Merge branch 'maint'

* maint: Rainbows! 0.91.1 - use a less-broken parser from Unicorn
author: Eric Wong <normalperson@yhbt.net> 2010-04-19 15:45:44 -0700
committer: Eric Wong <normalperson@yhbt.net> 2010-04-19 15:45:44 -0700
commit: 85316b09eba1443508e78237b56e42292ab3b127 (patch)
tree: 9a287d30c1f8bf879360b0e4267dcda7187be4d3 /rainbows.gemspec
parent: 72fdcf1c39c2a143d7abd8d2609e92311edff341 (diff)
parent: 3d0558d7c80c63bab48eb561fdb7e3d580428b01 (diff)
download: rainbows-85316b09eba1443508e78237b56e42292ab3b127.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/rainbows.gemspec b/rainbows.gemspec
index 0fda618..579088f 100644
--- a/rainbows.gemspec
+++ b/rainbows.gemspec
@@ -41,9 +41,9 @@ Gem::Specification.new do |s|
    s.test_files = test_files
  
    # we need Unicorn for the HTTP parser and process management
-  # The HTTP parser in Unicorn < 0.96.1 did not use the Ruby
-  # API correctly and resulted in a memory leak
-  s.add_dependency(%q<unicorn>, ["~> 0.97.0"])
+  # The HTTP parser in Unicorn <= 0.97.0 was vulnerable to a remote DoS
+  # when exposed directly to untrusted clients.
+  s.add_dependency(%q<unicorn>, ["~> 0.97.1"])
  
    # Unicorn already depends on Rack
    # s.add_dependency(%q<rack>)
author	Eric Wong <normalperson@yhbt.net>	2010-04-19 15:45:44 -0700
committer	Eric Wong <normalperson@yhbt.net>	2010-04-19 15:45:44 -0700
commit	85316b09eba1443508e78237b56e42292ab3b127 (patch)
tree	9a287d30c1f8bf879360b0e4267dcda7187be4d3 /rainbows.gemspec
parent	72fdcf1c39c2a143d7abd8d2609e92311edff341 (diff)
parent	3d0558d7c80c63bab48eb561fdb7e3d580428b01 (diff)
download	rainbows-85316b09eba1443508e78237b56e42292ab3b127.tar.gz