Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: rack/rack
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.2.8
Choose a base ref
...
head repository: rack/rack
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.2.8.1
Choose a head ref
  • 4 commits
  • 4 files changed
  • 2 contributors

Commits on Feb 21, 2024

  1. Fixing ReDoS in header parsing 

    Thanks svalkanov

[CVE-2024-26146]
    @tenderlove
    tenderlove committed Feb 21, 2024
    Configuration menu
    Copy the full SHA
    e4c1177 View commit details
    Browse the repository at this point in the history

  2. Return an empty array when ranges are too large 

    If the sum of the requested ranges is larger than the file itself,
return an empty array. In other words, refuse to respond with any bytes.

[CVE-2024-26141]
    @tenderlove
    tenderlove committed Feb 21, 2024
    Configuration menu
    Copy the full SHA
    6245768 View commit details
    Browse the repository at this point in the history

  3. Avoid 2nd degree polynomial regexp in MediaType

    @byroot @tenderlove
    byroot authored and tenderlove committed Feb 21, 2024
    Configuration menu
    Copy the full SHA
    d9c163a View commit details
    Browse the repository at this point in the history

  4. bump version

    @tenderlove
    tenderlove committed Feb 21, 2024
    Configuration menu
    Copy the full SHA
    e830011 View commit details
    Browse the repository at this point in the history
Loading