Rack v1.5.2 Release Notes
Release Date: 2013-02-07 // about 11 years ago-
- Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
- Fix CVE-2013-0262, symlink path traversal in Rack::File
- Add various methods to Session for enhanced Rails compatibility
- Request#trusted_proxy? now only matches whole stirngs
- Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
- URLMap host matching in environments that don't set the Host header fixed
- Fix a race condition that could result in overwritten pidfiles
- Various documentation additions