rack-devel archive mirror (unofficial) https://groups.google.com/group/rack-devel
 help / color / mirror / code / Atom feed
* [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface
@ 2013-01-22  7:46 jftucker
  2013-01-22  7:46 ` raggi
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: jftucker @ 2013-01-22  7:46 UTC (permalink / raw)
  To: ruby-talk, rack-devel, rack-core

Hello,

Today we are proud to announce the release of Rack 1.5.0.

= Rack, a modular Ruby webserver interface 

Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby.  By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
The exact details of this are described in the Rack specification, which all Rack applications should conform to. 

== Changes

Please note that this release includes a few potentially breaking changes.
Of particular note are:

 * SessionHash is no longer a Hash sublcass
 * Rack::File cache_control parameter is removed in place of headers options

Additonally, SPEC has been updated in several areas and is now at 1,2.

A new SPEC section was introduced that provides two server-optional IO hijacking
APIs. Further information on these APIs will be made available by the community
in good time. In the mean time, some information can be found in the original
pull request: https://github.com/rack/rack/pull/481

* January 21st, 2013: Thirty third public release 1.5.0
  * Introduced hijack SPEC, for before-response and after-response hijacking
  * SessionHash is no longer a Hash subclass
  * Rack::File cache_control parameter is removed, in place of headers options
  * Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
  * Rack::Utils cookie functions now format expires in RFC 2822 format
  * Rack::File now has a default mime type
  * rackup -b 'run Rack::File.new(".")', option provides command line configs
  * Rack::Deflater will no longer double encode bodies
  * Rack::Mime#match? provides convenience for Accept header matching
  * Rack::Utils#q_values provides splitting for Accept headers
  * Rack::Utils#best_q_match provides a helper for Accept headers
  * Rack::Handler.pick provides convenience for finding available servers
  * Puma added to the list of default servers (preferred over Webrick)
  * Various middleware now correctly close body when replacing it
  * Rack::Request#params is no longer persistent with only GET params
  * Rack::Request#update_param and #delete_param provide persistent operations
  * Rack::Request#trusted_proxy? now returns true for local unix sockets
  * Rack::Response no longer forces Content-Types
  * Rack::Sendfile provides local mapping configuration options
  * Rack::Utils#rfc2109 provides old netscape style time output
  * Updated HTTP status codes
  * Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported

== Where can I get it? 

You can download Rack at 
        http://chneukirchen.org/releases/rack-1.5.0.tar.gz   (upload pending at time of writing)
                  http://rubyforge.org/projects/rack

Alternatively, you can checkout from the development repository with:
    git clone git://github.com/rack/rack.git
cd rack && git checkout rack-1.5   # for this release

Happy hacking and have a nice day,

James Tucker
on behalf of the Rack Core Team.

9f506c84a6edbeb8c98f381e8edce15e7ae08324  rack-1.5.0.tar.gz
71b6627efbc8795bd3077eff9850fcb508d57ea3  rack-1.5.0.gem

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface
  2013-01-22  7:46 [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface jftucker
@ 2013-01-22  7:46 ` raggi
  2013-01-22 10:08 ` Eric Wong
  2013-01-22 18:14 ` Hongli Lai
  2 siblings, 0 replies; 7+ messages in thread
From: raggi @ 2013-01-22  7:46 UTC (permalink / raw)
  To: rack-devel; +Cc: ruby-talk, rack-core

[-- Attachment #1: Type: text/plain, Size: 3528 bytes --]

My sincerest apologies, this was not a SEC release.

