summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* Limit file extension length of multipart tempfiles (#2069) (#2075)2-2-stablePatrik Ragnarsson2023-04-262-1/+25
* Bump patch version.v2.2.7Samuel Williams2023-04-251-1/+1
* Support underscore in host names for Rack 2.2 (Fixes #2070) (#2071)Jeremy Evans2023-04-252-1/+10
* Merge branch '2-2-sec' into 2-2-stableAaron Patterson2023-03-133-3/+7
|\
| * bump versionv2.2.6.4Aaron Patterson2023-03-132-1/+5
| * Avoid ReDoS problemAaron Patterson2023-03-131-2/+2
* | Merge branch '2-2-sec' into 2-2-stableAaron Patterson2023-03-027-13/+81
|\ \ | |/
| * bump versionv2.2.6.3Aaron Patterson2023-03-022-1/+5
| * Limit all multipart parts, not just filesJohn Hawthorn2023-03-025-12/+76
* | Correct the year in the changelog (#2015)kimulab2023-01-181-3/+3
|/
* bumping versionv2.2.6.2Aaron Patterson2023-01-172-2/+5
* Fix ReDoS in Rack::Utils.get_byte_rangesAaron Patterson2023-01-171-5/+6
* bump versionv2.2.6.1Aaron Patterson2023-01-171-1/+1
* Update changelogAaron Patterson2023-01-171-0/+6
* Fix ReDoS vulnerability in multipart parserAaron Patterson2023-01-171-1/+1
* Forbid control characters in attributesJohn Hawthorn2023-01-171-1/+1
* Bump patch version.v2.2.6Samuel Williams2023-01-172-1/+5
* Rack::MethodOverride handle QueryParser::ParamsTooDeepError (#2011)Jean byroot Boussier2023-01-172-1/+8
* Remove leading dot to fix compatibility with latest cgi gem. (#1988)v2.2.5Samuel Williams2022-12-271-4/+4
* Update tests to work on latest Rubies. (#1999)Samuel Williams2022-12-271-2/+1
* Bump patch release.Samuel Williams2022-12-272-1/+7
* Fix Regexp deprecated third argument with Regexp::NOENCODING (#1998)Wei Zhe2022-12-271-1/+1
* fixup changelog2.2.4Aaron Patterson2022-06-301-5/+2
* bump versionAaron Patterson2022-06-301-1/+1
* Better handling of case-insensitive headers for `Rack::Etag` middleware. (#1919)Samuel Williams2022-07-013-0/+12
* Add 'custom exception on params too deep error' change to CHANGELOG. (#1914)Josef Šimánek2022-06-251-0/+8
* Expect additional optional version segment in version test. (#1913)Josef Šimánek2022-06-251-1/+1
* Merge branch '2-2-sec' into 2-2-stableAaron Patterson2022-05-2710-20/+32
|\
| * update changelog2.2.3.1Aaron Patterson2022-05-271-0/+5
| * bump versionAaron Patterson2022-05-261-1/+1
| * Escape untrusted text when loggingAaron Patterson2022-05-264-1/+21
| * Restrict broken mime parsingAaron Patterson2022-05-264-18/+5
* | Ensure Rack::QueryParser::ParamsTooDeepError is inherited from RangeError. (#...Josef Šimánek2022-04-121-0/+6
* | Add Ruby 2.3 compatibility for tests, add Ruby 2.3 to CI. (#1863)Josef Šimánek2022-04-115-2/+12
* | Merge pull request #1839 from RubyElders/2-2-stable-ciRafael Mendonça França2022-04-046-117/+65
|\ \
| * | Replace CircleCI with GitHub Actions.Josef Šimánek2022-04-042-96/+36
| * | Newer rubies spec compatibility.Josef Šimánek2022-04-044-21/+29
|/ /
* | Merge pull request #1838 from RubyElders/custom-range-exception-2-2Rafael Mendonça França2022-04-044-10/+14
|\ \
| * | Use custom exception on params too deep error.Josef Šimánek2022-04-044-10/+14
|/ /
* | Don't ary.inspect in the lint assertions (backport) (#1765)Keith Gable2021-10-102-5/+5
|/
* bump version2.2.3Aaron Patterson2020-06-152-1/+5
* When parsing cookies, only decode the valuesMatt Langlois2020-06-152-2/+10
* Bump version.v2.2.2Samuel Williams2020-02-111-1/+1
* Remove trailing whitespace.Samuel Williams2020-02-111-1/+1
* Prepare CHANGELOG for next patch release.Samuel Williams2020-02-111-0/+9
* Fix to handle same_site option for session poolRyuta Kamizono2020-02-113-1/+20
* Ensure full match. Fixes #1590.Samuel Williams2020-02-112-2/+7
* Double assignment is still needed to prevent an "unused variable" warningRyuta Kamizono2020-02-112-8/+8
* Revert "Update Thin handler to better handle more options"Jeremy Evans2020-02-111-14/+8
* Prepare point release.v2.2.1Samuel Williams2020-02-092-2/+2
View Lorry Controller Status