SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ruby3.1-rubygem-rack-3.1.3-150300.74.1.x86_64.rpm :

* Fri Jun 21 2024 dan.cermakAATTposteo.net- New upstream release 3.1.3, see bundled CHANGELOG.md
* Tue Feb 27 2024 pgajdosAATTsuse.com- version update to 3.0.9.1
* Fixed ReDoS in Accept header parsing [CVE-2024-26146][bsc#1220248]
* Fixed ReDoS in Content Type header parsing [CVE-2024-25126][bsc#1220239]
* Reject Range headers which are too large [CVE-2024-26141][bsc#1220242]
* Fix content-length calcuation in Rack:Response#write #2150
* Tue Nov 14 2023 dan.cermakAATTposteo.net- 3.0.8: [#]# What\'s Changed
* Backport \"Fix some unused variable verbose warnings\" by AATTskipkayhil in https://github.com/rack/rack/pull/2084 [#]# New Contributors
* AATTskipkayhil made their first contribution in https://github.com/rack/rack/pull/2084
*
*Full Changelog
*
*: https://github.com/rack/rack/compare/v3.0.7...v3.0.8
* Mon Mar 20 2023 pgajdosAATTsuse.com- version update to 3.0.7 [3.0.7] - 2023-03-16 Make query parameters without = have nil values. (#2059, AATTjeremyevans) [3.0.6.1] - 2023-03-13 [CVE-2023-27539] Avoid ReDoS in header parsing [bsc#1209503] [3.0.6] - 2023-03-13 Add QueryParser#missing_value for handling missing values + tests. (#2052, AATTioquatix) [3.0.5] - 2023-03-13 Split form/query parsing into two steps. (#2038, AATTmatthewd)
* Thu Mar 09 2023 pgajdosAATTsuse.com- version update to 3.0.4.2
* rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, AATTioquatix)
* Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, AATTioquatix)
* MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
* fixes CVE-2023-27530 [bsc#1209095]
* Fri Jan 20 2023 hvogelAATTsuse.comupdated to version 3.0.4.1 [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges [CVE-2022-44572] Forbid control characters in attributes (also ReDoS) For more detailed information see the installed CHANGELOG.md
* Wed Dec 07 2022 cooloAATTsuse.comupdated to version 3.0.2 see installed CHANGELOG.md [#]# [3.0.2] -2022-12-05 [#]## Fixed - `Utils.build_nested_query` URL-encodes nested field names including the square brackets. - Allow `Rack::Response` to pass through streaming bodies. ([#1993](https://github.com/rack/rack/pull/1993), [AATTioquatix]) [#]# [3.0.1] - 2022-11-18 [#]## Fixed - `MethodOverride` does not look for an override if a request does not include form/parseable data. - `Rack::Lint::Wrapper` correctly handles `respond_to?` with `to_ary`, `each`, `call` and `to_path`, forwarding to the body. ([#1981](https://github.com/rack/rack/pull/1981), [AATTioquatix])
* Mon Oct 10 2022 cooloAATTsuse.comupdated to version 3.0.0 see installed CHANGELOG.md [#]# [3.0.0] - 2022-09-06 - No changes [#]# [3.0.0.rc1] - 2022-09-04 [#]## SPEC Changes - Stream argument must implement `<<` https://github.com/rack/rack/pull/1959 - `close` may be called on `rack.input` https://github.com/rack/rack/pull/1956 - `rack.response_finished` may be used for executing code after the response has been finished https://github.com/rack/rack/pull/1952 [#]# [3.0.0.beta1] - 2022-08-08 [#]## Security - Do not use semicolon as GET parameter separator. ([#1733](https://github.com/rack/rack/pull/1733), [AATTjeremyevans]) [#]## SPEC Changes - Response array must now be non-frozen. - Response `status` must now be an integer greater than or equal to 100. - Response `headers` must now be an unfrozen hash. - Response header keys can no longer include uppercase characters. - Response header values can be an `Array` to handle multiple values (and no longer supports `\
