From cd4c9f0e4befccd53c3f03ed9af8c9a9c438d0a9 Mon Sep 17 00:00:00 2001 From: kimulab Date: Wed, 18 Jan 2023 12:45:25 +0900 Subject: [PATCH 1/3] Correct the year in the changelog (#2015) --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff8a58e00..377f5287c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,16 +2,16 @@ All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/). -## [2.2.6.2] - 2022-01-17 +## [2.2.6.2] - 2023-01-17 - [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges -## [2.2.6.1] - 2022-01-17 +## [2.2.6.1] - 2023-01-17 - [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser - [CVE-2022-44572] Forbid control characters in attributes (also ReDoS) -## [2.2.6] - 2022-01-17 +## [2.2.6] - 2023-01-17 - Extend `Rack::MethodOverride` to handle `QueryParser::ParamsTooDeepError` error. ([#2011](https://github.com/rack/rack/pull/2011), [@byroot](https://github.com/byroot)) From e5a30bf548d3ff44c1390b3273c9a51e632ff220 Mon Sep 17 00:00:00 2001 From: Jeremy Evans Date: Mon, 24 Apr 2023 16:16:53 -0700 Subject: [PATCH 2/3] Support underscore in host names for Rack 2.2 (Fixes #2070) (#2071) This makes Rack 2.2 behavior similar to Rack 2.1 and Rack 3.0 in regards to underscore in host names. --- lib/rack/request.rb | 2 +- test/spec_request.rb | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/rack/request.rb b/lib/rack/request.rb index fea984590..0bd8ee458 100644 --- a/lib/rack/request.rb +++ b/lib/rack/request.rb @@ -608,7 +608,7 @@ def split_header(value) (?[\d\.]+) | # A hostname: - (?[a-zA-Z0-9\.\-]+) + (?[a-zA-Z0-9\.\-_]+) ) # The optional port: (:(?\d+))? diff --git a/test/spec_request.rb b/test/spec_request.rb index 51cfcdc88..db52dea29 100644 --- a/test/spec_request.rb +++ b/test/spec_request.rb @@ -121,6 +121,11 @@ class RackRequestTest < Minitest::Spec req.host.must_equal "123foo.example.com" req.hostname.must_equal "123foo.example.com" + req = make_request \ + Rack::MockRequest.env_for("/", "HTTP_HOST" => "some_service:3001") + req.host.must_equal "some_service" + req.hostname.must_equal "some_service" + req = make_request \ Rack::MockRequest.env_for("/", "SERVER_NAME" => "example.org", "SERVER_PORT" => "9292") req.host.must_equal "example.org" @@ -156,6 +161,10 @@ class RackRequestTest < Minitest::Spec Rack::MockRequest.env_for("/", "HTTP_HOST" => "www2.example.org:81") req.port.must_equal 81 + req = make_request \ + Rack::MockRequest.env_for("/", "HTTP_HOST" => "some_service:3001") + req.port.must_equal 3001 + req = make_request \ Rack::MockRequest.env_for("/", "SERVER_NAME" => "example.org", "SERVER_PORT" => "9292") req.port.must_equal 9292 From 983b6e3b29a2048a86518c008fc46f4c86105683 Mon Sep 17 00:00:00 2001 From: Samuel Williams Date: Tue, 25 Apr 2023 11:21:25 +1200 Subject: [PATCH 3/3] Bump patch version. --- lib/rack/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rack/version.rb b/lib/rack/version.rb index d451de434..1aee4daa7 100644 --- a/lib/rack/version.rb +++ b/lib/rack/version.rb @@ -20,7 +20,7 @@ def self.version VERSION.join(".") end - RELEASE = "2.2.6.4" + RELEASE = "2.2.7" # Return the Rack release as a dotted string. def self.release