diff options
author | James Tucker <jftucker@gmail.com> | 2013-01-13 13:55:50 -0800 |
---|---|---|
committer | James Tucker <jftucker@gmail.com> | 2013-01-13 13:57:43 -0800 |
commit | f14f52a96c3004e818c6cd58e68d87f9d690d7a0 (patch) | |
tree | 724ab001db9a00c7a0a507d74e2515977aaad712 | |
parent | e52d7410fc652671a692fa574688c0695b3f4659 (diff) | |
download | rack-f14f52a96c3004e818c6cd58e68d87f9d690d7a0.tar.gz |
Update README for release. Add security section.
Conflicts: README
-rw-r--r-- | README | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -469,11 +469,27 @@ run on port 11211) and memcache-client installed. * Rack::BodyProxy now explicitly defines #each, useful for C extensions * Cookies that are not URI escaped no longer cause exceptions +* January 7th, 2013: Thirtieth public release 1.3.8 + * Security: Prevent unbounded reads in large multipart boundaries + +* January 7th, 2013: Thirty first public release 1.4.3 + * Security: Prevent unbounded reads in large multipart boundaries + +* January 13th, 2013: Thirty second public release 1.4.4, 1.3.9, 1.2.7, 1.1.5 + * [SEC] Rack::Auth::AbstractRequest no longer symbolizes arbitrary strings + * Fixed erroneous test case in the 1.3.x series + == Contact Please post bugs, suggestions and patches to the bug tracker at <http://github.com/rack/rack/issues>. +Please post security related bugs and suggestions to the core team at +<https://groups.google.com/group/rack-core> or rack-core@googlegroups.com. Due +to wide usage of the library, it is strongly preferred that we manage timing in +order to provide viable patches at the time of disclosure. Your assistance in +this matter is greatly appreciated. + Mailing list archives are available at <http://groups.google.com/group/rack-devel>. |