Sourced from sinatra's changelog.
\n\n\n3.1.0 / 2023-08-07
\n\n
\n- \n
\nNew: Add sass support via sass-embedded #1911 by なつき
\n- \n
\nNew: Add start and stop callbacks #1913 by Jevin Sew
\n- \n
\nNew: Warn on dropping sessions #1900 by Jonathan del Strother
\n- \n
\nNew: Make Puma the default server #1924 by Patrik Ragnarsson
\n- \n
\nFix: Remove use of Tilt::Cache #1922 by Jeremy Evans (allows use of Tilt 2.2.0 without deprecation warning)
\n- \n
\nFix: rack-protection: specify rack version requirement #1932 by Patrik Ragnarsson
\n#1911: sinatra/sinatra#1911\n#1913: sinatra/sinatra#1913\n#1900: sinatra/sinatra#1900\n#1924: sinatra/sinatra#1924\n#1922: sinatra/sinatra#1922\n#1932: sinatra/sinatra#1932
\n3.0.6 / 2023-04-11
\n\n
\n- \n
\nFix: Add support to keep open streaming connections with Puma #1858 by Jordan Owens
\n- \n
\nFix: Avoid crash in
\nurihelper on Integer input #1890 by Patrik Ragnarsson- \n
\nFix: Rescue
\nRuntimeErrorwhen trying to useSecureRandom#1888 by Stefan Sundin3.0.5 / 2022-12-16
\n\n
\n- \n
\nFix: Add Zeitwerk compatibility. #1831 by Dawid Janczak
\n- \n
\nFix: Allow CALLERS_TO_IGNORE to be overridden
\n3.0.4 / 2022-11-25
\n\n
\n- Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai
\n3.0.3 / 2022-11-11
\n\n
\n- Fix: fixed ReDoS for Rack::Protection::IPSpoofing. #1823 by
\n@ooooooo-q3.0.2 / 2022-10-01
\n\n
\n- New: Add Haml 6 support. #1820 by Jordan Owens
\n3.0.1 / 2022-09-26
\n\n
\n\n- Fix: Revert removal of rack-protection.rb. #1814 by Olle Jonsson
\n
... (truncated)
\na182dca 3.1.0 release (#1935)ae6bd6f CI: Always allow notify job to fail (#1934)1fc37fe Mitigate gem build warning from RubyGems9c95cf9 Have git ignore *.gem files7018ab7 rack-protection: specify rack version requirement (#1932)2d6af28 Warn on dropping sessions (#1900)fa60779 Use Minitest instead of MiniTest (#1931)3fe6297 Add start and stop callbacks (#1913)6d8f180 Make CI pass on Ruby 2.6 (#1928)5f4dde1 Add sass support via sass-embedded (#1911)Sourced from nokogiri's releases.
\n\n\n1.15.5 / 2023-11-17
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6
\n- [CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39
\n
\nsha256 checksums:
\n\n6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7 nokogiri-1.15.5-aarch64-linux.gem\ne3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f nokogiri-1.15.5-arm-linux.gem\n4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40 nokogiri-1.15.5-arm64-darwin.gem\n5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe nokogiri-1.15.5-java.gem\n7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2 nokogiri-1.15.5-x64-mingw-ucrt.gem\n28fd78d98e12005fe017db5ceccb74b2497f30582e6e26a3344200625fe46aae nokogiri-1.15.5-x64-mingw32.gem\n0d1b564d7f148a6766380966bb48b23afa72c72c992c69c71d21acd4a7f5c0e4 nokogiri-1.15.5-x86-linux.gem\nd27dbf44c19b83e570e65b660a8a921441d1e8b6063ab1b985b516f78e0a2854 nokogiri-1.15.5-x86-mingw32.gem\n10bafa54935f68aebd23235cb0fc7dfb8f6f5e52131379484771247eb3a0cc70 nokogiri-1.15.5-x86_64-darwin.gem\nc5d9453cc155dc15f08ac699cc1293fd994ec6cfacec48e67653aa95ee946adf nokogiri-1.15.5-x86_64-linux.gem\n22448ca35dbcbdcec60dbe25ccf452b685a5436c28f21b2fec2e20917aba9100 nokogiri-1.15.5.gem\n1.15.4 / 2023-08-11
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5
\nFixed
\n\n
\n- Fixed a typo in a HTML5 parser error message. [#2927] (Thanks,
\n@anishathalye!)- [CRuby]
\nObjectSpace.memsize_ofis now safe to call onDocuments with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
\nsha256 checksums:
\n\n14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8 nokogiri-1.15.4-aarch64-linux.gem\n572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855 nokogiri-1.15.4-arm-linux.gem\n707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9 nokogiri-1.15.4-arm64-darwin.gem\n04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92 nokogiri-1.15.4-java.gem\na0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1 nokogiri-1.15.4-x64-mingw-ucrt.gem\nb9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba nokogiri-1.15.4-x64-mingw32.gem\n</tr></table> \n
... (truncated)
\nSourced from nokogiri's changelog.
\n\n\n1.15.5 / 2023-11-17
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6
\n- [CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39
\n1.15.4 / 2023-08-11
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5
\nFixed
\n\n
\n- Fixed a typo in a HTML5 parser error message. #2927 (
\n@anishathalye)- [CRuby]
\nObjectSpace.memsize_ofis now safe to call onDocuments with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]1.15.3 / 2023-07-05
\nFixed
\n\n
\n- Passing an object that is not a kind of
\nXML::Nodeas the first parameter toCDATA.newnow raises aTypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920- Passing an object that is not a kind of
\nXML::Nodeas the first parameter toSchema.from_documentnow raises aTypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920- [CRuby] Passing an object that is not a kind of
\nXML::Nodeas the second parameter toText.newnow raises aTypeError. Previously this would result in a segfault. #2920- [CRuby] Replacing a node's children via methods like
\nNode#inner_html=,#children=, and#replaceno longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involvingxmlAddChild(). #2916- [JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, #2895] (
\n@cbasguti)1.15.2 / 2023-05-24
\nDependencies
\n\n
\n- [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.
\nFixed
\n\n
\n- [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. #2887
\n1.15.1 / 2023-05-19
\nDependencies
\n\n
\n\n- [CRuby] Vendored libxml2 is updated to v2.11.4 from v2.11.3. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4
\n
... (truncated)
\n5745d4b version bump to v1.15.5da2d908 ci: add ruby version to vendored libs cache key (backport) (#3029)0f56450 ci: add ruby version to vendored libs cache key (#3028)32b2c35 dep: update libxml to 2.11.5 and libxslt to 1.1.39 (v1.15.x) (#3025)b8f7e16 ci: skip the BSD builds for nowaa3208b dep: update libxml to 2.11.5 and libxslt to 1.1.39141c2ac doc(fix): correct :nodoc:1aee13d version bump to v1.15.4769faec backport updates and fixes to v1.15.x (#2953)8460bfe dep: update libxml2 to v2.11.5Sourced from rack's releases.
\n\n\nv3.0.9.1
\nWhat's Changed
\n\n
\n- Fixed ReDoS in Accept header parsing [CVE-2024-26146]
\n- Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
\n- Reject Range headers which are too large [CVE-2024-26141]
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1
\nv3.0.9
\nWhat's Changed
\n\n
\n- Fix content-length calcuation in Rack:Response#write #2150
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.8...v3.0.9
\nv3.0.8
\nWhat's Changed
\n\n
\n- Backport "Fix some unused variable verbose warnings" by
\n@skipkayhilin rack/rack#2084New Contributors
\n\n
\n- \n
@skipkayhilmade their first contribution in rack/rack#2084Full Changelog: https://github.com/rack/rack/compare/v3.0.7...v3.0.8
\nv3.0.7
\nWhat's Changed
\n\n
\n- Backport "Make query parameters without = have nil values". by
\n@jeremyevansin rack/rack#2060Full Changelog: https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7
\nv3.0.6.1
\nNo release notes provided.
\nv3.0.4.1
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1
\nv3.0.4
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.3...v3.0.4
\nv3.0.3
\nWhat's Changed
\n\n
\n- Release v3.0.3 by
\n@ioquatixin rack/rack#2000Full Changelog: https://github.com/rack/rack/compare/v3.0.2...v3.0.3
\nv3.0.2
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.1...v3.0.2
\n
Sourced from rack's changelog.
\n\n\nChangelog
\nAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.
\nUnreleased
\nSPEC Changes
\n\n
\n- \n
rack.inputis now optional. (#1997, [@ioquatix])- \n
Rack::Utils.escape_htmlis now delegated toCGI.escapeHTML.'is escaped to[#39](https://github.com/rack/rack/issues/39);instead of#x27;. (decimal vs hexadecimal) (#2099,@JunichiIto)Changed
\n\n
\n- \n
rack.inputis now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@ioquatix])- Introduce
\nmodule Rack::BadRequestwhich is included in multipart and query parser errors. (#2019, [@ioquatix])- MIME type for JavaScript files (
\n.js) changed fromapplication/javascripttotext/javascript(1bd0f15)- Add
\n.mjsMIME type (#2057, [@axilleas])- Update MIME types associated to
\n.ttf,.woff,.woff2and.otfextensions to use mondernfont/*types. (#2065, [@davidstosik])- \n
set_cookie_headerutility now supports thepartitionedcookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@flavio-b])- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [
\n@wtn])- Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [
\n@wtn])[3.0.9] - 2024-01-31
\n\n
\n- Fix incorrect content-length header that was emitted when
\nRack::Response#writewas used in some situations. (#2150, [@mattbrictson])[3.0.8] - 2023-06-14
\n\n
\n- Fix some unused variable verbose warnings. (#2084, [
\n@jeremyevans],@skipkayhil)[3.0.7] - 2023-03-16
\n\n
\n- Make query parameters without
\n=havenilvalues. (#2059, [@jeremyevans])[3.0.6.1] - 2023-03-13
\n\n
\n- [CVE-2023-27539] Avoid ReDoS in header parsing
\n[3.0.6] - 2023-03-13
\n\n
\n- Add
\nQueryParser#missing_valuefor handling missing values + tests. (#2052, [@ioquatix])[3.0.5] - 2023-03-13
\n\n
\n- Split form/query parsing into two steps. (#2038,
\n@matthewd)[3.0.4.2] - 2023-03-02
\n\n
\n\n- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
\n
... (truncated)
\na4bc5e0 bump version6efb2ce Avoid 2nd degree polynomial regexp in MediaType4849132 Return an empty array when ranges are too largea227cd7 Fixing ReDoS in header parsing0b3f997 Bump patch version.d3d415e Update Ruby versions for external tests: drop v2.7 and add v3.2 and v3.3. (#2...c8b977f Fix content-length calcuation in Rack:Response#write (#2150)8d1bf99 Update CHANGELOG for 3.0.8 (#2086)d28c464 Bump patch verison.32736d2 Fix some unused variable verbose warnings (#2084)Sourced from nokogiri's releases.
\n\n\n1.15.5 / 2023-11-17
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6
\n- [CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39
\n
\nsha256 checksums:
\n\n6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7 nokogiri-1.15.5-aarch64-linux.gem\ne3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f nokogiri-1.15.5-arm-linux.gem\n4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40 nokogiri-1.15.5-arm64-darwin.gem\n5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe nokogiri-1.15.5-java.gem\n7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2 nokogiri-1.15.5-x64-mingw-ucrt.gem\n28fd78d98e12005fe017db5ceccb74b2497f30582e6e26a3344200625fe46aae nokogiri-1.15.5-x64-mingw32.gem\n0d1b564d7f148a6766380966bb48b23afa72c72c992c69c71d21acd4a7f5c0e4 nokogiri-1.15.5-x86-linux.gem\nd27dbf44c19b83e570e65b660a8a921441d1e8b6063ab1b985b516f78e0a2854 nokogiri-1.15.5-x86-mingw32.gem\n10bafa54935f68aebd23235cb0fc7dfb8f6f5e52131379484771247eb3a0cc70 nokogiri-1.15.5-x86_64-darwin.gem\nc5d9453cc155dc15f08ac699cc1293fd994ec6cfacec48e67653aa95ee946adf nokogiri-1.15.5-x86_64-linux.gem\n22448ca35dbcbdcec60dbe25ccf452b685a5436c28f21b2fec2e20917aba9100 nokogiri-1.15.5.gem\n1.15.4 / 2023-08-11
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5
\nFixed
\n\n
\n- Fixed a typo in a HTML5 parser error message. [#2927] (Thanks,
\n@anishathalye!)- [CRuby]
\nObjectSpace.memsize_ofis now safe to call onDocuments with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
\nsha256 checksums:
\n\n14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8 nokogiri-1.15.4-aarch64-linux.gem\n572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855 nokogiri-1.15.4-arm-linux.gem\n707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9 nokogiri-1.15.4-arm64-darwin.gem\n04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92 nokogiri-1.15.4-java.gem\na0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1 nokogiri-1.15.4-x64-mingw-ucrt.gem\nb9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba nokogiri-1.15.4-x64-mingw32.gem\n</tr></table> \n
... (truncated)
\nSourced from nokogiri's changelog.
\n\n\n1.15.5 / 2023-11-17
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6
\n- [CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39
\n1.15.4 / 2023-08-11
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5
\nFixed
\n\n
\n- Fixed a typo in a HTML5 parser error message. #2927 (
\n@anishathalye)- [CRuby]
\nObjectSpace.memsize_ofis now safe to call onDocuments with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]1.15.3 / 2023-07-05
\nFixed
\n\n
\n- Passing an object that is not a kind of
\nXML::Nodeas the first parameter toCDATA.newnow raises aTypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920- Passing an object that is not a kind of
\nXML::Nodeas the first parameter toSchema.from_documentnow raises aTypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920- [CRuby] Passing an object that is not a kind of
\nXML::Nodeas the second parameter toText.newnow raises aTypeError. Previously this would result in a segfault. #2920- [CRuby] Replacing a node's children via methods like
\nNode#inner_html=,#children=, and#replaceno longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involvingxmlAddChild(). #2916- [JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, #2895] (
\n@cbasguti)1.15.2 / 2023-05-24
\nDependencies
\n\n
\n- [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.
\nFixed
\n\n
\n- [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. #2887
\n1.15.1 / 2023-05-19
\nDependencies
\n\n
\n\n- [CRuby] Vendored libxml2 is updated to v2.11.4 from v2.11.3. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4
\n
... (truncated)
\n5745d4b version bump to v1.15.5da2d908 ci: add ruby version to vendored libs cache key (backport) (#3029)0f56450 ci: add ruby version to vendored libs cache key (#3028)32b2c35 dep: update libxml to 2.11.5 and libxslt to 1.1.39 (v1.15.x) (#3025)b8f7e16 ci: skip the BSD builds for nowaa3208b dep: update libxml to 2.11.5 and libxslt to 1.1.39141c2ac doc(fix): correct :nodoc:1aee13d version bump to v1.15.4769faec backport updates and fixes to v1.15.x (#2953)8460bfe dep: update libxml2 to v2.11.5Sourced from rack's releases.
\n\n\nv3.0.9.1
\nWhat's Changed
\n\n
\n- Fixed ReDoS in Accept header parsing [CVE-2024-26146]
\n- Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
\n- Reject Range headers which are too large [CVE-2024-26141]
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1
\nv3.0.9
\nWhat's Changed
\n\n
\n- Fix content-length calcuation in Rack:Response#write #2150
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.8...v3.0.9
\nv3.0.8
\nWhat's Changed
\n\n
\n- Backport "Fix some unused variable verbose warnings" by
\n@skipkayhilin rack/rack#2084New Contributors
\n\n
\n- \n
@skipkayhilmade their first contribution in rack/rack#2084Full Changelog: https://github.com/rack/rack/compare/v3.0.7...v3.0.8
\nv3.0.7
\nWhat's Changed
\n\n
\n- Backport "Make query parameters without = have nil values". by
\n@jeremyevansin rack/rack#2060Full Changelog: https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7
\nv3.0.6.1
\nNo release notes provided.
\nv3.0.4.1
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1
\nv3.0.4
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.3...v3.0.4
\nv3.0.3
\nWhat's Changed
\n\n
\n- Release v3.0.3 by
\n@ioquatixin rack/rack#2000Full Changelog: https://github.com/rack/rack/compare/v3.0.2...v3.0.3
\nv3.0.2
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.1...v3.0.2
\n
Sourced from rack's changelog.
\n\n\nChangelog
\nAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.
\nUnreleased
\nSPEC Changes
\n\n
\n- \n
rack.inputis now optional. (#1997, [@ioquatix])- \n
Rack::Utils.escape_htmlis now delegated toCGI.escapeHTML.'is escaped to[#39](https://github.com/rack/rack/issues/39);instead of#x27;. (decimal vs hexadecimal) (#2099,@JunichiIto)Changed
\n\n
\n- \n
rack.inputis now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@ioquatix])- Introduce
\nmodule Rack::BadRequestwhich is included in multipart and query parser errors. (#2019, [@ioquatix])- MIME type for JavaScript files (
\n.js) changed fromapplication/javascripttotext/javascript(1bd0f15)- Add
\n.mjsMIME type (#2057, [@axilleas])- Update MIME types associated to
\n.ttf,.woff,.woff2and.otfextensions to use mondernfont/*types. (#2065, [@davidstosik])- \n
set_cookie_headerutility now supports thepartitionedcookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@flavio-b])- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [
\n@wtn])- Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [
\n@wtn])[3.0.9] - 2024-01-31
\n\n
\n- Fix incorrect content-length header that was emitted when
\nRack::Response#writewas used in some situations. (#2150, [@mattbrictson])[3.0.8] - 2023-06-14
\n\n
\n- Fix some unused variable verbose warnings. (#2084, [
\n@jeremyevans],@skipkayhil)[3.0.7] - 2023-03-16
\n\n
\n- Make query parameters without
\n=havenilvalues. (#2059, [@jeremyevans])[3.0.6.1] - 2023-03-13
\n\n
\n- [CVE-2023-27539] Avoid ReDoS in header parsing
\n[3.0.6] - 2023-03-13
\n\n
\n- Add
\nQueryParser#missing_valuefor handling missing values + tests. (#2052, [@ioquatix])[3.0.5] - 2023-03-13
\n\n
\n- Split form/query parsing into two steps. (#2038,
\n@matthewd)[3.0.4.2] - 2023-03-02
\n\n
\n\n- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
\n
... (truncated)
\na4bc5e0 bump version6efb2ce Avoid 2nd degree polynomial regexp in MediaType4849132 Return an empty array when ranges are too largea227cd7 Fixing ReDoS in header parsing0b3f997 Bump patch version.d3d415e Update Ruby versions for external tests: drop v2.7 and add v3.2 and v3.3. (#2...c8b977f Fix content-length calcuation in Rack:Response#write (#2150)8d1bf99 Update CHANGELOG for 3.0.8 (#2086)d28c464 Bump patch verison.32736d2 Fix some unused variable verbose warnings (#2084)Sourced from sinatra's changelog.
