---
- branch: MAIN
  date: Fri Mar 13 17:31:37 UTC 2015
  files:
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/www/ruby-rack-ssl/Makefile
    pathrev: pkgsrc/www/ruby-rack-ssl/Makefile@1.5
    type: modified
  - new: '1.4'
    old: '1.3'
    path: pkgsrc/www/ruby-rack-ssl/distinfo
    pathrev: pkgsrc/www/ruby-rack-ssl/distinfo@1.4
    type: modified
  - new: '0'
    old: '1.1'
    path: pkgsrc/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb
    pathrev: pkgsrc/www/ruby-rack-ssl/patches/patch-lib_rack_ssl.rb@0
    type: deleted
  id: 20150313T173137Z.c8971bfb36c8a6dd545122ee67949178fa0f8382
  log: |
    Update ruby-rack-ssl to 1.4.1.

    * As per spec, don't include STS header in non-https responses
    * Handle bad URIs gracefully.

      Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
      the resulting exception. This creates an attack vector for XSS attacks.

    * Added more installation/usage instructions into the README

    * Return 400 instead of 404 in case of InvalidURIError

    * Include Content-Type in 400 response.
      To stay compatible with old Rack versions.

    * Skip URI parsing Request#url
      URI may fail to parse some legit URL paths.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/ruby-rack-ssl'
  unixtime: '1426267897'
  user: taca