[ANN] [SECURITY] Rack 0.9.1, a modular Ruby webserver interface

< ^ > P N |<>|^_>< --- | ~ ...Help
Hello,

Today we release Rack 0.9.1.  This release is a *security release*, it
only fixes directory traversal exploits in Rack::File and
Rack::Directory, dating back to Rack 0.3.  Updating is highly
recommended if you use these modules.

= Rack, a modular Ruby webserver interface

Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby.  By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.

The exact details of this are described in the Rack specification,
which all Rack applications should conform to.

== Changes

* January 9th, 2009: Sixth public release 0.9.1.
  * Fix directory traversal exploits in Rack::File and Rack::Directory.

== Where can I get it?

You can download Rack 0.9.1 at

        http://chneukirchen.org/releases/rack-0.9.1.tar.gz
                  http://rubyforge.org/projects/rack

Alternatively, you can checkout from the development repository with:

    git clone git://github.com/rack/rack.git
    cd rack && git checkout rack-0.9   # for this release

== Installing with RubyGems

A Gem of Rack is available.  You can install it with:

    gem install rack

I also provide a local mirror of the gems (and development snapshots)
at my site:

    gem install rack --source http://chneukirchen.org/releases/gems/

== Contact

Please mail bugs, suggestions and patches to
<mailto:rack-devel / googlegroups.com>.

Mailing list archives are available at
<http://groups.google.com/group/rack-devel>.

There is a bug tracker at <http://rack.lighthouseapp.com/>.

Git repository (patches rebased on master are most welcome):
* http://github.com/rack/rack
* http://git.vuxu.org/cgi-bin/gitweb.cgi?p=rack.git

You are also welcome to join the #rack channel on irc.freenode.net.

== Thanks

The Rack Core Team, consisting of

* Christian Neukirchen (chneukirchen)
* James Tucker (raggi)
* Josh Peek (josh)
* Michael Fellinger (manveru)
* Ryan Tomayko (rtomayko)
* Scytrin dai Kinthra (scytrin)

would like to thank:

* Tom Robinson, for finding and reporting these bugs.

== Copyright

Copyright (C) 2007, 2008, 2009 Christian Neukirchen <http://purl.org/net/chneukirchen>

Rack is freely distributable under the terms of an MIT-style license.

== Links

Rack:: <http://rack.rubyforge.org/>
Rack's Rubyforge project:: <http://rubyforge.org/projects/rack>
Official Rack repositories:: <http://github.com/rack>
rack-devel mailing list:: <http://groups.google.com/group/rack-devel>

Happy hacking and have a nice day,
Christian Neukirchen
on behalf of the Rack Core Team.

237e24207b39c384d78c266d86bbf2a0808dc417	rack-0.9.1.tar.gz
d3383a4b4abfc2de43df69d1fd7f24995a6e5fe4	rack-0.9.1.gem