-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Permalink
Choose a base ref
{{ refName }}
default
Choose a head ref
{{ refName }}
default
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
base repository: rack/rack
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.2.5
Could not load branches
Nothing to show
Loading
Could not load tags
Nothing to show
{{ refName }}
default
Loading
...
head repository: rack/rack
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.2.6.2
Could not load branches
Nothing to show
Loading
Could not load tags
Nothing to show
{{ refName }}
default
Loading
- 8 commits
- 6 files changed
- 5 contributors
Commits on Jan 16, 2023
-
Rack::MethodOverride handle QueryParser::ParamsTooDeepError (#2011)
This middleware already handle two types of parsing issues but somehow not this one. Co-authored-by: Jean Boussier <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c0f9de4 - Browse repository at this point
Copy the full SHA c0f9de4View commit details -
Configuration menu - View commit details
-
Copy full SHA for ea39e49 - Browse repository at this point
Copy the full SHA ea39e49View commit details
Commits on Jan 17, 2023
-
Forbid control characters in attributes
This commit restricts the characters accepted in ATTRIBUTE_CHAR, forbidding control characters and fixing a ReDOS vulnerability. This also now should fully follow the RFCs. RFC 2231, Section 7 specifies: attribute-char := <any (US-ASCII) CHAR except SPACE, CTLs, "*", "'", "%", or tspecials> RFC 2045, Appendix A specifies: tspecials := "(" / ")" / "<" / ">" / "@" / "," / ";" / ":" / "\" / <"> "/" / "[" / "]" / "?" / "=" RFC 822, Section 3.3 specifies: CTL = <any ASCII control ; ( 0- 37, 0.- 31.) character and DEL> ; ( 177, 127.) SPACE = <ASCII SP, space> ; ( 40, 32.) [CVE-2022-44572]Configuration menu - View commit details
-
Copy full SHA for 19e49f0 - Browse repository at this point
Copy the full SHA 19e49f0View commit details -
Fix ReDoS vulnerability in multipart parser
This commit fixes a ReDoS vulnerability when parsing the Content-Disposition field in multipart attachments Thanks to @ooooooo_q for the patch! [CVE-2022-44571]
Configuration menu - View commit details
-
Copy full SHA for ee25ab9 - Browse repository at this point
Copy the full SHA ee25ab9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3677f17 - Browse repository at this point
Copy the full SHA 3677f17View commit details -
Configuration menu - View commit details
-
Copy full SHA for 20bc90c - Browse repository at this point
Copy the full SHA 20bc90cView commit details -
Fix ReDoS in Rack::Utils.get_byte_ranges
This commit fixes a ReDoS problem in `get_byte_ranges`. Thanks @ooooooo_q for the patch! [CVE-2022-44570]
Configuration menu - View commit details
-
Copy full SHA for f6d4f52 - Browse repository at this point
Copy the full SHA f6d4f52View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2606ac5 - Browse repository at this point
Copy the full SHA 2606ac5View commit details
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v2.2.5...v2.2.6.2