On Monday, January 21, 2013 11:46:10 PM UTC-8, raggi wrote:
>
> Hello, 
>
> Today we are proud to announce the release of Rack 1.5.0. 
>
> = Rack, a modular Ruby webserver interface 
>
> Rack provides a minimal, modular and adaptable interface for developing 
> web applications in Ruby.  By wrapping HTTP requests and responses in the 
> simplest way possible, it unifies and distills the API for web servers, web 
> frameworks, and software in between (the so-called middleware) into a 
> single method call. 
> The exact details of this are described in the Rack specification, which 
> all Rack applications should conform to. 
>
> == Changes 
>
> Please note that this release includes a few potentially breaking changes. 
> Of particular note are: 
>
>  * SessionHash is no longer a Hash sublcass 
>  * Rack::File cache_control parameter is removed in place of headers 
> options 
>
> Additonally, SPEC has been updated in several areas and is now at 1,2. 
>
> A new SPEC section was introduced that provides two server-optional IO 
> hijacking 
> APIs. Further information on these APIs will be made available by the 
> community 
> in good time. In the mean time, some information can be found in the 
> original 
> pull request: https://github.com/rack/rack/pull/481 
>
> * January 21st, 2013: Thirty third public release 1.5.0 
>   * Introduced hijack SPEC, for before-response and after-response 
> hijacking 
>   * SessionHash is no longer a Hash subclass 
>   * Rack::File cache_control parameter is removed, in place of headers 
> options 
>   * Rack::Auth::AbstractRequest#scheme now yields strings, not symbols 
>   * Rack::Utils cookie functions now format expires in RFC 2822 format 
>   * Rack::File now has a default mime type 
>   * rackup -b 'run Rack::File.new(".")', option provides command line 
> configs 
>   * Rack::Deflater will no longer double encode bodies 
>   * Rack::Mime#match? provides convenience for Accept header matching 
>   * Rack::Utils#q_values provides splitting for Accept headers 
>   * Rack::Utils#best_q_match provides a helper for Accept headers 
>   * Rack::Handler.pick provides convenience for finding available servers 
>   * Puma added to the list of default servers (preferred over Webrick) 
>   * Various middleware now correctly close body when replacing it 
>   * Rack::Request#params is no longer persistent with only GET params 
>   * Rack::Request#update_param and #delete_param provide persistent 
> operations 
>   * Rack::Request#trusted_proxy? now returns true for local unix sockets 
>   * Rack::Response no longer forces Content-Types 
>   * Rack::Sendfile provides local mapping configuration options 
>   * Rack::Utils#rfc2109 provides old netscape style time output 
>   * Updated HTTP status codes 
>   * Ruby 1.8.6 likely no longer passes tests, and is no longer fully 
> supported 
>
> == Where can I get it? 
>
> You can download Rack at 
>         http://chneukirchen.org/releases/rack-1.5.0.tar.gz   (upload 
> pending at time of writing) 
>                   http://rubyforge.org/projects/rack 
>
> Alternatively, you can checkout from the development repository with: 
>     git clone git://github.com/rack/rack.git 
> cd rack && git checkout rack-1.5   # for this release 
>
> Happy hacking and have a nice day, 
>
> James Tucker 
> on behalf of the Rack Core Team. 
>
> 9f506c84a6edbeb8c98f381e8edce15e7ae08324  rack-1.5.0.tar.gz 
> 71b6627efbc8795bd3077eff9850fcb508d57ea3  rack-1.5.0.gem 
>

[-- Attachment #2: Type: text/html, Size: 4246 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface
  2013-01-22  7:46 [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface jftucker
  2013-01-22  7:46 ` raggi
@ 2013-01-22 10:08 ` Eric Wong
  2013-01-23  0:27   ` Eric Wong
  2013-01-22 18:14 ` Hongli Lai
  2 siblings, 1 reply; 7+ messages in thread
From: Eric Wong @ 2013-01-22 10:08 UTC (permalink / raw)
  To: rack-devel; +Cc: ruby-talk, rack-core

jftucker@gmail.com wrote:
> Additonally, SPEC has been updated in several areas and is now at 1,2.

SPEC still says this:

  <tt>rack.version</tt>:: The Array [1,1], representing this version of Rack.

I take it 1,2-compliant servers should set [1,2] there instead?

> A new SPEC section was introduced that provides two server-optional IO hijacking
> APIs. Further information on these APIs will be made available by the community
> in good time. In the mean time, some information can be found in the original
> pull request: https://github.com/rack/rack/pull/481

Cool.  Should be easy for unicorn, and some configurations of Rainbows!/zbatery.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface
  2013-01-22  7:46 [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface jftucker
  2013-01-22  7:46 ` raggi
  2013-01-22 10:08 ` Eric Wong
@ 2013-01-22 18:14 ` Hongli Lai
  2 siblings, 0 replies; 7+ messages in thread
From: Hongli Lai @ 2013-01-22 18:14 UTC (permalink / raw)
  To: rack-devel; +Cc: ruby-talk, rack-core

[-- Attachment #1: Type: text/plain, Size: 176 bytes --]

We've also implemented the socket hijacking API in the upcoming Phusion 
Passenger 
4: https://github.com/FooBarWidget/passenger/commit/c5b5b2e76034f7c7010c46aefc08967240eda122

[-- Attachment #2: Type: text/html, Size: 179 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface
  2013-01-22 10:08 ` Eric Wong
@ 2013-01-23  0:27   ` Eric Wong
  2013-01-23 22:40     ` Hongli Lai
  2013-01-26 19:11     ` James Tucker
  0 siblings, 2 replies; 7+ messages in thread
From: Eric Wong @ 2013-01-23  0:27 UTC (permalink / raw)
  To: rack-devel

