./www/ruby-rack, Modular Ruby webserver interface

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.0.10, Package name: ruby32-rack-3.0.10, Maintainer: pkgsrc-users

Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.


Required to run:
[lang/ruby26-base]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 106.5 KB

Version history: (Expand)

CVS history: (Expand)


   2024-03-24 15:45:02 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack: update to 3.0.10

3.0.10 (2024-03-21)

* Backport #2104 to 3-0-stable: Return empty when parsing a multi-part POST
  with only one end delimiter. (#2164, @JoeDupuis)
   2024-02-24 15:24:12 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack: update to 3.0.9.1

3.0.9.1 (2024-02-21)

What's Changed

* Fixed ReDoS in Accept header parsing [CVE-2024-26146]
* Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
* Reject Range headers which are too large [CVE-2024-26141]
   2024-02-04 08:01:13 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack: update to 3.0.9

3.0.9 (2024-01-31)

What's Changed

* Fix content-length calcuation in Rack:Response#write #2150
   2023-06-17 17:30:29 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack: update to 3.0.8

3.0.8 (2023-06-14)

What's Changed

* Backport "Fix some unused variable verbose warnings" by @skipkayhil in
  #2084

New Contributors

* @skipkayhil made their first contribution in #2084
   2023-03-19 14:27:03 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack: update to 3.0.7

3.0.7 (2023-03-16)

What's Changed

* Backport "Make query parameters without = have nil values". by
  @jeremyevans in #2060
   2023-03-15 14:21:20 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack: update to 3.0.6.1

3.0.5 (2023-03-12)

* test-external.yaml - use ruby/setup-ruby-pkgs (#2048)
* Split form/query parsing into two steps (#2038)

3.0.6 (2023-03-13)

* Add QueryParser#missing_value for handling missing values + tests.
  (#2052)

3.0.6.1 (2023-03-14)

* Avoid ReDoS problem: Split headers on commas, then strip the strings in
  order to avoid ReDoS issues.

  [CVE-2023-27539]
   2023-03-05 15:24:12 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack: update to 3.0.4.2

3.0.4.2 (2023-03-02)

* Limit all multipart parts, not just files

  Previously we would limit the number of multipart parts which were files,
  but not other parts.  In some cases this could cause parsing of
  maliciously crafted inputs to take longer than expected.

  [CVE-2023-27530]
   2023-01-19 15:18:26 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
www/ruby-rack: update to 3.0.4.1

3.0.4 (2023-01-17)

* Rack::Request#POST should consistently raise errors.  Cache errors that
  occur when invoking Rack::Request#POST so they can be raised again later.
  (#2010, @ioquatix)

* Fix Rack::Lint error message for HTTP_CONTENT_TYPE and
  HTTP_CONTENT_LENGTH.  (#2007, @byroot)

* Extend Rack::MethodOverride to handle QueryParser::ParamsTooDeepError
  error.  (#2006, @byroot)

3.0.4.1 (2023-01-17)

* [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
* [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
* [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)