| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* December 28th, 2011: Twenty third public release: 1.3.6
* Security fix. http://www.ocert.org/advisories/ocert-2011-003.html
Further information here: http://jruby.org/2011/12/27/jruby-1-6-5-1
|
|
* September 16, 2011: Eighteenth public release 1.2.4
* Fix a bug with MRI regex engine to prevent XSS by malformed unicode
* May 22nd, 2011: Thirteenth public release 1.3.0
* Various performance optimizations
* Various multipart fixes
* Various multipart refactors
* Infinite loop fix for multipart
* Test coverage for Rack::Server returns
* Allow files with '..', but not path components that are '..'
* rackup accepts handler-specific options on the command line
* Request#params no longer merges POST into GET (but returns the same)
* Use URI.encode_www_form_component instead. Use core methods for escaping.
* Allow multi-line comments in the config file
* Bug L#94 reported by Nikolai Lugovoi, query parameter unescaping.
* Rack::Response now deletes Content-Length when appropriate
* Rack::Deflater now supports streaming
* Improved Rack::Handler loading and searching
* Support for the PATCH verb
* env['rack.session.options'] now contains session options
* Cookies respect renew
* Session middleware uses SecureRandom.hex
* May 22nd, 2011: Fourteenth public release 1.2.3
* Pulled in relevant bug fixes from 1.3
* Fixed 1.8.6 support
* July 13, 2011: Fifteenth public release 1.3.1
* Fix 1.9.1 support
* Fix JRuby support
* Properly handle $KCODE in Rack::Utils.escape
* Make method_missing/respond_to behavior consistent for Rack::Lock,
Rack::Auth::Digest::Request and Rack::Multipart::UploadedFile
* Reenable passing rack.session to session middleware
* Rack::CommonLogger handles streaming responses correctly
* Rack::MockResponse calls close on the body object
* Fix a DOS vector from MRI stdlib backport
* July 16, 2011: Sixteenth public release 1.3.2
* Fix for Rails and rack-test, Rack::Utils#escape calls to_s
* September 16, 2011: Seventeenth public release 1.3.3
* Fix bug with broken query parameters in Rack::ShowExceptions
* Rack::Request#cookies no longer swallows exceptions on broken input
* Prevents XSS attacks enabled by bug in Ruby 1.8's regexp engine
* Rack::ConditionalGet handles broken If-Modified-Since helpers
* October 1, 2011: Nineteenth public release 1.3.4
* Backport security fix from 1.9.3, also fixes some roundtrip issues in URI
* Small documentation update
* Fix an issue where BodyProxy could cause an infinite recursion
* Add some supporting files for travis-ci
* October 17, 2011: Twentieth public release 1.3.5
* Fix annoying warnings caused by the backport in 1.3.4
|
|
* September 16, 2011: Eighteenth public release 1.2.4
* Fix a bug with MRI regex engine to prevent XSS by malformed unicode
|
|
Changes are unknown.
|
|
== Changes
* March 13th, 2011: Twelfth public release 1.2.2/1.1.2.
* Security fix in Rack::Auth::Digest::MD5: when authenticator
returned nil, permission was granted on empty password.
|
|
* Use lang/ruby/gem.mk instead of misc/rubygems/rubygem.mk.
* Add LICENSE.
* Remove default value of GEM_BUILD.
== Changes
* June 13th, 2010: Tenth public release 1.2.0.
* Removed Camping adapter: Camping 2.0 supports Rack as-is
* Removed parsing of quoted values
* Add Request.trace? and Request.options?
* Add mime-type for .webm and .htc
* Fix HTTP_X_FORWARDED_FOR
* Various multipart fixes
* Switch test suite to bacon
* January 3rd, 2009: Ninth public release 1.1.0.
* Moved Auth::OpenID to rack-contrib.
