Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
rubygem-rack.24764
rubygem-rack.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rubygem-rack.changes of Package rubygem-rack.24764
------------------------------------------------------------------- Tue Jun 21 13:38:24 UTC 2022 - pgajdos@suse.com - security update - added patches fix CVE-2022-30122 [bsc#1200748], crafted multipart POST request may cause a DoS + rubygem-rack-CVE-2022-30122.patch fix CVE-2022-30123 [bsc#1200750], crafted requests can cause shell escape sequences + rubygem-rack-CVE-2022-30123.patch ------------------------------------------------------------------- Thu Dec 19 08:55:14 UTC 2019 - David Kang <dkang@suse.com> - updated to version 2.0.8 * CVE-2019-16782: Possible information leak / session hijack vulnerability ------------------------------------------------------------------- Sat Apr 6 17:52:23 UTC 2019 - manuel <mschnitzer@suse.com> - updated to version 2.0.7 no changelog found ------------------------------------------------------------------- Tue Nov 6 23:24:32 UTC 2018 - Marcus Rueckert <mrueckert@suse.de> - update to 2.0.6: * CVE-2018-16471: cross-site scripting (XSS) flaw via the scheme method on Rack::Request (bsc#1114828) ------------------------------------------------------------------- Mon Apr 23 18:18:04 UTC 2018 - factory-auto@kulow.org - updated to version 2.0.5 see installed HISTORY.md ------------------------------------------------------------------- Mon Apr 16 15:47:33 UTC 2018 - mschnitzer@suse.com - Only build against ruby versions 2.3.x, 2.4.x, and 2.5.x - Fix package build by removing the executable bit for 'test.gz' file in gem ------------------------------------------------------------------- Thu Feb 8 06:21:32 UTC 2018 - coolo@suse.com - updated to version 2.0.4 see installed HISTORY.md ------------------------------------------------------------------- Tue Oct 31 14:09:19 UTC 2017 - mrueckert@suse.de - only build for 2.3+ from now ------------------------------------------------------------------- Wed Jun 7 16:24:31 UTC 2017 - mrueckert@suse.de - re-add the rb_build_versions and rb_default_ruby_abi as otherwise building on older distros fails. - add ruby 2.4 ------------------------------------------------------------------- Thu Jun 1 18:55:47 UTC 2017 - opensuse_buildservice@ojkastl.de - removed manual definition of rb_build_versions and rb_default_ruby_abi from gem2rpm.yml; recreated spec ------------------------------------------------------------------- Tue May 23 10:12:04 UTC 2017 - coolo@suse.com - updated to version 2.0.3 see installed HISTORY.md ------------------------------------------------------------------- Wed Jul 6 01:17:36 UTC 2016 - mrueckert@suse.de - make build again by only building for 2.2 and newer ------------------------------------------------------------------- Fri Jul 1 04:34:13 UTC 2016 - coolo@suse.com - updated to version 2.0.1 see installed HISTORY.md ------------------------------------------------------------------- Fri Jun 19 04:32:19 UTC 2015 - coolo@suse.com - updated to version 1.6.4 see installed HISTORY.md Fri Jun 19 07:14:50 2015 Matthew Draper <matthew@trebex.net> * Work around a Rails incompatibility in our private API ------------------------------------------------------------------- Wed Jun 17 04:37:32 UTC 2015 - coolo@suse.com - updated to version 1.6.2 see installed HISTORY.md Fri Jun 12 11:37:41 2015 Aaron Patterson <tenderlove@ruby-lang.org> * Prevent extremely deep parameters from being parsed. CVE-2015-3225 ------------------------------------------------------------------- Thu May 7 04:29:35 UTC 2015 - coolo@suse.com - updated to version 1.6.1 no changelog found ------------------------------------------------------------------- Fri Feb 6 18:18:15 UTC 2015 - coolo@suse.com - updated to version 1.6.0 ------------------------------------------------------------------- Sat Nov 1 23:17:03 UTC 2014 - tboerger@suse.com - Fixed all rpmlintrc errors to prevent failing builds with multiple ruby versions ------------------------------------------------------------------- Mon Sep 29 20:13:50 UTC 2014 - mrueckert@suse.de - added rpmlintrc to ignore the rackup shebang line in a test case - updated to new packaging scheme and add gem2rpm.yml ------------------------------------------------------------------- Tue May 28 05:28:04 UTC 2013 - coolo@suse.com - new template version ------------------------------------------------------------------- Tue Feb 12 13:45:09 UTC 2013 - coolo@suse.com - updated to version 1.5.2 * February 