SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby2.5-rubygem-rack-2.2-2.2.9-150400.19.2.x86_64.rpm :

* Fri Mar 22 2024 enavarroAATTsuse.com- update to version 2.2.9
* Return empty when parsing a multi-part POST with only one end delimiter. (https://github.com/rack/rack/pull/2104)
* Tue Feb 27 2024 daniel.donisaAATTsuse.com- update to version 2.2.8.1
* Fixed ReDoS in Accept header parsing [CVE-2024-26146]
* Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
* Reject Range headers which are too large [CVE-2024-26141]
* Tue Aug 01 2023 jacob.michalskieAATTsuse.com- update to version 2.2.8
* Limit file extension length of multipart tempfiles (https://github.com/rack/rack/pull/2069)
* Fix inefficient assert pattern in Rack::Lint (https://github.com/rack/rack/pull/2101)
* Tue May 02 2023 lukas.krauseAATTsuse.com- update to version 2.2.7
* Correct the year number in the changelog (https://github.com/rack/rack/pull/2015)
* Support underscore in host names for Rack 2.2 (https://github.com/rack/rack/pull/2071)
* Wed Mar 15 2023 daniel.donisaAATTsuse.com- updated to version 2.2.6.4 [CVE-2023-27539] Avoid ReDoS in header parsing
* Mon Mar 13 2023 daniel.donisaAATTsuse.com- updated to version 2.2.6.3 [CVE-2023-27530] Possible DoS Vulnerability in Multipart MIME parsing
* Mon Jan 23 2023 hvogelAATTsuse.com- updated to version 2.2.6.2 [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser [CVE-2022-44572] Forbid control characters in attributes (also ReDoS) See installed CHANGELOG.md for more changes
* Mon Oct 10 2022 cooloAATTsuse.com- Split into -2.2 suffix to make way for 3.0 update
* Fri Jul 08 2022 mschnitzerAATTsuse.com- updated to version 2.2.4
* Better support for lower case headers in `Rack::ETag` middleware. ([#1919](https://github.com/rack/rack/pull/1919), [AATTioquatix](https://github.com/ioquatix))
* Use custom exception on params too deep error. ([#1838](https://github.com/rack/rack/pull/1838), [AATTsimi](https://github.com/simi))
* Mon May 30 2022 hvogelAATTsuse.com- updated to version 2.2.3.1 [CVE-2022-30123] Fix shell escaping issue in Common Logger [CVE-2022-30122] Restrict parsing of broken MIME attachments
* Thu Jun 18 2020 enavarroAATTsuse.com- updated to version 2.2.3 see installed CHANGELOG.md [#]# [2.2.3] - 2020-06-15 [CVE-2020-8184] Only decode cookie values
* Tue Feb 18 2020 enavarroAATTsuse.com- updated to version 2.2.2 see installed CHANGELOG.md [#]# [2.2.2] - 2020-02-11 [#]## Fixed - Fix incorrect Rack::Request#host value. ([#1591](https://github.com/rack/rack/pull/1591), [AATTioquatix](https://github.com/ioquatix)) - Revert Rack::Handler::Thin implementation. ([#1583](https://github.com/rack/rack/pull/1583), [AATTjeremyevans](https://github.com/jeremyevans)) - Double assignment is still needed to prevent an \"unused variable\" warning. ([#1589](https://github.com/rack/rack/pull/1589), [AATTkamipo](https://github.com/kamipo)) - Fix to handle same_site option for session pool. ([#1587](https://github.com/rack/rack/pull/1587), [AATTkamipo](https://github.com/kamipo))
* Mon Feb 10 2020 cooloAATTsuse.com- updated to version 2.2.1 see installed CHANGELOG.md [#] Changelog All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/). [#]# [2.2.1] - 2020-02-09 [#]## Fixed - Rework `Rack::Request#ip` to handle empty `forwarded_for`. ([#1577](https://github.com/rack/rack/pull/1577), [AATTioquatix](https://github.com/ioquatix)) [#]# [2.2.0] - 2020-02-08 [#]## SPEC Changes - `rack.session` request environment entry must respond to `to_hash` and return unfrozen Hash. ([AATTjeremyevans](https://github.com/jeremyevans)) - Request environment cannot be frozen. ([AATTjeremyevans](https://github.com/jeremyevans)) - CGI values in the request environment with non-ASCII characters must use ASCII-8BIT encoding. ([AATTjeremyevans](https://github.com/jeremyevans)) - Improve SPEC/lint relating to SERVER_NAME, SERVER_PORT and HTTP_HOST. ([#1561](https://github.com/rack/rack/pull/1561), [AATTioquatix](https://github.com/ioquatix)) [#]## Added - `rackup` supports multiple `-r` options and will require all arguments. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Server` supports an array of paths to require for the `:require` option. ([AATTkhotta](https://github.com/khotta)) - `Files` supports multipart range requests. ([AATTfatkodima](https://github.com/fatkodima)) - `Multipart::UploadedFile` supports an IO-like object instead of using the filesystem, using `:filename` and `:io` options. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Multipart::UploadedFile` supports keyword arguments `:path`, `:content_type`, and `:binary` in addition to positional arguments. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Static` supports a `:cascade` option for calling the app if there is no matching file. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Session::Abstract::SessionHash#dig`. