« Changelog History


Rack v1.5.2 Release Notes

Release Date: 2013-02-07 // about 11 years ago
    • Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
    • Fix CVE-2013-0262, symlink path traversal in Rack::File
    • Add various methods to Session for enhanced Rails compatibility
    • Request#trusted_proxy? now only matches whole stirngs
    • Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
    • URLMap host matching in environments that don't set the Host header fixed
    • Fix a race condition that could result in overwritten pidfiles
    • Various documentation additions