Gems_big

rack

1.5.2

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call. Also see http://rack.github.com/.

Critical or Security advisories for 1.5.2

This version doesn't have any advisory. Want to report one?

Critical or Security fixes for 1.5.2

You need to be logged in to view advisory details.

Login or Signup

You need to be logged in to view advisory details.

Login or Signup

Changelog for 1.5.2

* Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
* Fix CVE-2013-0262, symlink path traversal in Rack::File
* Add various methods to Session for enhanced Rails compatibility
* Request#trusted_proxy? now only matches whole stirngs
* Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns
* URLMap host matching in environments that don't set the Host header fixed
* Fix a race condition that could result in overwritten pidfiles
* Various documentation additions

Contact

Please post bugs, suggestions and patches to the bug tracker at <github.com/rack/rack/issues>.

Please post security related bugs and suggestions to the core team at <groups.google.com/group/rack-core> or rack-core@googlegroups.com. This list is not public. Due to wide usage of the library, it is strongly preferred that we manage timing in order to provide viable patches at the time of disclosure. Your assistance in this matter is greatly appreciated.

Mailing list archives are available at <groups.google.com/group/rack-devel>.

Git repository (send Git patches to the mailing list):

You are also welcome to join the #rack channel on irc.freenode.net.

Thanks

The Rack Core Team, consisting of

  • Christian Neukirchen (chneukirchen)

  • James Tucker (raggi)

  • Josh Peek (josh)

  • José Valim (josevalim)

  • Michael Fellinger (manveru)

  • Aaron Patterson (tenderlove)

  • Santiago Pastorino (spastorino)

  • Konstantin Haase (rkh)

and the Rack Alumnis

  • Ryan Tomayko (rtomayko)

  • Scytrin dai Kinthra (scytrin)

would like to thank:

  • Adrian Madrid, for the LiteSpeed handler.

  • Christoffer Sawicki, for the first Rails adapter and Rack::Deflater.

  • Tim Fletcher, for the HTTP authentication code.

  • Luc Heinrich for the Cookie sessions, the static file handler and bugfixes.

  • Armin Ronacher, for the logo and racktools.

  • Alex Beregszaszi, Alexander Kahn, Anil Wadghule, Aredridel, Ben Alpert, Dan Kubb, Daniel Roethlisberger, Matt Todd, Tom Robinson, Phil Hagelberg, S. Brent Faulkner, Bosko Milekic, Daniel Rodríguez Troitiño, Genki Takiuchi, Geoffrey Grosenbach, Julien Sanchez, Kamal Fariz Mahyuddin, Masayoshi Takahashi, Patrick Aljordm, Mig, Kazuhiro Nishiyama, Jon Bardin, Konstantin Haase, Larry Siden, Matias Korhonen, Sam Ruby, Simon Chiang, Tim Connor, Timur Batyrshin, and Zach Brock for bug fixing and other improvements.

  • Eric Wong, Hongli Lai, Jeremy Kemper for their continuous support and API improvements.

  • Yehuda Katz and Carl Lerche for refactoring rackup.

  • Brian Candler, for Rack::ContentType.

  • Graham Batty, for improved handler loading.

  • Stephen Bannasch, for bug reports and documentation.

  • Gary Wright, for proposing a better Rack::Response interface.

  • Jonathan Buch, for improvements regarding Rack::Response.

  • Armin Röhrl, for tracking down bugs in the Cookie generator.

  • Alexander Kellett for testing the Gem and reviewing the announcement.

  • Marcus Rückert, for help with configuring and debugging lighttpd.

  • The WSGI team for the well-done and documented work they’ve done and Rack builds up on.

  • All bug reporters and patch contributors not mentioned above.

Copyright (C) 2007, 2008, 2009, 2010 Christian Neukirchen <purl.org/net/chneukirchen>

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Rack

<rack.github.io/>

Official Rack repositories

<github.com/rack>

Rack Bug Tracking

<github.com/rack/rack/issues>

rack-devel mailing list

<groups.google.com/group/rack-devel>

Rack’s Rubyforge project

<rubyforge.org/projects/rack>

Christian Neukirchen

<chneukirchen.org/>

Dependencies for 1.5.2

Name Requirement Status
This version doesn't have runtime dependencies.

My projects using rack

Name Locked version Requirement
You should be logged in to see which of your projects use rack.