\n\n\n3.1.0 / 2023-08-07
\n\n
\n- \n
\nNew: Add sass support via sass-embedded #1911 by なつき
\n- \n
\nNew: Add start and stop callbacks #1913 by Jevin Sew
\n- \n
\nNew: Warn on dropping sessions #1900 by Jonathan del Strother
\n- \n
\nNew: Make Puma the default server #1924 by Patrik Ragnarsson
\n- \n
\nFix: Remove use of Tilt::Cache #1922 by Jeremy Evans (allows use of Tilt 2.2.0 without deprecation warning)
\n- \n
\nFix: rack-protection: specify rack version requirement #1932 by Patrik Ragnarsson
\n#1911: sinatra/sinatra#1911\n#1913: sinatra/sinatra#1913\n#1900: sinatra/sinatra#1900\n#1924: sinatra/sinatra#1924\n#1922: sinatra/sinatra#1922\n#1932: sinatra/sinatra#1932
\n3.0.6 / 2023-04-11
\n\n
\n- \n
\nFix: Add support to keep open streaming connections with Puma #1858 by Jordan Owens
\n- \n
\nFix: Avoid crash in
\nurihelper on Integer input #1890 by Patrik Ragnarsson- \n
\nFix: Rescue
\nRuntimeErrorwhen trying to useSecureRandom#1888 by Stefan Sundin3.0.5 / 2022-12-16
\n\n
\n- \n
\nFix: Add Zeitwerk compatibility. #1831 by Dawid Janczak
\n- \n
\nFix: Allow CALLERS_TO_IGNORE to be overridden
\n3.0.4 / 2022-11-25
\n\n
\n- Fix: Escape filename in the Content-Disposition header. #1841 by Kunpei Sakai
\n3.0.3 / 2022-11-11
\n\n
\n- Fix: fixed ReDoS for Rack::Protection::IPSpoofing. #1823 by
\n@ooooooo-q3.0.2 / 2022-10-01
\n\n
\n- New: Add Haml 6 support. #1820 by Jordan Owens
\n3.0.1 / 2022-09-26
\n\n
\n\n- Fix: Revert removal of rack-protection.rb. #1814 by Olle Jonsson
\n
... (truncated)
\na182dca 3.1.0 release (#1935)ae6bd6f CI: Always allow notify job to fail (#1934)1fc37fe Mitigate gem build warning from RubyGems9c95cf9 Have git ignore *.gem files7018ab7 rack-protection: specify rack version requirement (#1932)2d6af28 Warn on dropping sessions (#1900)fa60779 Use Minitest instead of MiniTest (#1931)3fe6297 Add start and stop callbacks (#1913)6d8f180 Make CI pass on Ruby 2.6 (#1928)5f4dde1 Add sass support via sass-embedded (#1911)Sourced from nokogiri's releases.
\n\n\n1.15.5 / 2023-11-17
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6
\n- [CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39
\n
\nsha256 checksums:
\n\n6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7 nokogiri-1.15.5-aarch64-linux.gem\ne3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f nokogiri-1.15.5-arm-linux.gem\n4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40 nokogiri-1.15.5-arm64-darwin.gem\n5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe nokogiri-1.15.5-java.gem\n7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2 nokogiri-1.15.5-x64-mingw-ucrt.gem\n28fd78d98e12005fe017db5ceccb74b2497f30582e6e26a3344200625fe46aae nokogiri-1.15.5-x64-mingw32.gem\n0d1b564d7f148a6766380966bb48b23afa72c72c992c69c71d21acd4a7f5c0e4 nokogiri-1.15.5-x86-linux.gem\nd27dbf44c19b83e570e65b660a8a921441d1e8b6063ab1b985b516f78e0a2854 nokogiri-1.15.5-x86-mingw32.gem\n10bafa54935f68aebd23235cb0fc7dfb8f6f5e52131379484771247eb3a0cc70 nokogiri-1.15.5-x86_64-darwin.gem\nc5d9453cc155dc15f08ac699cc1293fd994ec6cfacec48e67653aa95ee946adf nokogiri-1.15.5-x86_64-linux.gem\n22448ca35dbcbdcec60dbe25ccf452b685a5436c28f21b2fec2e20917aba9100 nokogiri-1.15.5.gem\n1.15.4 / 2023-08-11
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5
\nFixed
\n\n
\n- Fixed a typo in a HTML5 parser error message. [#2927] (Thanks,
\n@anishathalye!)- [CRuby]
\nObjectSpace.memsize_ofis now safe to call onDocuments with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
\nsha256 checksums:
\n\n14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8 nokogiri-1.15.4-aarch64-linux.gem\n572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855 nokogiri-1.15.4-arm-linux.gem\n707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9 nokogiri-1.15.4-arm64-darwin.gem\n04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92 nokogiri-1.15.4-java.gem\na0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1 nokogiri-1.15.4-x64-mingw-ucrt.gem\nb9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba nokogiri-1.15.4-x64-mingw32.gem\n</tr></table> \n
... (truncated)
\nSourced from nokogiri's changelog.
\n\n\n1.15.5 / 2023-11-17
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6
\n- [CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39
\n1.15.4 / 2023-08-11
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5
\nFixed
\n\n
\n- Fixed a typo in a HTML5 parser error message. #2927 (
\n@anishathalye)- [CRuby]
\nObjectSpace.memsize_ofis now safe to call onDocuments with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]1.15.3 / 2023-07-05
\nFixed
\n\n
\n- Passing an object that is not a kind of
\nXML::Nodeas the first parameter toCDATA.newnow raises aTypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920- Passing an object that is not a kind of
\nXML::Nodeas the first parameter toSchema.from_documentnow raises aTypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920- [CRuby] Passing an object that is not a kind of
\nXML::Nodeas the second parameter toText.newnow raises aTypeError. Previously this would result in a segfault. #2920- [CRuby] Replacing a node's children via methods like
\nNode#inner_html=,#children=, and#replaceno longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involvingxmlAddChild(). #2916- [JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, #2895] (
\n@cbasguti)1.15.2 / 2023-05-24
\nDependencies
\n\n
\n- [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.
\nFixed
\n\n
\n- [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. #2887
\n1.15.1 / 2023-05-19
\nDependencies
\n\n
\n\n- [CRuby] Vendored libxml2 is updated to v2.11.4 from v2.11.3. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4
\n
... (truncated)
\n5745d4b version bump to v1.15.5da2d908 ci: add ruby version to vendored libs cache key (backport) (#3029)0f56450 ci: add ruby version to vendored libs cache key (#3028)32b2c35 dep: update libxml to 2.11.5 and libxslt to 1.1.39 (v1.15.x) (#3025)b8f7e16 ci: skip the BSD builds for nowaa3208b dep: update libxml to 2.11.5 and libxslt to 1.1.39141c2ac doc(fix): correct :nodoc:1aee13d version bump to v1.15.4769faec backport updates and fixes to v1.15.x (#2953)8460bfe dep: update libxml2 to v2.11.5Sourced from rack's releases.
