./www/ruby-rack-protection, Protection for against typical web attacks for Rack application

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.0.1, Package name: ruby24-rack-protection-2.0.1, Maintainer: pkgsrc-users

Rack::Protection

You should use protection!

This gem protects against typical web attacks.
Should work for all Rack apps, including Rails.


Required to run:
[www/ruby-rack] [lang/ruby24-base]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 01c1522ab6db071ec1a1ce1fddd328fa5a00d7c7
RMD160: 4c70dd6b49b978ed70b146992bcf079e4e55859c
Filesize: 15.5 KB

Version history: (Expand)


CVS history: (Expand)


   2018-03-17 16:52:27 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack-protection: update to 2.0.1

0.2.1						2018/02/16

* enhanced path validation in Windows
   2018-01-08 23:09:48 by Takahiro Kambe | Files touched by this commit (2)
Log message:
www: allow use of ruby25
   2017-07-31 00:32:28 by Thomas Klausner | Files touched by this commit (229)
Log message:
Switch github HOMEPAGEs to https.
   2017-06-18 15:48:55 by Takahiro Kambe | Files touched by this commit (18)
Log message:
Add 24 to RUBY_VERSIONS_ACCEPTED.
   2017-06-05 05:29:38 by Takahiro Kambe | Files touched by this commit (6)
Log message:
Restrict ruby's version to 22 and 23.
   2017-06-04 17:18:22 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-rack-protection to 2.0.0.

No its own changes but here is related changes from Sinatra's changes.

 * Modernize Rack::Protection::ContentSecurityPolicy with CSP Level 2 and 3
   Directives #1202 by Glenn Rempe
 * Adds preload option to Rack:Protection:StrictTransport #1209 by Ed Robinson
 * rack-protection: Bundle StrictTransport, CookieTossing, and CSP #1267 by
   Mike Pastore
   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-03-13 18:26:00 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update ruby-rack-protection to 1.5.3.

* Discard invalid Referer header.
  If an invalid Referer header such as "http://example.com/bad|uri" is
  provided, ignore the value of it and skip using the Host header fallback.
* refactor instantiation.
* fix typoed header name.
* clarify reaction warning, test it.