Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 11 commits
- 14 files changed
- 4 contributors
Commits on Jan 20, 2023
Commits on Mar 2, 2023
-
Limit all multipart parts, not just files
Previously we would limit the number of multipart parts which were files, but not other parts. In some cases this could cause parsing of maliciously crafted inputs to take longer than expected. [CVE-2023-27530]
-
-
Merge branch '3-0-sec' into 3-0-stable
* 3-0-sec: bump version Limit all multipart parts, not just files
Commits on Mar 12, 2023
-
test-external.yaml - use ruby/setup-ruby-pkgs (#2048)
# Conflicts: # .github/workflows/test-external.yaml
-
Split form/query parsing into two steps (#2038)
* Split form/query parsing into two steps First we parse the raw input into a stream of [key, value] pairs, and only after that do we expand that into the deep params hash. This allows a user to operate directly on the pair stream if they need to apply different semantics, without needing to rewind the input, and without creating a conflict with anything else (like a middleware) that wants to use Rack's standard GET / POST hash format.
-
Commits on Mar 13, 2023
-
Add
QueryParser#missing_valuefor handling missing values + tests. (#……2052) # Conflicts: # lib/rack/query_parser.rb
-
-
Split headers on commas, then strip the strings in order to avoid ReDoS issues. [CVE-2023-27539]
-
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v3.0.4.1...v3.0.6.1