\n\n\nv3.0.9.1
\nWhat's Changed
\n\n
\n- Fixed ReDoS in Accept header parsing [CVE-2024-26146]
\n- Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
\n- Reject Range headers which are too large [CVE-2024-26141]
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1
\nv3.0.9
\nWhat's Changed
\n\n
\n- Fix content-length calcuation in Rack:Response#write #2150
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.8...v3.0.9
\nv3.0.8
\nWhat's Changed
\n\n
\n- Backport "Fix some unused variable verbose warnings" by
\n@skipkayhilin rack/rack#2084New Contributors
\n\n
\n- \n
@skipkayhilmade their first contribution in rack/rack#2084Full Changelog: https://github.com/rack/rack/compare/v3.0.7...v3.0.8
\nv3.0.7
\nWhat's Changed
\n\n
\n- Backport "Make query parameters without = have nil values". by
\n@jeremyevansin rack/rack#2060Full Changelog: https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7
\nv3.0.6.1
\nNo release notes provided.
\nv3.0.4.1
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1
\nv3.0.4
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.3...v3.0.4
\nv3.0.3
\nWhat's Changed
\n\n
\n- Release v3.0.3 by
\n@ioquatixin rack/rack#2000Full Changelog: https://github.com/rack/rack/compare/v3.0.2...v3.0.3
\nv3.0.2
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.1...v3.0.2
\n
Sourced from rack's changelog.
\n\n\nChangelog
\nAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.
\nUnreleased
\nSPEC Changes
\n\n
\n- \n
rack.inputis now optional. (#1997, [@ioquatix])- \n
Rack::Utils.escape_htmlis now delegated toCGI.escapeHTML.'is escaped to[#39](https://github.com/rack/rack/issues/39);instead of#x27;. (decimal vs hexadecimal) (#2099,@JunichiIto)Changed
\n\n
\n- \n
rack.inputis now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@ioquatix])- Introduce
\nmodule Rack::BadRequestwhich is included in multipart and query parser errors. (#2019, [@ioquatix])- MIME type for JavaScript files (
\n.js) changed fromapplication/javascripttotext/javascript(1bd0f15)- Add
\n.mjsMIME type (#2057, [@axilleas])- Update MIME types associated to
\n.ttf,.woff,.woff2and.otfextensions to use mondernfont/*types. (#2065, [@davidstosik])- \n
set_cookie_headerutility now supports thepartitionedcookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@flavio-b])- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [
\n@wtn])- Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [
\n@wtn])- In
\nRack::Files, ignore theRangeheader if served file is 0 bytes. (#2159, [@zarqman])[3.0.9] - 2024-01-31
\n\n
\n- Fix incorrect content-length header that was emitted when
\nRack::Response#writewas used in some situations. (#2150, [@mattbrictson])[3.0.8] - 2023-06-14
\n\n
\n- Fix some unused variable verbose warnings. (#2084, [
\n@jeremyevans],@skipkayhil)[3.0.7] - 2023-03-16
\n\n
\n- Make query parameters without
\n=havenilvalues. (#2059, [@jeremyevans])[3.0.6.1] - 2023-03-13
\n\n
\n- [CVE-2023-27539] Avoid ReDoS in header parsing
\n[3.0.6] - 2023-03-13
\n\n
\n- Add
\nQueryParser#missing_valuefor handling missing values + tests. (#2052, [@ioquatix])[3.0.5] - 2023-03-13
\n\n
\n- Split form/query parsing into two steps. (#2038,
\n@matthewd)[3.0.4.2] - 2023-03-02
\n\n
\n\n- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
\n
... (truncated)
\na4bc5e0 bump version6efb2ce Avoid 2nd degree polynomial regexp in MediaType4849132 Return an empty array when ranges are too largea227cd7 Fixing ReDoS in header parsing0b3f997 Bump patch version.d3d415e Update Ruby versions for external tests: drop v2.7 and add v3.2 and v3.3. (#2...c8b977f Fix content-length calcuation in Rack:Response#write (#2150)8d1bf99 Update CHANGELOG for 3.0.8 (#2086)d28c464 Bump patch verison.32736d2 Fix some unused variable verbose warnings (#2084)Sourced from nokogiri's releases.
