Tags: UWMadisonUcomm/rack-contrib
Tags
October: catastrophe avoidance month * `Rack::JSONP`: change the callback validity checking regex to one that isn't vulnerable to catastrophic backtracking, which causes all sorts of nasty performance problems when there's a long invalid string to match against. [PR](https://github.com/rack/rack-contrib/136) by Juan C. Muller (@jcmuller).
September is the season of correct error handling * **`Rack::PostBodyContentTypeParser`**: if the middleware is told a POST body is JSON, but it doesn't parse as JSON, then... it's not really JSON, and the request is now rejected with a 400 response. Thanks to Yukihiko SAWANOBORI (@sawanoboly) for the fix.
We're baaaaaaack! After an extended hiatus, rack-contrib maintenance is back on track. This is a tidy-up release, merging things that have sat around for far too long. * `git-version-bump` has now been moved to being a development dependency, thanks to Tobias Haagen Michaelsen. * `Rack::AcceptLocale` can be restricted to a set of enforced locales, thanks to Paco Guzman. * `Rack::NotFound`'s `path` argument is now optional, thanks to Ed Morley. * `Rack::BounceFavicon` now has a description and tests, thanks to Steven Wilkin. * The automated Travis CI suite now tests all supported Ruby versions up to 2.4, which necessitated a few small changes.
v1.4.0: Features, Features Everywhere, and not a bug to fix There's a bumper crop of new features this month. Share and enjoy! Deprecations ============ * **`Rack::AcceptFormat` is slated for removal in `rack-contrib` 2.0.0 (due on or after 1 January, 2016**. Using this middleware will now result in a deprecation warning being printed to `stderr`. If you use this middleware, now would be a good time to start doing things properly. Features ======== * `Rack::LazyConditionalGet`: new middleware, by [Mig](https://github.com/mig-hub). This middleware tracks when the last POST/PUT/DELETE request was made, and returns 304 responses to requests which include a `Last-Modified` entity request header which is greater than or equal to that time. * `Rack::StaticCache`: You can now specify a custom "version" regex for your cache invalidation, if the default doesn't do it for you. Initial patch provided by [Eric Boehs](https://github.com/ericboehs). * `Rack::Profiler`: You can now run a single request through the profiler multiple times, by adding the `profiler_runs` query parameter to the URL. Patch provided by [Bryce McDonnell](https://github.com/brycemcd).
WE'RE BACK! This is the first of the new monthly feature releases that will be the new tempo of `rack-contrib` development. This release contains a significant backlog of changes that have been building up over the last year or so. Thanks to everyone who contributed changes, bug reports, and comments towards this release. * CVE-2013-0269: Set `:create_additions => false` when parsing JSON. * `Rack::ForceValidEncoding`: ensures that the URL is in a valid encoding, raises a 400 if not. * `Rack::MailExceptions`: can now use `sendmail` to send e-mails, rather than being restricted to SMTP. * `Rack::MailExceptions`: Credentials in `Authorization: Basic` headers are stripped, to prevent leakage. * `Rack::TryStatic`: Pass-through requests for non-GET/HEAD requests (rack#85) * `Rack::Locale`: Don't overwrite app-set value of `Content-Language` (rack#99) * `Rack::RelativeRedirect`: Rewrite redirect on 307/308 status, too (rack#5) * `Rack::JSONP`: Don't act when status is a no-body code (rack#100) * `Rack::StaticCache`: Don't nuke response headers which enable conditional * responses. (rack#84) * `README` is now markdown. * Test suite now uses minitest. * There is now a [travis CI](https://travis-ci.org/rack/rack-contrib) setup, which tests across a range of supported Ruby versions and gemsets. * `Rakefile` has been tidied up to bring it up to modern standards. * The gemspec now uses pessimistic version constraints wherever possible. * We've documented our expectations for contributors in a `CONTRIBUTING` file.
PreviousNext