` encoded headers). - Response body can now respond to `#call` (streaming body) instead of `#each` (enumerable body), for the equivalent of response hijacking in previous versions. - Middleware must no longer call `#each` on the body, but they can call `#to_ary` on the body if it responds to `#to_ary`. - `rack.input` is no longer required to be rewindable. - `rack.multithread`/`rack.multiprocess`/`rack.run_once`/`rack.version` are no longer required environment keys. - `SERVER_PROTOCOL` is now a required environment key, matching the HTTP protocol used in the request. - `rack.hijack?` (partial hijack) and `rack.hijack` (full hijack) are now independently optional. - `rack.hijack_io` has been removed completely. - `rack.response_finished` is an optional environment key which contains an array of callable objects that must accept `#call(env, status, headers, error)` and are invoked after the response is finished (either successfully or unsucessfully). - It is okay to call `#close` on `rack.input` to indicate that you no longer need or care about the input. - The stream argument supplied to the streaming body and hijack must support `#<<` for writing output. [#]## Removed - Remove `rack.multithread`/`rack.multiprocess`/`rack.run_once`. These variables generally come too late to be useful. ([#1720](https://github.com/rack/rack/pull/1720), [AATTioquatix], [AATTjeremyevans])) - Remove deprecated Rack::Request::SCHEME_WHITELIST. ([AATTjeremyevans]) - Remove internal cookie deletion using pattern matching, there are very few practical cases where it would be useful and browsers handle it correctly without us doing anything special. ([#1844](https://github.com/rack/rack/pull/1844), [AATTioquatix]) - Remove `rack.version` as it comes too late to be useful. ([#1938](https://github.com/rack/rack/pull/1938), [AATTioquatix]) - Extract `rackup` command, `Rack::Server`, `Rack::Handler` and related code into a separate gem. ([#1937](https://github.com/rack/rack/pull/1937), [AATTioquatix]) [#]## Added - `Rack::Headers` added to support lower-case header keys. ([AATTjeremyevans]) - `Rack::Utils#set_cookie_header` now supports `escape_key: false` to avoid key escaping. ([AATTjeremyevans]) - `Rack::RewindableInput` supports size. ([AATTahorek](https://github.com/ahorek)) - `Rack::RewindableInput::Middleware` added for making `rack.input` rewindable. ([AATTjeremyevans]) - The RFC 7239 Forwarded header is now supported and considered by default when looking for information on forwarding, falling back to the X-Forwarded-
* headers. `Rack::Request.forwarded_priority` accessor has been added for configuring the priority of which header to check. ([#1423](https://github.com/rack/rack/issues/1423), [AATTjeremyevans]) - Allow response headers to contain array of values. ([#1598](https://github.com/rack/rack/issues/1598), [AATTioquatix]) - Support callable body for explicit streaming support and clarify streaming response body behaviour. ([#1745](https://github.com/rack/rack/pull/1745), [AATTioquatix], [#1748](https://github.com/rack/rack/pull/1748), [AATTwjordan]) - Allow `Rack::Builder#run` to take a block instead of an argument. ([#1942](https://github.com/rack/rack/pull/1942), [AATTioquatix]) - Add `rack.response_finished` to `Rack::Lint`. ([#1802](https://github.com/rack/rack/pull/1802), [AATTBlakeWilliams], [#1952](https://github.com/rack/rack/pull/1952), [AATTioquatix]) - The stream argument must implement `#<<`. ([#1959](https://github.com/rack/rack/pull/1959), [AATTioquatix]) [#]## Changed - BREAKING CHANGE: Require `status` to be an Integer. ([#1662](https://github.com/rack/rack/pull/1662), [AATTolleolleolle](https://github.com/olleolleolle)) - BREAKING CHANGE: Query parsing now treats parameters without `=` as having the empty string value instead of nil value, to conform to the URL spec. ([#1696](https://github.com/rack/rack/issues/1696), [AATTjeremyevans]) - Relax validations around `Rack::Request#host` and `Rack::Request#hostname`. ([#1606](https://github.com/rack/rack/issues/1606), [AATTpvande](https://github.com/pvande)) - Removed antiquated handlers: FCGI, LSWS, SCGI, Thin. ([#1658](https://github.com/rack/rack/pull/1658), [AATTioquatix]) - Removed options from `Rack::Builder.parse_file` and `Rack::Builder.load_file`. ([#1663](https://github.com/rack/rack/pull/1663), [AATTioquatix]) - `Rack::HTTP_VERSION` has been removed and the `HTTP_VERSION` env setting is no longer set in the CGI and Webrick handlers. ([#970](https://github.com/rack/rack/issues/970), [AATTjeremyevans]) - `Rack::Request#[]` and `#[]=` now warn even in non-verbose mode. ([#1277](https://github.com/rack/rack/issues/1277), [AATTjeremyevans]) - Decrease default allowed parameter recursion level from 100 to 32. ([#1640](https://github.com/rack/rack/issues/1640), [AATTjeremyevans]) - Attempting to parse a multipart response with an empty body now raises Rack::Multipart::EmptyContentError. ([#1603](https://github.com/rack/rack/issues/1603), [AATTjeremyevans]) - `Rack::Utils.secure_compare` uses OpenSSL\'s faster implementation if available. ([#1711](https://github.com/rack/rack/pull/1711), [AATTbdewater](https://github.com/bdewater)) - `Rack::Request#POST` now caches an empty hash if input content type is not parseable. ([#749](https://github.com/rack/rack/pull/749), [AATTjeremyevans]) - BREAKING CHANGE: Updated `trusted_proxy?