All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference Keep A Changelog.
rack.input is now optional, and if missing, will raise an error. Use this to fail on multipart parsing a request without an input body. (#2018, [@ioquatix])
Introduce module Rack::BadRequest which is included in multipart and query parser errors. (#2019, [@ioquatix])
MIME type for JavaScript files (.js) changed from application/javascript to text/javascript (1bd0f15)
[CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
[CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
[CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
[3.0.4] - 2023-01-17
Rack::Request#POST should consistently raise errors. Cache errors that occur when invoking Rack::Request#POST so they can be raised again later. (#2010, [@ioquatix])
Fix Rack::Lint error message for HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH. (#2007, @byroot)
Extend Rack::MethodOverride to handle QueryParser::ParamsTooDeepError error. (#2006, @byroot)
[3.0.3] - 2022-12-27
Fixed
Rack::URLMap uses non-deprecated form of Regexp.new. (#1998, @weizheheng)
[3.0.2] -2022-12-05
Fixed
Utils.build_nested_query URL-encodes nested field names including the square brackets.
Allow Rack::Response to pass through streaming bodies. (#1993, [@ioquatix])
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tonobo/hcloud-ruby/network/alerts).
Bumps rack from 3.0.1 to 3.0.6.1.
Release notes
Sourced from rack's releases.
Changelog
Sourced from rack's changelog.
Commits
098d8e1
bump version231ef36
Avoid ReDoS probleme9e9ae6
Bump patch version.848c9c0
AddQueryParser#missing_value
for handling missing values + tests. (#2052)9f8ba5e
Bump patch version.7215fa7
Split form/query parsing into two steps (#2038)91f0c4b
test-external.yaml - use ruby/setup-ruby-pkgs (#2048)66325b1
Merge branch '3-0-sec' into 3-0-stable5c18f30
bump versionb5d70b3
Limit all multipart parts, not just filesDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tonobo/hcloud-ruby/network/alerts).