Navigation:
Browse pkgsrc
(this page)
www ruby-rac..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2025-11-03 07:36:52 by Takahiro Kambe | Files touched by this commit (2) |  |
Log message: www/ruby-rack: update to 3.2.4 3.2.2 (2025-10-07) Security * CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) * CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) * CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion) 3.2.3 (2025-10-10) Security * CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass. * CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion. 3.2.4 (2025-11-03) Fixed * Multipart parser: limit MIME header size check to the unread buffer region to avoid false multipart mime part header too large errors when previously read data accumulates in the scan buffer. (#2392, @alpaca-tc, @willnet, @krororo) |
| 2025-09-15 19:16:17 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: www/ruby-rack: update to 3.2.1 3.2.1 (2025-09-02) * Support streaming bodies when using Rack::Events. (#2375) |
| 2025-08-11 17:48:49 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
www/ruby-rack: update to 3.2.0
3.2.0 (2025-07-31)
This release continues Rack's evolution toward a cleaner, more efficient
foundation while maintaining backward compatibility for most applications.
The breaking changes primarily affect deprecated functionality, so most
users should experience a smooth upgrade with improved performance and
standards compliance.
SPEC Changes
* Request environment keys must now be strings. (#2310, @jeremyevans)
* Add nil as a valid return from a Response body.to_path (#2318,
[@MSP-Greg])
* Rack::Lint#check_header_value is relaxed, only disallowing CR/LF/NUL
characters. (#2354, @ioquatix)
Added
* Introduce Rack::VERSION constant. (#2199, @ioquatix)
* ISO-2022-JP encoded parts within MIME Multipart sections of an HTTP
request body will now be converted to UTF-8. (#2245, @nappa)
* Add Rack::Request#query_parser= to allow setting the query parser to
use. (#2349, @jeremyevans)
* Add Rack::Request#form_pairs to access form data as raw key-value pairs,
preserving duplicate keys. (#2351, @matthewd)
Changed
* Invalid cookie keys will now raise an error. (#2193, @ioquatix)
* Rack::MediaType#params now handles empty strings. (#2229, @jeremyevans)
* Avoid unnecessary calls to the ip_filter lambda to evaluate Request#ip
(#2287, [@willbryant])
* Only calculate Request#ip once per request (#2292, [@willbryant])
* Rack::Builder #use, #map, and #run methods now return nil. (#2355,
@ioquatix)
* Directly close the body in Rack::ConditionalGet when the response is 304
Not Modified. (#2353, @ioquatix)
* Directly close the body in Rack::Head when the request method is
HEAD(#2360, @skipkayhil)
Deprecated
* Rack::Auth::AbstractRequest#request is deprecated without
replacement. (#2229, @jeremyevans)
* Rack::Request#parse_multipart (private method designed to be overridden in
subclasses) is deprecated without replacement. (#2229, @jeremyevans)
Removed
* Rack::Request#values_at is removed. (#2200, @ioquatix)
* Rack::Logger is removed with no replacement. (#2196, @ioquatix)
* Automatic cache invalidation in Rack::Request#{GET,POST} has been
removed. (#2230, @jeremyevans)
* Support for CGI::Cookie has been removed. (#2332, @ioquatix)
Fixed
* Rack::RewindableInput::Middleware no longer wraps a nil input. (#2259,
@tt)
* Fix NoMethodError in Rack::Request#wrap_ipv6 when x-forwarded-host is
empty. (#2270, @oieioi)
* Fix the specification for SERVER_PORT which was incorrectly documented as
required to be an Integer if present - it must be a String containing
digits only. (#2296, @ioquatix)
* SERVER_NAME and HTTP_HOST are now more strictly validated according to the
relevant specifications. (#2298, @ioquatix)
* Rack::Lint now disallows PATH_INFO="" SCRIPT_NAME="". \
(#2298, @jeremyevans)
|
| 2025-06-05 16:44:52 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: www/ruby-rack: update to 3.1.16 3.1.16 (2025-06-04) * Fix ReDoS and consistency in multipart regexes [CVE-2025-49007] |
| 2025-05-18 06:14:05 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: www/ruby-rack: update to 3.1.14 3.1.13 (2025-04-13) * Ensure Rack::ETag correctly updates response body. (#2324, @ioquatix) 3.1.14 (2025-05-06) Security * CVE-2025-46727 Unbounded parameter parsing in Rack::QueryParser can lead to memory exhaustion. 3.1.15 (2025-05-18) * Optional support for CGI::Cookie if not available. (#2327, #2333, @earlopain) |
| 2025-03-16 16:09:45 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: www/ruby-rack: update to 3.1.12 3.1.12 (2025-03-11) Security * CVE-2025-27610 Local file inclusion in Rack::Static. |
| 2025-03-04 15:41:56 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: www/ruby-rack: update to 3.1.11 3.1.11 (2025-03-04) Security * CVE-2025-27111 Possible Log Injection in Rack::Sendfile. |
| 2025-02-23 16:15:30 by Takahiro Kambe | Files touched by this commit (2) | |
Log message: www/ruby-rack: update to 3.1.10 3.1.10 (2025-02-12) Security * CVE-2025-25184 Possible Log Injection in Rack::CommonLogger. |
New packages: