{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":31837178,"defaultBranch":"main","name":"rack","ownerLogin":"jeremyevans","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2015-03-08T03:37:23.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/3846?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1692900083.0","currentOid":""},"activityList":{"items":[{"before":null,"after":"c9198625dbce22c840dfe6256f3e60db98991604","ref":"refs/heads/remove-old-autoloads","pushedAt":"2023-08-24T18:01:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Remove autoloads for constants no longer shipped with rack\n\nRemoves the following autoloads:\n\n* File\n* Handler\n* Server\n* Auth::Digest\n\nSort the remaining autoloads alphabetically.\n\nFixes #2112","shortMessageHtmlLink":"Remove autoloads for constants no longer shipped with rack"}},{"before":null,"after":"9b333f5ca2636ccf9126572383ea7b16ad262719","ref":"refs/heads/unpack","pushedAt":"2023-08-15T21:23:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Remove base64 dependency\n\nbase64 will be removed from the default gems in Ruby 3.4. Switch\nto using String#unpack1 instead.","shortMessageHtmlLink":"Remove base64 dependency"}},{"before":null,"after":"d28fa2a465366f856de8840c0d6150197cd15e1e","ref":"refs/heads/query_parameter_without_value","pushedAt":"2023-07-19T15:31:03.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Make query parameters without = have empty string values\n\nThis was reverted in 77cf0579ddd53da6e1a449a26850464284a75aec\nso that Rails could have historical Rack behavior without the\ncomplexity of splitting form/query parsing.\n\nNow that splitting form/query parsing has been added back in\n3855d1d2638af92193c0636107247bc31c98b2f1, this changes the\nbehavior to what originally shipped in Rack 3.\n\nThis matches URL spec section 5.1.3.3.  Frameworks that want\nRack's historical behavior of using nil values instead of\nempty string values can reparse QUERY_STRING and use\nrack.request.form_pairs to get the behavior they want.","shortMessageHtmlLink":"Make query parameters without = have empty string values"}},{"before":null,"after":"3502962de9e0c6c6b49e10353952f0514e64ce7e","ref":"refs/heads/duplicate-x-frame-options","pushedAt":"2023-06-16T16:12:19.777Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Remove duplicate X-Frame-Options\n\nSome entries in this list are the similar entries with different case,\nbut this is the exact same entry twice.","shortMessageHtmlLink":"Remove duplicate X-Frame-Options"}},{"before":null,"after":"ec4351106f45f06ba639906a5ea5a494a71f1cc0","ref":"refs/heads/content-disposition-param-limit","pushedAt":"2023-04-29T00:37:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Limit max size and number of parameters parsed for Content-Disposition\n\nNot strictly necessary, but this limits the damage in pathological\ncases.  These limits are probably already too generous, we could\nprobably get by with 8 params and 1024 bytes.  One of tests uses\nmore than 1024 bytes, though.  Still, it seems unlikely any\nlegitimate requests would exceed these limits.  We could make the\nlimits configurable via an accessor method, if desired.","shortMessageHtmlLink":"Limit max size and number of parameters parsed for Content-Disposition"}},{"before":null,"after":"e3a9d3ae5ce29d1d47d72bf28b40f556adb9727e","ref":"refs/heads/content-disposition-filename-encoding","pushedAt":"2023-04-28T22:24:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Handle invalid Content-Disposition filename encodings\n\nUse BINARY for this, as we do for multipart encodings.  Extract a\nfind_encoding method for this.","shortMessageHtmlLink":"Handle invalid Content-Disposition filename encodings"}},{"before":null,"after":"645b5b4c96ba98db261a0890117083d6faa9572b","ref":"refs/heads/content-disposition-parser-2076","pushedAt":"2023-04-28T20:32:24.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Add Content-Disposition parameter parser\n\nThe ReDoS fix in ee25ab9a7ee981d7578f559701085b0cf39bde77 breaks valid\nrequests, because colons are valid inside parameter values.  You cannot\nuse a regexp scan and ensure correct behavior, since values inside\nparameters can be escaped.  Issues like this are the reason for the\nfamous \"now they have two problems\" quote regarding regexps.\n\nAdd a basic parser for parameters in Content-Disposition.  This parser\nis based purely on String#{index,slice!,[],==}, usually with string\narguments for #index (though one case uses a simple regexp).  There\nare two loops (one nested in the other), but the use of slice! ensures\nthat forward progress is always made on each loop iteration.\n\nIn addition to fixing the bug introduced by the security fix, this\nremoves multiple separate passes over the mime head, one pass to get\nthe parameter name for Content-Disposition, and a separate pass to get\nthe filename. It removes the get_filename method, though some of the\ncode is kept in a smaller normalize_filename method.\n\nThis removes 18 separate regexp contents that were previously used\njust for the separate parse to find the filename for the content\ndisposition.