\n\n\n1.15.5 / 2023-11-17
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6
\n- [CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39
\n
\nsha256 checksums:
\n\n6dfa1d9837ddb233e234d56e244560ab1bc545d3d1744478060e18691f44ded7 nokogiri-1.15.5-aarch64-linux.gem\ne3ac6608c6e1714bc11ff04e29a43fedf4cac2aea1bd88256cc3b927c06f347f nokogiri-1.15.5-arm-linux.gem\n4d7b15d53c0397d131376a19875aa97dd1c8b404c2c03bd2171f9b77e9592d40 nokogiri-1.15.5-arm64-darwin.gem\n5f87e71aaeb4f7479b94698737a0aacea77836b4805c7433b655e9565bd56cfe nokogiri-1.15.5-java.gem\n7612be800909ae51e0a7cfbe1f768757857a9ff0339686814ca67d9bae271ca2 nokogiri-1.15.5-x64-mingw-ucrt.gem\n28fd78d98e12005fe017db5ceccb74b2497f30582e6e26a3344200625fe46aae nokogiri-1.15.5-x64-mingw32.gem\n0d1b564d7f148a6766380966bb48b23afa72c72c992c69c71d21acd4a7f5c0e4 nokogiri-1.15.5-x86-linux.gem\nd27dbf44c19b83e570e65b660a8a921441d1e8b6063ab1b985b516f78e0a2854 nokogiri-1.15.5-x86-mingw32.gem\n10bafa54935f68aebd23235cb0fc7dfb8f6f5e52131379484771247eb3a0cc70 nokogiri-1.15.5-x86_64-darwin.gem\nc5d9453cc155dc15f08ac699cc1293fd994ec6cfacec48e67653aa95ee946adf nokogiri-1.15.5-x86_64-linux.gem\n22448ca35dbcbdcec60dbe25ccf452b685a5436c28f21b2fec2e20917aba9100 nokogiri-1.15.5.gem\n1.15.4 / 2023-08-11
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5
\nFixed
\n\n
\n- Fixed a typo in a HTML5 parser error message. [#2927] (Thanks,
\n@anishathalye!)- [CRuby]
\nObjectSpace.memsize_ofis now safe to call onDocuments with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]
\nsha256 checksums:
\n\n14091a07e07045a440213f7d5ced732fa7654ae8b6c7d180137f4124c5284ab8 nokogiri-1.15.4-aarch64-linux.gem\n572ddc19934d010e98821a946d89462ae66b310fecc3fe12c48b0025c2f76855 nokogiri-1.15.4-arm-linux.gem\n707288e293f4fc82a008f90b7ba0180d9f803f6a239a13e424378fedf8cf93e9 nokogiri-1.15.4-arm64-darwin.gem\n04745925f63af61144eccef38a703928629cf97c34dbb1c42e3def17ac77ec92 nokogiri-1.15.4-java.gem\na0bfb65461a0453afed1a41b235fe84d5b9c7f4d70afd45f0dc2fdec8909faf1 nokogiri-1.15.4-x64-mingw-ucrt.gem\nb9d01b9202e33cc23d19b2c1fc18ff4029cdda9b4f937a4baaefd4124a2158ba nokogiri-1.15.4-x64-mingw32.gem\n</tr></table> \n
... (truncated)
\nSourced from nokogiri's changelog.
\n\n\n1.15.5 / 2023-11-17
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.6 from v2.11.5. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.6
\n- [CRuby] Vendored libxslt is updated to v1.1.39 from v1.1.38. For details please see https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.39
\n1.15.4 / 2023-08-11
\nDependencies
\n\n
\n- [CRuby] Vendored libxml2 is updated to v2.11.5 from v2.11.4. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.5
\nFixed
\n\n
\n- Fixed a typo in a HTML5 parser error message. #2927 (
\n@anishathalye)- [CRuby]
\nObjectSpace.memsize_ofis now safe to call onDocuments with complex DTDs. In previous versions, this debugging method could result in a segfault. [#2923, #2924]1.15.3 / 2023-07-05
\nFixed
\n\n
\n- Passing an object that is not a kind of
\nXML::Nodeas the first parameter toCDATA.newnow raises aTypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920- Passing an object that is not a kind of
\nXML::Nodeas the first parameter toSchema.from_documentnow raises aTypeError. Previously this would result in either a segfault (CRuby) or a Java exception (JRuby). #2920- [CRuby] Passing an object that is not a kind of
\nXML::Nodeas the second parameter toText.newnow raises aTypeError. Previously this would result in a segfault. #2920- [CRuby] Replacing a node's children via methods like
\nNode#inner_html=,#children=, and#replaceno longer defensively dups the node's next sibling if it is a Text node. This behavior was originally adopted to work around libxml2's memory management (see #283 and #595) but should not have included operations involvingxmlAddChild(). #2916- [JRuby] Fixed NPE when serializing an unparented HTML node. [#2559, #2895] (
\n@cbasguti)1.15.2 / 2023-05-24
\nDependencies
\n\n
\n- [JRuby] Vendored org.nokogiri:nekodtd is updated to v0.1.11.noko2. This is functionally equivalent to v0.1.11.noko1 but restores support for Java 8.
\nFixed
\n\n
\n- [JRuby] Java 8 support is restored, fixing a regression present in v1.14.0..v1.14.4 and v1.15.0..v1.15.1. #2887
\n1.15.1 / 2023-05-19
\nDependencies
\n\n
\n\n- [CRuby] Vendored libxml2 is updated to v2.11.4 from v2.11.3. For details please see https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.4
\n
... (truncated)
\n5745d4b version bump to v1.15.5da2d908 ci: add ruby version to vendored libs cache key (backport) (#3029)0f56450 ci: add ruby version to vendored libs cache key (#3028)32b2c35 dep: update libxml to 2.11.5 and libxslt to 1.1.39 (v1.15.x) (#3025)b8f7e16 ci: skip the BSD builds for nowaa3208b dep: update libxml to 2.11.5 and libxslt to 1.1.39141c2ac doc(fix): correct :nodoc:1aee13d version bump to v1.15.4769faec backport updates and fixes to v1.15.x (#2953)8460bfe dep: update libxml2 to v2.11.5Sourced from rack's releases.