` to match full 127.0.0.0/8 network. ([#1781](https://github.com/rack/rack/pull/1781), [AATTsnbloch](https://github.com/snbloch)) - Explicitly deprecate `Rack::File` which was an alias for `Rack::Files`. ([#1811](https://github.com/rack/rack/pull/1720), [AATTioquatix]). - Moved `Rack::Session` into [separate gem](https://github.com/rack/rack-session). ([#1805](https://github.com/rack/rack/pull/1805), [AATTioquatix]) - `rackup -D` option to daemonizes no longer changes the working directory to the root. ([#1813](https://github.com/rack/rack/pull/1813), [AATTjeremyevans]) - The `x-forwarded-proto` header is now considered before the `x-forwarded-scheme` header for determining the forwarded protocol. `Rack::Request.x_forwarded_proto_priority` accessor has been added for configuring the priority of which header to check. ([#1809](https://github.com/rack/rack/issues/1809), [AATTjeremyevans]) - `Rack::Request.forwarded_authority` (and methods that call it, such as `host`) now returns the last authority in the forwarded header, instead of the first, as earlier forwarded authorities can be forged by clients. This restores the Rack 2.1 behavior. ([#1829](https://github.com/rack/rack/issues/1809), [AATTjeremyevans]) - Use lower case cookie attributes when creating cookies, and fold cookie attributes to lower case when reading cookies (specifically impacting `secure` and `httponly` attributes). ([#1849](https://github.com/rack/rack/pull/1849), [AATTioquatix]) - The response array must now be mutable (non-frozen) so middleware can modify it without allocating a new Array,therefore reducing object allocations. ([#1887](https://github.com/rack/rack/pull/1887), [#1927](https://github.com/rack/rack/pull/1927), [AATTamatsuda], [AATTioquatix]) - `rack.hijack?` (partial hijack) and `rack.hijack` (full hijack) are now independently optional. `rack.hijack_io` is no longer required/specified. ([#1939](https://github.com/rack/rack/pull/1939), [AATTioquatix]) - Allow calling close on `rack.input`. ([#1956](https://github.com/rack/rack/pull/1956), [AATTioquatix]) [#]## Fixed - Make Rack::MockResponse handle non-hash headers. ([#1629](https://github.com/rack/rack/issues/1629), [AATTjeremyevans]) - TempfileReaper now deletes temp files if application raises an exception. ([#1679](https://github.com/rack/rack/issues/1679), [AATTjeremyevans]) - Handle cookies with values that end in \'=\' ([#1645](https://github.com/rack/rack/pull/1645), [AATTlukaso](https://github.com/lukaso)) - Make `Rack::NullLogger` respond to `#fatal!` [AATTjeremyevans]) - Fix multipart filename generation for filenames that contain spaces. Encode spaces as \"%20\" instead of \"+\" which will be decoded properly by the multipart parser. ([#1736](https://github.com/rack/rack/pull/1645), [AATTmuirdm](https://github.com/muirdm)) - `Rack::Request#scheme` returns `ws` or `wss` when one of the `X-Forwarded-Scheme` / `X-Forwarded-Proto` headers is set to `ws` or `wss`, respectively. ([#1730](https://github.com/rack/rack/issues/1730), [AATTerwanst](https://github.com/erwanst))
* Fri Jul 08 2022 mschnitzerAATTsuse.com- updated to version 2.2.4
* Better support for lower case headers in `Rack::ETag` middleware. ([#1919](https://github.com/rack/rack/pull/1919), [AATTioquatix](https://github.com/ioquatix))
* Use custom exception on params too deep error. ([#1838](https://github.com/rack/rack/pull/1838), [AATTsimi](https://github.com/simi))
* Mon May 30 2022 hvogelAATTsuse.com- updated to version 2.2.3.1 [CVE-2022-30123] Fix shell escaping issue in Common Logger [CVE-2022-30122] Restrict parsing of broken MIME attachments