\n\nFixes #2076","shortMessageHtmlLink":"Add Content-Disposition parameter parser"}},{"before":"5651100046e5976118662b37faf33d0c366ba8bd","after":"a5691a55a5174c996159790bba16f4616b0c9c60","ref":"refs/heads/deprecate-auto-cache-invalidation","pushedAt":"2023-04-25T04:10:24.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Deprecate automatic cache invalidation in Request#{GET,POST}\n\nAdd Request#clear_{GET,POST} for users to perform manual cache\ninvalidation when replacing env['QUERY_STRING'] or env['rack.input'].\n\nWith this invalidation, env[RACK_REQUEST_QUERY_STRING] and\nenv[RACK_REQUEST_FORM_INPUT] are unnecessary.\n\nIt appears as though env[RACK_REQUEST_FORM_VARS] is already\nunnecessary, as the value is set but never accessed, dating back to\nits introduction in 6c80c6cf86f1f897e08882cb6c9ae731fab1b9c1.\nHowever, even though it is never used by Rack, it apparently is\nused by Rails.  However, Rails usage appears to be limited to\nparameter filtering, and if the RACK_REQUEST_FORM_VARS key wasn't\nset, there would be nothing to filter.  So it's possible Rails\ncould be changed so that if the key was missing, there are no\nproblems (maybe it works like that already, and only the Rails\ntests need updates).","shortMessageHtmlLink":"Deprecate automatic cache invalidation in Request#{GET,POST}"}},{"before":null,"after":"5651100046e5976118662b37faf33d0c366ba8bd","ref":"refs/heads/deprecate-auto-cache-invalidation","pushedAt":"2023-04-25T04:03:34.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Deprecate automatic cache invalidation in Request#{GET,POST}\n\nAdd Request#clear_{GET,POST} for users to perform manual cache\ninvalidation when replacing env['QUERY_STRING'] or env['rack.input'].\n\nWith this invalidation, env[RACK_REQUEST_QUERY_STRING] and\nenv[RACK_REQUEST_FORM_INPUT] are unnecessary.\n\nIt appears as though env[RACK_REQUEST_FORM_VARS] is already\nunnecessary, as the value is set but never accessed, dating back to\nits introduction in 6c80c6cf86f1f897e08882cb6c9ae731fab1b9c1.\nHowever, even though it is never used by Rack, it apparently is\nused by Rails.  However, Rails usage appears to be limited to\nparameter filtering, and if the RACK_REQUEST_FORM_VARS key wasn't\nset, there would be nothing to filter.  So it's possible Rails\ncould be changed so that if the key was missing, there are no\nproblems (maybe it works like that already, and only the Rails\ntests need updates).","shortMessageHtmlLink":"Deprecate automatic cache invalidation in Request#{GET,POST}"}},{"before":"c1e5fbbb59101c039e8b657c8052e152c572d5ac","after":"ab360dd5ba16361c562bdf482af8ab14141807a6","ref":"refs/heads/main","pushedAt":"2023-04-25T03:20:52.000Z","pushType":"push","commitsCount":232,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Add specs for underscore in host (#2072)","shortMessageHtmlLink":"Add specs for underscore in host (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1682312796\" data-permission-text=\"Title is private\" data-url=\"https://github.com/rack/rack/issues/2072\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/rack/rack/pull/2072/hovercard\" href=\"https://github.com/rack/rack/pull/2072\">rack#2072</a>)"}},{"before":null,"after":"0c0f3b156ca88457eb8e86fe597e07175d72c99f","ref":"refs/heads/host-underscore-spec","pushedAt":"2023-04-25T02:01:28.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Add specs for underscore in host","shortMessageHtmlLink":"Add specs for underscore in host"}},{"before":"aa03ea91319b9521ec9cfa8e7d18cb037b0f181a","after":"a2151ef97b0628e2c09551e28fa6f84deac3881a","ref":"refs/heads/22-fix-http-host","pushedAt":"2023-04-23T23:12:38.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Support underscore in host names for Rack 2.2 (Fixes #2070)\n\nThis makes Rack 2.2 behavior similar to Rack 2.1 and Rack 3.0 in\nregards to underscore in host names.","shortMessageHtmlLink":"Support underscore in host names for Rack 2.2 (<span class=\"issue-keyword tooltipped tooltipped-se\" aria-label=\"This commit closes issue #2070.\">Fixes</span> <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1677372561\" data-permission-text=\"Title is private\" data-url=\"https://github.com/rack/rack/issues/2070\" data-hovercard-type=\"issue\" data-hovercard-url=\"/rack/rack/issues/2070/hovercard\" href=\"https://github.com/rack/rack/issues/2070\">rack#2070</a>)"}},{"before":null,"after":"aa03ea91319b9521ec9cfa8e7d18cb037b0f181a","ref":"refs/heads/22-fix-http-host","pushedAt":"2023-04-23T23:11:49.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Support underscore in host names for Rack 2.2\n\nThis makes Rack 2.2 behavior similar to Rack 2.1 and Rack 3.0 in\nregards to underscore in host names.","shortMessageHtmlLink":"Support underscore in host names for Rack 2.2"}},{"before":"413989d49a2d6b13a9f59029dab096f508198556","after":"42c50a7a6b91758d1d2dadebfaad93b21fec5097","ref":"refs/heads/body-proxy-to_ary-to_str","pushedAt":"2023-03-19T23:54:31.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Support BodyProxy#to_ary if body responds to to_ary\n\nCall BodyProxy#close if BodyProxy#to_ary is called.","shortMessageHtmlLink":"Support BodyProxy#to_ary if body responds to to_ary"}},{"before":"703ba00aaaeb5860eea08f1778f0d8a04072dc4f","after":"413989d49a2d6b13a9f59029dab096f508198556","ref":"refs/heads/body-proxy-to_ary-to_str","pushedAt":"2023-03-19T18:47:02.