* SPEC change that relaxes Lint slightly to allow subclasses of the
required types
* SPEC change to document rack.input binary mode in greator detail
* SPEC define optional rack.logger specification
* File servers support X-Cascade header
* Imported Config middleware
* Imported ETag middleware
* Imported Runtime middleware
* Imported Sendfile middleware
* New Logger and NullLogger middlewares
* Added mime type for .ogv and .manifest.
* Don't squeeze PATH_INFO slashes
* Use Content-Type to determine POST params parsing
* Update Rack::Utils::HTTP_STATUS_CODES hash
* Add status code lookup utility
* Response should call #to_i on the status
* Add Request#user_agent
* Request#host knows about forwared host
* Return an empty string for Request#host if HTTP_HOST and
SERVER_NAME are both missing
* Allow MockRequest to accept hash params
* Optimizations to HeaderHash
* Refactored rackup into Rack::Server
* Added Utils.build_nested_query to complement Utils.parse_nested_query
* Added Utils::Multipart.build_multipart to complement
Utils::Multipart.parse_multipart
* Extracted set and delete cookie helpers into Utils so they can be
used outside Response
* Extract parse_query and parse_multipart in Request so subclasses
can change their behavior
* Enforce binary encoding in RewindableInput
* Set correct external_encoding for handlers that don't use RewindableInput
|
|
Changes since 1.0.0:
* Bump remainder of rack.versions.
* Support the pure Ruby FCGI implementation.
* Fix for form names containing "=": split first then unescape components
* Fixes the handling of the filename parameter with semicolons in names.
* Add anchor to nested params parsing regexp to prevent stack overflows
* Use more compatible gzip write api instead of "<<".
* Make sure that Reloader doesn't break when executed via ruby -e
* Make sure WEBrick respects the :Host option
* Many Ruby 1.9 fixes.
|
|
|
|
Changes since 0.4:
* Rack is now managed by the Rack Core Team.
* Rack::Lint is stricter and follows the HTTP RFCs more closely.
* Added ConditionalGet middleware.
* Added ContentLength middleware.
* Added Deflater middleware.
* Added Head middleware.
* Added MethodOverride middleware.
* Rack::Mime now provides popular MIME-types and their extension.
* Mongrel Header now streams.
* Added Thin handler.
* Official support for swiftiplied Mongrel.
* Secure cookies.
* Made HeaderHash case-preserving.
* Many bugfixes and small improvements.
* Fix directory traversal exploits in Rack::File and Rack::Directory.
* SPEC changes.
* New middleware Rack::Lock.
* New middleware Rack::ContentType.
* Rack::Reloader has been rewritten.
* Major update to Rack::Auth::OpenID.
* Support for nested parameter parsing in Rack::Response.
* Support for redirects in Rack::Response.
* HttpOnly cookie support in Rack::Response.
* The Rakefile has been rewritten.
* Many bugfixes and small improvements.
|
|
== Future specification changes
PLEASE NOTE: In versions of Rack LATER than 0.4, the following
changes will be commited to the Rack specification:
* 1xx, 204 and 304 status codes MUST not contain a Content-Type.
* A valid Content-Length header MUST be provided for non 1xx, 204 and 304
responses with a Transfer-Encoding of "identity" (default).
The Content-Length MUST be the same as the sum of the byte-sizes of
the chunks.
* The REQUEST_METHOD may be any HTTP token.
Internal Rack modules have been updated to follow this behavior, but
the Rack 0.4 Lint does NOT check it yet for compatibility reasons.
Please update your libraries accordingly.
== Changes
* August 21st, 2008: Fourth public release 0.4.
* New middleware, Rack::Deflater, by Christoffer Sawicki.
* OpenID authentication now needs ruby-openid 2.
* New Memcache sessions, by blink.
* Explicit EventedMongrel handler, by Joshua Peek.
* Rack::Reloader is not loaded in rackup development mode.
* rackup can daemonize with -D.
* Many bugfixes, especially for pool sessions, URLMap, thread safety
and tempfile handling.
* Improved tests.
* Rack moved to Git.
|
|
Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.
|
