From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.49.85.105 with SMTP id g9csp107828qez; Thu, 7 Feb 2013 19:14:32 -0800 (PST) Return-Path: Received-SPF: pass (google.com: domain of rack-core+bncBD75LW742ECRBGG32GEAKGQE44NAKEI@googlegroups.com designates 10.50.214.36 as permitted sender) client-ip=10.50.214.36 Authentication-Results: mr.google.com; spf=pass (google.com: domain of rack-core+bncBD75LW742ECRBGG32GEAKGQE44NAKEI@googlegroups.com designates 10.50.214.36 as permitted sender) smtp.mail=rack-core+bncBD75LW742ECRBGG32GEAKGQE44NAKEI@googlegroups.com; dkim=pass header.i=@googlegroups.com X-Received: from mr.google.com ([10.50.214.36]) by 10.50.214.36 with SMTP id nx4mr4795653igc.6.1360293272290 (num_hops = 1); Thu, 07 Feb 2013 19:14:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20120806; h=x-received:mime-version:x-beenthere:x-received:x-received :received-spf:x-received:message-id:date:from:to:subject :x-original-sender:x-original-authentication-results:reply-to :precedence:mailing-list:list-id:x-google-group-id:list-post :list-help:list-archive:sender:list-unsubscribe:content-type :content-transfer-encoding; bh=+zmbpp9drgd/tRrK9YOSnyfHV3x5vBgWcW36jVlzvqA=; b=WmBgn1Ec9p4SHpNhCjNoA6Tc0uGd7hcbYEtE8aV1Ro9/msvzRuzJDEbqze+jNKI0El KNtlVRz+QYoxAnOu7r7qURvtqpfNb1VIh17SMzZ9Ipmc0DYxchJzGHYR9vAuiIH/ueKI U39WCBM34MRGxcRdKgIMvweZucTp9tnXutmsGgElKTWJYZXaArD+4m1ODfiW/A4bmlXh GZ+37cvOlLd2qFGMdVg0qUETxIS704JnQTKwsr1mtFeR4s9RgHrr8/ltfKmR1a8vkx4h Vr4Tr7NL0WDmccUsyHDmELLYgtP7YjFjHLXJwOfl98hPezGPuWb4yPwNCcvCpSjGPFAE T49Q== X-Received: by 10.50.214.36 with SMTP id nx4mr799152igc.6.1360293272068; Thu, 07 Feb 2013 19:14:32 -0800 (PST) MIME-Version: 1.0 X-BeenThere: rack-core@googlegroups.com Received: by 10.50.56.239 with SMTP id d15ls490395igq.11.gmail; Thu, 07 Feb 2013 19:14:31 -0800 (PST) X-Received: by 10.42.147.10 with SMTP id l10mr2732609icv.3.1360293271832; Thu, 07 Feb 2013 19:14:31 -0800 (PST) X-Received: by 10.42.147.10 with SMTP id l10mr2732607icv.3.1360293271818; Thu, 07 Feb 2013 19:14:31 -0800 (PST) Received: from mail-ie0-x232.google.com (mail-ie0-x232.google.com [2607:f8b0:4001:c03::232]) by gmr-mx.google.com with ESMTPS id dx8si713445igc.1.2013.02.07.19.14.31 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 07 Feb 2013 19:14:31 -0800 (PST) Received-SPF: pass (google.com: domain of jftucker@gmail.com designates 2607:f8b0:4001:c03::232 as permitted sender) client-ip=2607:f8b0:4001:c03::232; Received: by mail-ie0-x232.google.com with SMTP id c13so4442654ieb.37 for ; Thu, 07 Feb 2013 19:14:31 -0800 (PST) X-Received: by 10.50.189.193 with SMTP id gk1mr19518859igc.87.1360293271671; Thu, 07 Feb 2013 19:14:31 -0800 (PST) Received: from localhost ([216.239.55.209]) by mx.google.com with ESMTPS id kf2sm13054494igc.0.2013.02.07.19.14.30 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 07 Feb 2013 19:14:31 -0800 (PST) Message-ID: <51146d97.22ca320a.1f08.ffffc3a8@mx.google.com> Date: Thu, 07 Feb 2013 19:14:31 -0800 (PST) From: jftucker@gmail.com To: ruby-talk@ruby-lang.org, rack-devel@googlegroups.com, rack-core@googlegroups.com Subject: [SEC][ANN] Rack 1.5.2, a modular Ruby webserver interface X-Original-Sender: jftucker@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jftucker@gmail.com designates 2607:f8b0:4001:c03::232 as permitted sender) smtp.mail=jftucker@gmail.com; dkim=pass header.i=@gmail.com Reply-To: rack-core@googlegroups.com Precedence: list Mailing-list: list rack-core@googlegroups.com; contact rack-core+owners@googlegroups.com List-ID: X-Google-Group-Id: 504757074975 List-Post: , List-Help: , List-Archive: Sender: rack-core@googlegroups.com List-Unsubscribe: , Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Today we are proud to announce the release of Rack 1.5.2. =3D Rack, a modular Ruby webserver interface=20 Rack provides a minimal, modular and adaptable interface for developing web= applications in Ruby. By wrapping HTTP requests and responses in the simp= lest way possible, it unifies and distills the API for web servers, web fra= meworks, and software in between (the so-called middleware) into a single m= ethod call. The exact details of this are described in the Rack specification, which al= l Rack applications should conform to.=20 =3D=3D Changes * February 7th, Thirty fifth public release 1.5.2 * Fix CVE-2013-0263, timing attack against Rack::Session::Cookie * Fix CVE-2013-0262, symlink path traversal in Rack::File * Add various methods to Session for enhanced Rails compatibility * Request#trusted_proxy? now only matches whole stirngs * Add JSON cookie coder, to be default in Rack 1.6+ due to security conce= rns * URLMap host matching in environments that don't set the Host header fix= ed * Fix a race condition that could result in overwritten pidfiles * Various documentation additions =3D=3D Where can I get it?=20 You can download Rack at=20 http://chneukirchen.org/releases/rack-1.5.2.tar.gz (upload pendin= g at time of writing) http://rubyforge.org/projects/rack Alternatively, you can checkout from the development repository with: git clone git://github.com/rack/rack.git cd rack && git checkout rack-1.5 # for this release Happy hacking and have a nice day, James Tucker on behalf of the Rack Core Team. a2c2140365368c54d8b6dd9698d64ce7ad789e9a rack-1.5.2.tar.gz a17f40c9beb03b458f537f42cf36dd90d8230625 rack-1.5.2.gem -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) iQEcBAEBAgAGBQJRFG2VAAoJELphsezQxofDfrUH/0J6hOPPIQk9aPE2qX/SMqUD 4puRHZUr0n6IGeQqNsfnggMAmqsdt6eyEsDcdj3RZfzfr//H1/eO39ibWvI6kgof 1fr9f4191zrnsj9SdIVnTXQEIxQQEQiz+bWiF5QRq1T4jrZUGlttPwD3gpp2jWks 9rFzPKuXcx5h6ZscDLsuG92m5N7FE15nWsrB8IIxdkD/lFlLvsyFX9XPiH6a+/UD dvexe8rrfH4IWw6lp1ojyWpVbxOQRz5dnhKy5HAGq7WQPfAs94nd7wO8IcZZrVFf ojn9xQcT6QZG1jnMmi3rgZREdM86XEWI6vBOde2SwhO5Br/PGEnmmrYPh2drA1U=3D =3DYGbz -----END PGP SIGNATURE----- --=20 ---=20 You received this message because you are subscribed to the Google Groups "= Rack Core team" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to rack-core+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.