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Do not allow BodyProxy to respond to to_ary or to_str\n\nThis methods could trigger different behavior in rack that is\nundesired when using BodyProxy.  When using BodyProxy, you always\nwant the caller to iterate through the body using each.\n\nSee https://github.com/rack/rack-test/issues/335 for an example\nwhere allowing BodyProxy to respond to to_str (when provided an\ninvalid rack body) complicated debugging.\n\nBodyProxy already had a spec with a description\n\"not respond to :to_ary\".  While you would assume that this checked\nwhether the body actually responded to to_ary, it did not.  This\nfixes that, making sure that respond_to?(:to_ary) is false, and\ncalling to_ary raises a NoMethodError.  It adds a similar spec for\nto_str.","shortMessageHtmlLink":"Do not allow BodyProxy to respond to to_ary or to_str"}},{"before":null,"after":"703ba00aaaeb5860eea08f1778f0d8a04072dc4f","ref":"refs/heads/body-proxy-to_ary-to_str","pushedAt":"2023-03-19T18:33:31.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Do not allow BodyProxy to respond to to_ary or to_str\n\nThis methods could trigger different behavior in rack that is\nundesired when using BodyProxy.  When using BodyProxy, you always\nwant the caller to iterate through the body using each.\n\nSee https://github.com/rack/rack-test/issues/335 for an example\nwhere allowing BodyProxy to respond to to_str (when provided an\ninvalid rack body) complicated debugging.\n\nBodyProxy already had a spec with a description\n\"not respond to :to_ary\".  While you would assume that this checked\nwhether the body actually responded to to_ary, it did not.  This\nfixes that, making sure that respond_to?(:to_ary) is false, and\ncalling to_ary raises a NoMethodError.  It adds a similar spec for\nto_str.\n\nIf body passed to BodyProxy responds to to_path, have the to_path\nmethod close the body proxy.  Without this, use of Rack::Lock\nwith a body that responds to to_path would result in the mutex\nremaining locked if the server calls to_path and does not iterate\nover the body (which is allowed by SPEC).","shortMessageHtmlLink":"Do not allow BodyProxy to respond to to_ary or to_str"}},{"before":null,"after":"8beebd375c48adcd6a0577d5fee6b3b7dda84d52","ref":"refs/heads/no-equals-nil","pushedAt":"2023-03-16T01:50:59.372Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Make query parameters without = have nil values\n\nThis was Rack's historical behavior.  While it doesn't match\nURL spec section 5.1.3.3, keeping the historical behavior avoids\nall of the complexity required to support the URL spec standard\nby default, but also support frameworks that want to be backwards\ncompatible.\n\nThis keeps as much of the specs added by the recently reverted\ncommits that make sense.","shortMessageHtmlLink":"Make query parameters without = have nil values"}},{"before":null,"after":"f61f3b4d99756f073076dabf224a1548b0627417","ref":"refs/heads/revert-unescape-change","pushedAt":"2023-03-13T19:01:14.156Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Revert the unapproved QueryParser#unescape change\n\nThis change was only made because Samuel couldn't figure out how\nto make the tests pass without the change.  This reverts the code\nand fixes the tests.","shortMessageHtmlLink":"Revert the unapproved QueryParser#unescape change"}},{"before":"99cf828afd29b55edd8b69ff12ea27d91db2add2","after":"acf4de4233a6f47c9a446bfddb850a26d1f97a4c","ref":"refs/heads/string-reuse-1957","pushedAt":"2023-03-13T07:12:45.233Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"ioquatix","name":"Samuel Williams","path":"/ioquatix","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/30030?s=80&v=4"},"commit":{"message":"Handle string reuse by body.each when buffering bodies in Rack::Response\n\nAn alternative approach would be using a single string inside an array\nand appending to that.  This approach is more backwards compatible,\nbut results in more memory usage.\n\nFixes #1957","shortMessageHtmlLink":"Handle string reuse by body.each when buffering bodies in Rack::Response"}},{"before":null,"after":"99cf828afd29b55edd8b69ff12ea27d91db2add2","ref":"refs/heads/string-reuse-1957","pushedAt":"2023-03-07T16:48:33.416Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeremyevans","name":"Jeremy Evans","path":"/jeremyevans","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/3846?s=80&v=4"},"commit":{"message":"Handle string reuse by body.each when buffering bodies in Rack::Response\n\nAn alternative approach would be using a single string inside an array\nand appending to that.  This approach is more backwards compatible,\nbut results in more memory usage.\n\nFixes #1957","shortMessageHtmlLink":"Handle string reuse by body.each when buffering bodies in Rack::Response"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAADcegoZAA","startCursor":null,"endCursor":null}},"title":"Activity · jeremyevans/rack"}