Rack. (@wikimatze)
    • βœ‚ Remove Mongrel from the suggested server options in the help output. (@tricknotes)
    • Replace HISTORY.md and NEWS.md with CHANGELOG.md. (@twitnithegirl)
    • ⚑️ CHANGELOG updates. (@drenmi, @p8)
  • v2.0.9

    February 08, 2020