./www/ruby-rack-protection, Protection for against typical web attacks for Rack application

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.0.4, Package name: ruby24-rack-protection-2.0.4, Maintainer: pkgsrc-users

Rack::Protection

You should use protection!

This gem protects against typical web attacks.
Should work for all Rack apps, including Rails.


Required to run:
[www/ruby-rack] [lang/ruby24-base]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: c1376e5678322b401d988d261762a78bf2cf3361
RMD160: 7af3cafe42849bb87efb3aceef6340787dc8e01a
Filesize: 16.5 KB

Version history: (Expand)


CVS history: (Expand)


   2018-09-23 19:06:28 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack-protection: update to 2.0.4

2.0.4 / 2018-09-15

* Don't blow up when passing frozen string to send_file disposition #1137 by
  Andrew Selder

* Fix ubygems LoadError #1436 by Pavel Rosický

* Unescape regex captures #1446 by Jordan Owens

* Slight performance improvements for IndifferentHash #1427 by Mike Pastore

* Improve development support and documentation and source code by Will Yang,
  Jake Craige, Grey Baker and Guilherme Goettems Schneider

2.0.3 / 2018-06-09

* Fix the backports gem regression #1442 by Marc-André Lafortune

2.0.2 / 2018-06-05

* Escape invalid query parameters #1432 by Kunpei Sakai

	o The patch fixes CVE-2018-11627.

* Fix undefined method error for Sinatra::RequiredParams with hash key #1431
  by Arpit Chauhan

* Add xml content-types to valid html_types for Rack::Protection #1413 by
  Reenan Arbitrario

* Encode route parameters using :default_encoding setting #1412 by Brian
  m. Carlson

* Fix unpredictable behaviour from Sinatra::ConfigFile #1244 by John Hope

* Add Sinatra::IndifferentHash#slice #1405 by Shota Iguchi

* Remove status code 205 from drop body response #1398 by Shota Iguchi

* Ignore empty captures from params #1390 by Shota Iguchi

* Improve development support and documentation and source code by Zp Yuan,
  Andreas Finger, Olle Jonsson, Shota Iguchi, Nikita Bulai and Joshua O'Brien
   2018-03-17 16:52:27 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack-protection: update to 2.0.1

0.2.1						2018/02/16

* enhanced path validation in Windows
   2018-01-08 23:09:48 by Takahiro Kambe | Files touched by this commit (2)
Log message:
www: allow use of ruby25
   2017-07-31 00:32:28 by Thomas Klausner | Files touched by this commit (229)
Log message:
Switch github HOMEPAGEs to https.
   2017-06-18 15:48:55 by Takahiro Kambe | Files touched by this commit (18)
Log message:
Add 24 to RUBY_VERSIONS_ACCEPTED.
   2017-06-05 05:29:38 by Takahiro Kambe | Files touched by this commit (6)
Log message:
Restrict ruby's version to 22 and 23.
   2017-06-04 17:18:22 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ruby-rack-protection to 2.0.0.

No its own changes but here is related changes from Sinatra's changes.

 * Modernize Rack::Protection::ContentSecurityPolicy with CSP Level 2 and 3
   Directives #1202 by Glenn Rempe
 * Adds preload option to Rack:Protection:StrictTransport #1209 by Ed Robinson
 * rack-protection: Bundle StrictTransport, CookieTossing, and CSP #1267 by
   Mike Pastore
   2015-11-04 03:47:43 by Alistair G. Crooks | Files touched by this commit (758)
Log message:
Add SHA512 digests for distfiles for www category

Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.