(culling Cc:)

Eric Wong <normalperson@yhbt.net> wrote:
> jftucker@gmail.com wrote:
> > Additonally, SPEC has been updated in several areas and is now at 1,2.
> 
> SPEC still says this:
> 
>   <tt>rack.version</tt>:: The Array [1,1], representing this version of Rack.
> 
> I take it 1,2-compliant servers should set [1,2] there instead?
> 
> > A new SPEC section was introduced that provides two server-optional IO hijacking
> > APIs. Further information on these APIs will be made available by the community
> > in good time. In the mean time, some information can be found in the original
> > pull request: https://github.com/rack/rack/pull/481

So once a connection is hijacked, there's no un-hijacking, correct?
The server needs to completely ignore the normal Rack response
(I also just posted a Rack::Lint patch here to that effect)

> Cool.  Should be easy for unicorn, and some configurations of
> Rainbows!/zbatery.

I'm setting env["rack.version"] to [1,2] in my unicorn hijack branch.
Would greatly appreciate ACK/NACK on whether this is the way to go.

Original patch to implement hijack:
http://mid.gmane.org/20130122114943.GA8455@dcvr.yhbt.net

Followup to ignore responses for hijacked requests:
http://mid.gmane.org/20130122235728.GA8717@dcvr.yhbt.net

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface
  2013-01-23  0:27   ` Eric Wong
@ 2013-01-23 22:40     ` Hongli Lai
  2013-01-26 19:11     ` James Tucker
  1 sibling, 0 replies; 7+ messages in thread
From: Hongli Lai @ 2013-01-23 22:40 UTC (permalink / raw)
  To: rack-devel

[-- Attachment #1: Type: text/plain, Size: 126 bytes --]

We've written an article on how the hijacking API 
works: http://blog.phusion.nl/2013/01/23/the-new-rack-socket-hijacking-api/

[-- Attachment #2: Type: text/html, Size: 130 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface
  2013-01-23  0:27   ` Eric Wong
  2013-01-23 22:40     ` Hongli Lai
@ 2013-01-26 19:11     ` James Tucker
  1 sibling, 0 replies; 7+ messages in thread
From: James Tucker @ 2013-01-26 19:11 UTC (permalink / raw)
  To: rack-devel


On Jan 22, 2013, at 4:27 PM, Eric Wong <normalperson@yhbt.net> wrote:

> (culling Cc:)
> 
> Eric Wong <normalperson@yhbt.net> wrote:
>> jftucker@gmail.com wrote:
>>> Additonally, SPEC has been updated in several areas and is now at 1,2.
>> 
>> SPEC still says this:
>> 
>>  <tt>rack.version</tt>:: The Array [1,1], representing this version of Rack.
>> 
>> I take it 1,2-compliant servers should set [1,2] there instead?
>> 
>>> A new SPEC section was introduced that provides two server-optional IO hijacking
>>> APIs. Further information on these APIs will be made available by the community
>>> in good time. In the mean time, some information can be found in the original
>>> pull request: https://github.com/rack/rack/pull/481
> 
> So once a connection is hijacked, there's no un-hijacking, correct?
> The server needs to completely ignore the normal Rack response
> (I also just posted a Rack::Lint patch here to that effect)

Correct. I don't see a way around this without making the specification excessively complex. That's why I strongly recommend people set Connection:close.

> 
>> Cool.  Should be easy for unicorn, and some configurations of
>> Rainbows!/zbatery.
> 
> I'm setting env["rack.version"] to [1,2] in my unicorn hijack branch.
> Would greatly appreciate ACK/NACK on whether this is the way to go.

Ack. I forgot to update lint - my bad. I'll fix this in .1.

> 
> Original patch to implement hijack:
> http://mid.gmane.org/20130122114943.GA8455@dcvr.yhbt.net

Only had a quick scan, but LGTM.

> 
> Followup to ignore responses for hijacked requests:
> http://mid.gmane.org/20130122235728.GA8717@dcvr.yhbt.net

-- 

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2013-01-26 19:11 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-22  7:46 [SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface jftucker
2013-01-22  7:46 ` raggi
2013-01-22 10:08 ` Eric Wong
2013-01-23  0:27   ` Eric Wong
2013-01-23 22:40     ` Hongli Lai
2013-01-26 19:11     ` James Tucker
2013-01-22 18:14 ` Hongli Lai

Code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/rack.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).