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Response.[]` and `MockResponse.[]` for creating instances using status, headers, and body. ([AATTioquatix](https://github.com/ioquatix)) - Convenient cache and content type methods for `Rack::Response`. ([#1555](https://github.com/rack/rack/pull/1555), [AATTioquatix](https://github.com/ioquatix)) [#]## Changed - `Request#params` no longer rescues EOFError. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Directory` uses a streaming approach, significantly improving time to first byte for large directories. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Directory` no longer includes a Parent directory link in the root directory index. ([AATTjeremyevans](https://github.com/jeremyevans)) - `QueryParser#parse_nested_query` uses original backtrace when reraising exception with new class. ([AATTjeremyevans](https://github.com/jeremyevans)) - `ConditionalGet` follows RFC 7232 precedence if both If-None-Match and If-Modified-Since headers are provided. ([AATTjeremyevans](https://github.com/jeremyevans)) - `.ru` files supports the `frozen-string-literal` magic comment. ([AATTeregon](https://github.com/eregon)) - Rely on autoload to load constants instead of requiring internal files, make sure to require \'rack\' and not just \'rack/...\'. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Etag` will continue sending ETag even if the response should not be cached. ([AATThenm](https://github.com/henm)) - `Request#host_with_port` no longer includes a colon for a missing or empty port. ([AATTAlexWayfer](https://github.com/AlexWayfer)) - All handlers uses keywords arguments instead of an options hash argument. ([AATTioquatix](https://github.com/ioquatix)) - `Files` handling of range requests no longer return a body that supports `to_path`, to ensure range requests are handled correctly. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Multipart::Generator` only includes `Content-Length` for files with paths, and `Content-Disposition` `filename` if the `UploadedFile` instance has one. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Request#ssl?` is true for the `wss` scheme (secure websockets). ([AATTjeremyevans](https://github.com/jeremyevans)) - `Rack::HeaderHash` is memoized by default. ([#1549](https://github.com/rack/rack/pull/1549), [AATTioquatix](https://github.com/ioquatix)) - `Rack::Directory` allow directory traversal inside root directory. ([#1417](https://github.com/rack/rack/pull/1417), [AATTThomasSevestre](https://github.com/ThomasSevestre)) - Sort encodings by server preference. ([#1184](https://github.com/rack/rack/pull/1184), [AATTioquatix](https://github.com/ioquatix), [AATTwjordan](https://github.com/wjordan)) - Rework host/hostname/authority implementation in `Rack::Request`. `#host` and `#host_with_port` have been changed to correctly return IPv6 addresses formatted with square brackets, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-3.2.2). ([#1561](https://github.com/rack/rack/pull/1561), [AATTioquatix](https://github.com/ioquatix)) - `Rack::Builder` parsing options on first `#\\` line is deprecated. ([#1574](https://github.com/rack/rack/pull/1574), [AATTioquatix](https://github.com/ioquatix)) [#]## Removed - `Directory#path` as it was not used and always returned nil. ([AATTjeremyevans](https://github.com/jeremyevans)) - `BodyProxy#each` as it was only needed to work around a bug in Ruby <1.9.3. ([AATTjeremyevans](https://github.com/jeremyevans)) - `URLMap::INFINITY` and `URLMap::NEGATIVE_INFINITY`, in favor of `Float::INFINITY`. ([AATTch1c0t](https://github.com/ch1c0t)) - Deprecation of `Rack::File`. It will be deprecated again in rack 2.2 or 3.0. ([AATTrafaelfranca](https://github.com/rafaelfranca)) - Support for Ruby 2.2 as it is well past EOL. ([AATTioquatix](https://github.com/ioquatix)) - Remove `Rack::Files#response_body` as the implementation was broken. ([#1153](https://github.com/rack/rack/pull/1153), [AATTioquatix](https://github.com/ioquatix)) - Remove `SERVER_ADDR` which was never part of the original SPEC. ([#1573](https://github.com/rack/rack/pull/1573), [AATTioquatix](https://github.com/ioquatix)) [#]## Fixed - `Directory` correctly handles root paths containing glob metacharacters. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Cascade` uses a new response object for each call if initialized with no apps. ([AATTjeremyevans](https://github.com/jeremyevans)) - `BodyProxy` correctly delegates keyword arguments to the body object on Ruby 2.7+. ([AATTjeremyevans](https://github.com/jeremyevans)) - `BodyProxy#method` correctly handles methods delegated to the body object. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Request#host` and `Request#host_with_port` handle IPv6 addresses correctly. ([AATTAlexWayfer](https://github.com/AlexWayfer)) - `Lint` checks when response hijacking that `rack.hijack` is called with a valid object. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Response#write` correctly updates `Content-Length` if initialized with a body. ([AATTjeremyevans](https://github.com/jeremyevans)) - `CommonLogger` includes `SCRIPT_NAME` when logging. ([AATTErol](https://github.com/Erol)) - `Utils.parse_nested_query` correctly handles empty queries, using an empty instance of the params class instead of a hash. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Directory` correctly escapes paths in links. ([AATTyous](https://github.com/yous)) - `Request#delete_cookie` and related `Utils` methods handle `:domain` and `:path` options in same call. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Request#delete_cookie` and related `Utils` methods do an exact match on `:domain` and `:path` options. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Static` no longer adds headers when a gzipped file request has a 304 response. ([AATTchooh](https://github.com/chooh)) - `ContentLength` sets `Content-Length` response header even for bodies not responding to `to_ary`. ([AATTjeremyevans](https://github.com/jeremyevans)) - Thin handler supports options passed directly to `Thin::Controllers::Controller`. ([AATTjeremyevans](https://github.com/jeremyevans)) - WEBrick handler no longer ignores `:BindAddress` option. ([AATTjeremyevans](https://github.com/jeremyevans)) - `ShowExceptions` handles invalid POST data. ([AATTjeremyevans](https://github.com/jeremyevans)) - Basic authentication requires a password, even if the password is empty. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Lint` checks response is array with 3 elements, per SPEC. ([AATTjeremyevans](https://github.com/jeremyevans)) - Support for using `:SSLEnable` option when using WEBrick handler. (Gregor Melhorn) - Close response body after buffering it when buffering. ([AATTioquatix](https://github.com/ioquatix)) - Only accept `;` as delimiter when parsing cookies. ([AATTmrageh](https://github.com/mrageh)) - `Utils::HeaderHash#clear` clears the name mapping as well. ([AATTraxoft](https://github.com/raxoft)) - Support for passing `nil` `Rack::Files.new`, which notably fixes Rails\' current `ActiveStorage::FileServer` implementation. ([AATTioquatix](https://github.com/ioquatix)) [#]## Documentation - CHANGELOG updates. ([AATTaupajo](https://github.com/aupajo)) - Added [CONTRIBUTING](CONTRIBUTING.md). ([AATTdblock](https://github.com/dblock))
* Wed Jan 29 2020 daniel.donisaAATTsuse.com- updated to version 2.1.2
* Mon Jan 27 2020 mschnitzerAATTsuse.com- updated to version 2.1.1
* Remove Rack::Chunked from Rack::Server default middleware. (#1475, AATTioquatix)
* Restore support for code relying on SessionId#to_s. (AATTjeremyevans)- non upstream changes
* removed the modification of the permissions for test/cgi/test.gz during package build since it won\'t get installed anymore.
* Thu Dec 19 2019 dkangAATTsuse.com- updated to version 2.0.8
* CVE-2019-16782: Possible information leak / session hijack vulnerability
* Sat Apr 06 2019 mschnitzerAATTsuse.com- updated to version 2.0.7 no changelog found
* Tue Nov 06 2018 mrueckertAATTsuse.de- update to 2.0.6:
* CVE-2018-16471: cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1114828)
* Mon Apr 23 2018 factory-autoAATTkulow.org- updated to version 2.0.5 see installed HISTORY.md
* Mon Apr 16 2018 mschnitzerAATTsuse.com- Only build against ruby versions 2.3.x, 2.4.x, and 2.5.x- Fix package build by removing the executable bit for \'test.gz\' file in gem
* Thu Feb 08 2018 cooloAATTsuse.com- updated to version 2.0.4 see installed HISTORY.md
* Tue Oct 31 2017 mrueckertAATTsuse.de- only build for 2.3+ from now
* Wed Jun 07 2017 mrueckertAATTsuse.de- re-add the rb_build_versions and rb_default_ruby_abi as otherwise building on older distros fails.- add ruby 2.4
* Thu Jun 01 2017 opensuse_buildserviceAATTojkastl.de- removed manual definition of rb_build_versions and rb_default_ruby_abi from gem2rpm.yml; recreated spec
* Tue May 23 2017 cooloAATTsuse.com- updated to version 2.0.3 see installed HISTORY.md
* Wed Jul 06 2016 mrueckertAATTsuse.de- make build again by only building for 2.2 and newer
* Fri Jul 01 2016 cooloAATTsuse.com- updated to version 2.0.1 see installed HISTORY.md
* Fri Jun 19 2015 cooloAATTsuse.com- updated to version 1.6.4 see installed HISTORY.md Fri Jun 19 07:14:50 2015 Matthew Draper
* Work around a Rails incompatibility in our private API
* Wed Jun 17 2015 cooloAATTsuse.com- updated to version 1.6.2 see installed HISTORY.md Fri Jun 12 11:37:41 2015 Aaron Patterson
* Prevent extremely deep parameters from being parsed. CVE-2015-3225
* Thu May 07 2015 cooloAATTsuse.com- updated to version 1.6.1 no changelog found
* Fri Feb 06 2015 cooloAATTsuse.com- updated to version 1.6.0
* Sat Nov 01 2014 tboergerAATTsuse.com- Fixed all rpmlintrc errors to prevent failing builds with multiple ruby versions
  
ICM