7th, Thirty fifth public release 1.5.2 * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie * Fix CVE-2013-0262, symlink path traversal in Rack::File * Add various methods to Session for enhanced Rails compatibility * Request#trusted_proxy? now only matches whole stirngs * Add JSON cookie coder, to be default in Rack 1.6+ due to security concerns * URLMap host matching in environments that don't set the Host header fixed * Fix a race condition that could result in overwritten pidfiles * Various documentation additions ------------------------------------------------------------------- Sun Feb 3 17:14:19 UTC 2013 - coolo@suse.com - updated to version 1.5.1 ------------------------------------------------------------------- Thu Jan 24 06:34:01 UTC 2013 - coolo@suse.com - update to version 1.5.0, remove suffix * Introduced hijack SPEC, for before-response and after-response hijacking * SessionHash is no longer a Hash subclass * Rack::File cache_control parameter is removed, in place of headers options * Rack::Auth::AbstractRequest#scheme now yields strings, not symbols * Rack::Utils cookie functions now format expires in RFC 2822 format * Rack::File now has a default mime type * rackup -b 'run Rack::File.new(".")', option provides command line configs * Rack::Deflater will no longer double encode bodies * Rack::Mime#match? provides convenience for Accept header matching * Rack::Utils#q_values provides splitting for Accept headers * Rack::Utils#best_q_match provides a helper for Accept headers * Rack::Handler.pick provides convenience for finding available servers * Puma added to the list of default servers (preferred over Webrick) * Various middleware now correctly close body when replacing it * Rack::Request#params is no longer persistent with only GET params * Rack::Request#update_param and #delete_param provide persistent operations * Rack::Request#trusted_proxy? now returns true for local unix sockets * Rack::Response no longer forces Content-Types * Rack::Sendfile provides local mapping configuration options * Rack::Utils#rfc2109 provides old netscape style time output * Updated HTTP status codes * Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported ------------------------------------------------------------------- Tue Jan 8 20:26:44 UTC 2013 - coolo@suse.com - updated to version 1.4.3 * Add warnings when users do not provide a session secret * Fix parsing performance for unquoted filenames * Updated URI backports * Fix URI backport version matching, and silence constant warnings * Correct parameter parsing with empty values * Correct rackup '-I' flag, to allow multiple uses * Correct rackup pidfile handling * Report rackup line numbers correctly * Fix request loops caused by non-stale nonces with time limits * Fix reloader on Windows * Prevent infinite recursions from Response#to_ary * Various middleware better conforms to the body close specification * Updated language for the body close specification * Additional notes regarding ECMA escape compatibility issues * Fix the parsing of multiple ranges in range headers * Prevent errors from empty parameter keys * Added PATCH verb to Rack::Request * Various documentation updates * Fix session merge semantics (fixes rack-test) * Rack::Static :index can now handle multiple directories * All tests now utilize Rack::Lint (special thanks to Lars Gierth) * Rack::File cache_control parameter is now deprecated, and removed by 1.5 * Correct Rack::Directory script name escaping * Rack::Static supports header rules for sophisticated configurations * Multipart parsing now works without a Content-Length header * New logos courtesy of Zachary Scott! * Rack::BodyProxy now explicitly defines #each, useful for C extensions * Cookies that are not URI escaped no longer cause exceptions * Security: Prevent unbounded reads in large multipart boundaries ------------------------------------------------------------------- Tue Jul 31 13:13:42 UTC 2012 - jreidinger@suse.com - use new gem2rpm to provide new provisions ------------------------------------------------------------------- Mon Apr 2 12:41:39 UTC 2012 - saschpe@suse.de - Spec file cleanup: * Prepare for Factory submission ------------------------------------------------------------------- Fri Mar 30 13:10:03 UTC 2012 - adrian@suse.de - handle /usr/bin/rackup via update-alternatives ------------------------------------------------------------------- Thu Jan 26 16:06:57 UTC 2012 - mrueckert@suse.de - initial package of the 1.4 branch
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor