./www/ruby-rack, Modular Ruby webserver interface

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.5.2, Package name: ruby200-rack-1.5.2, Maintainer: pkgsrc-users

Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.


Required to run:
[lang/ruby200-base]

Master sites: (Expand)

SHA1: a17f40c9beb03b458f537f42cf36dd90d8230625
RMD160: a0c23b40d8f6644c58b4954485c121989a9d628c
Filesize: 211.5 KB

Version history: (Expand)


CVS history: (Expand)


   2013-03-10 10:25:56 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
Update ruby-rack to 1.5.2.

== Changes

Please note that this release includes a few potentially breaking changes.
Of particular note are:

 * SessionHash is no longer a Hash sublcass
 * Rack::File cache_control parameter is removed in place of headers options

Additonally, SPEC has been updated in several areas and is now at 1,2.

A new SPEC section was introduced that provides two server-optional IO hijacking
APIs. Further information on these APIs will be made available by the community
in good time. In the mean time, some information can be found in the original
pull request: https://github.com/rack/rack/pull/481

* January 21st, 2013: Thirty third public release 1.5.0
  * Introduced hijack SPEC, for before-response and after-response hijacking
  * SessionHash is no longer a Hash subclass
  * Rack::File cache_control parameter is removed, in place of headers options
  * Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
  * Rack::Utils cookie functions now format expires in RFC 2822 format
  * Rack::File now has a default mime type
  * rackup -b 'run Rack::File.new(".")', option provides command line \ 
configs
  * Rack::Deflater will no longer double encode bodies
  * Rack::Mime#match? provides convenience for Accept header matching
  * Rack::Utils#q_values provides splitting for Accept headers
  * Rack::Utils#best_q_match provides a helper for Accept headers
  * Rack::Handler.pick provides convenience for finding available servers
  * Puma added to the list of default servers (preferred over Webrick)
  * Various middleware now correctly close body when replacing it
  * Rack::Request#params is no longer persistent with only GET params
  * Rack::Request#update_param and #delete_param provide persistent operations
  * Rack::Request#trusted_proxy? now returns true for local unix sockets
  * Rack::Response no longer forces Content-Types
  * Rack::Sendfile provides local mapping configuration options
  * Rack::Utils#rfc2109 provides old netscape style time output
  * Updated HTTP status codes
  * Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported

* January 28th, 2013: Thirty fourth public release 1.5.1
  * Rack::Lint check_hijack now conforms to other parts of SPEC
  * Added hash-like methods to Abstract::ID::SessionHash for compatibility
  * Various documentation corrections

* February 7th, Thirty fifth public release 1.5.2
  * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
  * Fix CVE-2013-0262, symlink path traversal in Rack::File
  * Add various methods to Session for enhanced Rails compatibility
  * Request#trusted_proxy? now only matches whole stirngs
  * Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
  * URLMap host matching in environments that don't set the Host header fixed
  * Fix a race condition that could result in overwritten pidfiles
  * Various documentation additions
   2013-02-08 14:22:00 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update ruby-rack to 1.4.5.

* February 7th, Thirty fifth public release 1.4.5
  * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
  * Fix CVE-2013-0262, symlink path traversal in Rack::File
   2013-01-31 17:03:34 by Takahiro Kambe | Files touched by this commit (4) | Package updated
Log message:
Update HOMEPAGE to github's one.
   2013-01-14 05:35:34 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-rack to 1.4.4.

* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5
  * [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings
  * Fixed erroneous test case in the 1.3.x series
   2013-01-09 12:24:38 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-rack to 1.4.3.

* January 7th, 2013: Thirty first public release 1.4.3
  * Security: Prevent unbounded reads in large multipart boundaries
   2012-03-17 17:42:00 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-rack to 1.4.1.

Exact changes are unknown.

* A little tweak to COMMENT.
   2012-01-08 04:09:48 by OBATA Akio | Files touched by this commit (2) | Package updated
Log message:
Update ruby-rack to 1.3.6.

* December 28th, 2011: Twenty third public release: 1.3.6
  * Security fix. http://www.ocert.org/advisories/ocert-2011-003.html
    Further information here: http://jruby.org/2011/12/27/jruby-1-6-5-1
   2011-12-15 15:58:34 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-rack package to 1.3.5.

* September 16, 2011: Eighteenth public release 1.2.4
  * Fix a bug with MRI regex engine to prevent XSS by malformed unicode

* May 22nd, 2011: Thirteenth public release 1.3.0
  * Various performance optimizations
  * Various multipart fixes
  * Various multipart refactors
  * Infinite loop fix for multipart
  * Test coverage for Rack::Server returns
  * Allow files with '..', but not path components that are '..'
  * rackup accepts handler-specific options on the command line
  * Request#params no longer merges POST into GET (but returns the same)
  * Use URI.encode_www_form_component instead. Use core methods for escaping.
  * Allow multi-line comments in the config file
  * Bug L#94 reported by Nikolai Lugovoi, query parameter unescaping.
  * Rack::Response now deletes Content-Length when appropriate
  * Rack::Deflater now supports streaming
  * Improved Rack::Handler loading and searching
  * Support for the PATCH verb
  * env['rack.session.options'] now contains session options
  * Cookies respect renew
  * Session middleware uses SecureRandom.hex

* May 22nd, 2011: Fourteenth public release 1.2.3
  * Pulled in relevant bug fixes from 1.3
  * Fixed 1.8.6 support

* July 13, 2011: Fifteenth public release 1.3.1
  * Fix 1.9.1 support
  * Fix JRuby support
  * Properly handle $KCODE in Rack::Utils.escape
  * Make method_missing/respond_to behavior consistent for Rack::Lock,
    Rack::Auth::Digest::Request and Rack::Multipart::UploadedFile
  * Reenable passing rack.session to session middleware
  * Rack::CommonLogger handles streaming responses correctly
  * Rack::MockResponse calls close on the body object
  * Fix a DOS vector from MRI stdlib backport

* July 16, 2011: Sixteenth public release 1.3.2
  * Fix for Rails and rack-test, Rack::Utils#escape calls to_s

* September 16, 2011: Seventeenth public release 1.3.3
  * Fix bug with broken query parameters in Rack::ShowExceptions
  * Rack::Request#cookies no longer swallows exceptions on broken input
  * Prevents XSS attacks enabled by bug in Ruby 1.8's regexp engine
  * Rack::ConditionalGet handles broken If-Modified-Since helpers

* October 1, 2011: Nineteenth public release 1.3.4
  * Backport security fix from 1.9.3, also fixes some roundtrip issues in URI
  * Small documentation update
  * Fix an issue where BodyProxy could cause an infinite recursion
  * Add some supporting files for travis-ci

* October 17, 2011: Twentieth public release 1.3.5
  * Fix annoying warnings caused by the backport in 1.3.4