\n\n\nv3.0.9.1
\nWhat's Changed
\n\n
\n- Fixed ReDoS in Accept header parsing [CVE-2024-26146]
\n- Fixed ReDoS in Content Type header parsing [CVE-2024-25126]
\n- Reject Range headers which are too large [CVE-2024-26141]
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.9...v3.0.9.1
\nv3.0.9
\nWhat's Changed
\n\n
\n- Fix content-length calcuation in Rack:Response#write #2150
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.8...v3.0.9
\nv3.0.8
\nWhat's Changed
\n\n
\n- Backport "Fix some unused variable verbose warnings" by
\n@skipkayhilin rack/rack#2084New Contributors
\n\n
\n- \n
@skipkayhilmade their first contribution in rack/rack#2084Full Changelog: https://github.com/rack/rack/compare/v3.0.7...v3.0.8
\nv3.0.7
\nWhat's Changed
\n\n
\n- Backport "Make query parameters without = have nil values". by
\n@jeremyevansin rack/rack#2060Full Changelog: https://github.com/rack/rack/compare/v3.0.6.1...v3.0.7
\nv3.0.6.1
\nNo release notes provided.
\nv3.0.4.1
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.4...v3.0.4.1
\nv3.0.4
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.3...v3.0.4
\nv3.0.3
\nWhat's Changed
\n\n
\n- Release v3.0.3 by
\n@ioquatixin rack/rack#2000Full Changelog: https://github.com/rack/rack/compare/v3.0.2...v3.0.3
\nv3.0.2
\nFull Changelog: https://github.com/rack/rack/compare/v3.0.1...v3.0.2
\n
Sourced from rack's changelog.
\n\n\nChangelog
\nAll notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.
\nUnreleased
\nSPEC Changes
\n\n
\n- \n
rack.inputis now optional. (#1997, [@ioquatix])- \n
Rack::Utils.escape_htmlis now delegated toCGI.escapeHTML.'is escaped to[#39](https://github.com/rack/rack/issues/39);instead of#x27;. (decimal vs hexadecimal) (#2099,@JunichiIto)Changed
\n\n
\n- \n
rack.inputis now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@ioquatix])- Introduce
\nmodule Rack::BadRequestwhich is included in multipart and query parser errors. (#2019, [@ioquatix])- MIME type for JavaScript files (
\n.js) changed fromapplication/javascripttotext/javascript(1bd0f15)- Add
\n.mjsMIME type (#2057, [@axilleas])- Update MIME types associated to
\n.ttf,.woff,.woff2and.otfextensions to use mondernfont/*types. (#2065, [@davidstosik])- \n
set_cookie_headerutility now supports thepartitionedcookie attribute. This is required by Chrome in some embedded contexts. (#2131, [@flavio-b])- Remove non-standard status codes 306, 509, & 510 and update descriptions for 413, 422, & 451. (#2137, [
\n@wtn])- Add fallback lookup and deprecation warning for obsolete status symbols. (#2137, [
\n@wtn])- In
\nRack::Files, ignore theRangeheader if served file is 0 bytes. (#2159, [@zarqman])[3.0.9] - 2024-01-31
\n\n
\n- Fix incorrect content-length header that was emitted when
\nRack::Response#writewas used in some situations. (#2150, [@mattbrictson])[3.0.8] - 2023-06-14
\n\n
\n- Fix some unused variable verbose warnings. (#2084, [
\n@jeremyevans],@skipkayhil)[3.0.7] - 2023-03-16
\n\n
\n- Make query parameters without
\n=havenilvalues. (#2059, [@jeremyevans])[3.0.6.1] - 2023-03-13
\n\n
\n- [CVE-2023-27539] Avoid ReDoS in header parsing
\n[3.0.6] - 2023-03-13
\n\n
\n- Add
\nQueryParser#missing_valuefor handling missing values + tests. (#2052, [@ioquatix])[3.0.5] - 2023-03-13
\n\n
\n- Split form/query parsing into two steps. (#2038,
\n@matthewd)[3.0.4.2] - 2023-03-02
\n\n
\n\n- [CVE-2023-27530] Introduce multipart_total_part_limit to limit total parts
\n
... (truncated)
\na4bc5e0 bump version6efb2ce Avoid 2nd degree polynomial regexp in MediaType4849132 Return an empty array when ranges are too largea227cd7 Fixing ReDoS in header parsing0b3f997 Bump patch version.d3d415e Update Ruby versions for external tests: drop v2.7 and add v3.2 and v3.3. (#2...c8b977f Fix content-length calcuation in Rack:Response#write (#2150)8d1bf99 Update CHANGELOG for 3.0.8 (#2086)d28c464 Bump patch verison.32736d2 Fix some unused variable verbose warnings (#2084)