* Thu Jun 18 2020 enavarroAATTsuse.com- updated to version 2.2.3 see installed CHANGELOG.md [#]# [2.2.3] - 2020-06-15 [CVE-2020-8184] Only decode cookie values
* Tue Feb 18 2020 enavarroAATTsuse.com- updated to version 2.2.2 see installed CHANGELOG.md [#]# [2.2.2] - 2020-02-11 [#]## Fixed - Fix incorrect Rack::Request#host value. ([#1591](https://github.com/rack/rack/pull/1591), [AATTioquatix](https://github.com/ioquatix)) - Revert Rack::Handler::Thin implementation. ([#1583](https://github.com/rack/rack/pull/1583), [AATTjeremyevans](https://github.com/jeremyevans)) - Double assignment is still needed to prevent an \"unused variable\" warning. ([#1589](https://github.com/rack/rack/pull/1589), [AATTkamipo](https://github.com/kamipo)) - Fix to handle same_site option for session pool. ([#1587](https://github.com/rack/rack/pull/1587), [AATTkamipo](https://github.com/kamipo))
* Mon Feb 10 2020 cooloAATTsuse.com- updated to version 2.2.1 see installed CHANGELOG.md [#] Changelog All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/). [#]# [2.2.1] - 2020-02-09 [#]## Fixed - Rework `Rack::Request#ip` to handle empty `forwarded_for`. ([#1577](https://github.com/rack/rack/pull/1577), [AATTioquatix](https://github.com/ioquatix)) [#]# [2.2.0] - 2020-02-08 [#]## SPEC Changes - `rack.session` request environment entry must respond to `to_hash` and return unfrozen Hash. ([AATTjeremyevans](https://github.com/jeremyevans)) - Request environment cannot be frozen. ([AATTjeremyevans](https://github.com/jeremyevans)) - CGI values in the request environment with non-ASCII characters must use ASCII-8BIT encoding. ([AATTjeremyevans](https://github.com/jeremyevans)) - Improve SPEC/lint relating to SERVER_NAME, SERVER_PORT and HTTP_HOST. ([#1561](https://github.com/rack/rack/pull/1561), [AATTioquatix](https://github.com/ioquatix)) [#]## Added - `rackup` supports multiple `-r` options and will require all arguments. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Server` supports an array of paths to require for the `:require` option. ([AATTkhotta](https://github.com/khotta)) - `Files` supports multipart range requests. ([AATTfatkodima](https://github.com/fatkodima)) - `Multipart::UploadedFile` supports an IO-like object instead of using the filesystem, using `:filename` and `:io` options. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Multipart::UploadedFile` supports keyword arguments `:path`, `:content_type`, and `:binary` in addition to positional arguments. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Static` supports a `:cascade` option for calling the app if there is no matching file. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Session::Abstract::SessionHash#dig`. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Response.[]` and `MockResponse.[]` for creating instances using status, headers, and body. ([AATTioquatix](https://github.com/ioquatix)) - Convenient cache and content type methods for `Rack::Response`. ([#1555](https://github.com/rack/rack/pull/1555), [AATTioquatix](https://github.com/ioquatix)) [#]## Changed - `Request#params` no longer rescues EOFError. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Directory` uses a streaming approach, significantly improving time to first byte for large directories. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Directory` no longer includes a Parent directory link in the root directory index. ([AATTjeremyevans](https://github.com/jeremyevans)) - `QueryParser#parse_nested_query` uses original backtrace when reraising exception with new class. ([AATTjeremyevans](https://github.com/jeremyevans)) - `ConditionalGet` follows RFC 7232 precedence if both If-None-Match and If-Modified-Since headers are provided. ([AATTjeremyevans](https://github.com/jeremyevans)) - `.ru` files supports the `frozen-string-literal` magic comment. ([AATTeregon](https://github.com/eregon)) - Rely on autoload to load constants instead of requiring internal files, make sure to require \'rack\' and not just \'rack/...\'. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Etag` will continue sending ETag even if the response should not be cached. ([AATThenm](https://github.com/henm)) - `Request#host_with_port` no longer includes a colon for a missing or empty port. ([AATTAlexWayfer](https://github.com/AlexWayfer)) - All handlers uses keywords arguments instead of an options hash argument. ([AATTioquatix](https://github.com/ioquatix)) - `Files` handling of range requests no longer return a body that supports `to_path`, to ensure range requests are handled correctly. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Multipart::Generator` only includes `Content-Length` for files with paths, and `Content-Disposition` `filename` if the `UploadedFile` instance has one. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Request#ssl?` is true for the `wss` scheme (secure websockets). ([AATTjeremyevans](https://github.com/jeremyevans)) - `Rack::HeaderHash` is memoized by default. ([#1549](https://github.com/rack/rack/pull/1549), [AATTioquatix](https://github.com/ioquatix)) - `Rack::Directory` allow directory traversal inside root directory. ([#1417](https://github.com/rack/rack/pull/1417), [AATTThomasSevestre](https://github.com/ThomasSevestre)) - Sort encodings by server preference. ([#1184](https://github.com/rack/rack/pull/1184), [AATTioquatix](https://github.com/ioquatix), [AATTwjordan](https://github.com/wjordan)) - Rework host/hostname/authority implementation in `Rack::Request`. `#host` and `#host_with_port` have been changed to correctly return IPv6 addresses formatted with square brackets, as defined by [RFC3986](https://tools.ietf.org/html/rfc3986#section-3.2.2). ([#1561](https://github.com/rack/rack/pull/1561), [AATTioquatix](https://github.com/ioquatix)) - `Rack::Builder` parsing options on first `#\\` line is deprecated. ([#1574](https://github.com/rack/rack/pull/1574), [AATTioquatix](https://github.com/ioquatix)) [#]## Removed - `Directory#path` as it was not used and always returned nil. ([AATTjeremyevans](https://github.com/jeremyevans)) - `BodyProxy#each` as it was only needed to work around a bug in Ruby <1.9.3. ([AATTjeremyevans](https://github.com/jeremyevans)) - `URLMap::INFINITY` and `URLMap::NEGATIVE_INFINITY`, in favor of `Float::INFINITY`. ([AATTch1c0t](https://github.com/ch1c0t)) - Deprecation of `Rack::File`. It will be deprecated again in rack 2.2 or 3.0. ([AATTrafaelfranca](https://github.com/rafaelfranca)) - Support for Ruby 2.2 as it is well past EOL. ([AATTioquatix](https://github.com/ioquatix)) - Remove `Rack::Files#response_body` as the implementation was broken. ([#1153](https://github.com/rack/rack/pull/1153), [AATTioquatix](https://github.com/ioquatix)) - Remove `SERVER_ADDR` which was never part of the original SPEC. ([#1573](https://github.com/rack/rack/pull/1573), [AATTioquatix](https://github.com/ioquatix)) [#]## Fixed - `Directory` correctly handles root paths containing glob metacharacters. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Cascade` uses a new response object for each call if initialized with no apps. ([AATTjeremyevans](https://github.com/jeremyevans)) - `BodyProxy` correctly delegates keyword arguments to the body object on Ruby 2.7+. ([AATTjeremyevans](https://github.com/jeremyevans)) - `BodyProxy#method` correctly handles methods delegated to the body object. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Request#host` and `Request#host_with_port` handle IPv6 addresses correctly. ([AATTAlexWayfer](https://github.com/AlexWayfer)) - `Lint` checks when response hijacking that `rack.hijack` is called with a valid object. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Response#write` correctly updates `Content-Length` if initialized with a body. ([AATTjeremyevans](https://github.com/jeremyevans)) - `CommonLogger` includes `SCRIPT_NAME` when logging. ([AATTErol](https://github.com/Erol)) - `Utils.parse_nested_query` correctly handles empty queries, using an empty instance of the params class instead of a hash. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Directory` correctly escapes paths in links. ([AATTyous](https://github.com/yous)) - `Request#delete_cookie` and related `Utils` methods handle `:domain` and `:path` options in same call. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Request#delete_cookie` and related `Utils` methods do an exact match on `:domain` and `:path` options. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Static` no longer adds headers when a gzipped file request has a 304 response. ([AATTchooh](https://github.com/chooh)) - `ContentLength` sets `Content-Length` response header even for bodies not responding to `to_ary`. ([AATTjeremyevans](https://github.com/jeremyevans)) - Thin handler supports options passed directly to `Thin::Controllers::Controller`. ([AATTjeremyevans](https://github.com/jeremyevans)) - WEBrick handler no longer ignores `:BindAddress` option. ([AATTjeremyevans](https://github.com/jeremyevans)) - `ShowExceptions` handles invalid POST data. ([AATTjeremyevans](https://github.com/jeremyevans)) - Basic authentication requires a password, even if the password is empty. ([AATTjeremyevans](https://github.com/jeremyevans)) - `Lint` checks response is array with 3 elements, per SPEC. ([AATTjeremyevans](https://github.com/jeremyevans)) - Support for using `:SSLEnable` option when using WEBrick handler. (Gregor Melhorn) - Close response body after buffering it when buffering. ([AATTioquatix](https://github.com/ioquatix)) - Only accept `;` as delimiter when parsing cookies. ([AATTmrageh](https://github.com/mrageh)) - `Utils::HeaderHash#clear` clears the name mapping as well. ([AATTraxoft](https://github.com/raxoft)) - Support for passing `nil` `Rack::Files.new`, which notably fixes Rails\' current `ActiveStorage::FileServer` implementation. ([AATTioquatix](https://github.com/ioquatix)) [#]## Documentation - CHANGELOG updates. ([AATTaupajo](https://github.com/aupajo)) - Added [CONTRIBUTING](CONTRIBUTING.md). ([AATTdblock](https://github.com/dblock))
* Wed Jan 29 2020 daniel.donisaAATTsuse.com- updated to version 2.1.2
* Mon Jan 27 2020 mschnitzerAATTsuse.com- updated to version 2.1.1
* Remove Rack::Chunked from Rack::Server default middleware. (#1475, AATTioquatix)
* Restore support for code relying on SessionId#to_s. (AATTjeremyevans)- non upstream changes
* removed the modification of the permissions for test/cgi/test.gz during package build since it won\'t get installed anymore.
* Thu Dec 19 2019 dkangAATTsuse.com- updated to version 2.0.8
* CVE-2019-16782: Possible information leak / session hijack vulnerability
* Sat Apr 06 2019 mschnitzerAATTsuse.com- updated to version 2.0.7 no changelog found
* Tue Nov 06 2018 mrueckertAATTsuse.de- update to 2.0.6:
* CVE-2018-16471: cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1114828)
* Mon Apr 23 2018 factory-autoAATTkulow.org- updated to version 2.0.5 see installed HISTORY.md
* Mon Apr 16 2018 mschnitzerAATTsuse.com- Only build against ruby versions 2.3.x, 2.4.x, and 2.5.x- Fix package build by removing the executable bit for \'test.gz\' file in gem
* Thu Feb 08 2018 cooloAATTsuse.com- updated to version 2.0.4 see installed HISTORY.md
* Tue Oct 31 2017 mrueckertAATTsuse.de- only build for 2.3+ from now
* Wed Jun 07 2017 mrueckertAATTsuse.de- re-add the rb_build_versions and rb_default_ruby_abi as otherwise building on older distros fails.- add ruby 2.4
* Thu Jun 01 2017 opensuse_buildserviceAATTojkastl.de- removed manual definition of rb_build_versions and rb_default_ruby_abi from gem2rpm.yml; recreated spec
* Tue May 23 2017 cooloAATTsuse.com- updated to version 2.0.3 see installed HISTORY.md
* Wed Jul 06 2016 mrueckertAATTsuse.de- make build again by only building for 2.2 and newer
* Fri Jul 01 2016 cooloAATTsuse.com- updated to version 2.0.1 see installed HISTORY.md
* Fri Jun 19 2015 cooloAATTsuse.com- updated to version 1.6.4 see installed HISTORY.md Fri Jun 19 07:14:50 2015 Matthew Draper
* Work around a Rails incompatibility in our private API
* Wed Jun 17 2015 cooloAATTsuse.com- updated to version 1.6.2 see installed HISTORY.md Fri Jun 12 11:37:41 2015 Aaron Patterson
* Prevent extremely deep parameters from being parsed. CVE-2015-3225
* Thu May 07 2015 cooloAATTsuse.com- updated to version 1.6.1 no changelog found
* Fri Feb 06 2015 cooloAATTsuse.com- updated to version 1.6.0
* Sat Nov 01 2014 tboergerAATTsuse.com- Fixed all rpmlintrc errors to prevent failing builds with multiple ruby versions
  
ICM