[SEC][ANN] Rack 1.5.0, a modular Ruby webserver interface
923 views
Skip to first unread message
jftu...@gmail.com
Jan 22, 2013, 2:46:10 AM1/22/13
to ruby...@ruby-lang.org, rack-...@googlegroups.com, rack...@googlegroups.com
Hello,
Today we are proud to announce the release of Rack 1.5.0.
= Rack, a modular Ruby webserver interface
Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
The exact details of this are described in the Rack specification, which all Rack applications should conform to.
== Changes
Please note that this release includes a few potentially breaking changes.
Of particular note are:
* SessionHash is no longer a Hash sublcass
* Rack::File cache_control parameter is removed in place of headers options
Additonally, SPEC has been updated in several areas and is now at 1,2.
A new SPEC section was introduced that provides two server-optional IO hijacking
APIs. Further information on these APIs will be made available by the community
in good time. In the mean time, some information can be found in the original
pull request: https://github.com/rack/rack/pull/481
* January 21st, 2013: Thirty third public release 1.5.0
* Introduced hijack SPEC, for before-response and after-response hijacking
* SessionHash is no longer a Hash subclass
* Rack::File cache_control parameter is removed, in place of headers options
* Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
* Rack::Utils cookie functions now format expires in RFC 2822 format
* Rack::File now has a default mime type
* rackup -b 'run Rack::File.new(".")', option provides command line configs
* Rack::Deflater will no longer double encode bodies
* Rack::Mime#match? provides convenience for Accept header matching
* Rack::Utils#q_values provides splitting for Accept headers
* Rack::Utils#best_q_match provides a helper for Accept headers
* Rack::Handler.pick provides convenience for finding available servers
* Puma added to the list of default servers (preferred over Webrick)
* Various middleware now correctly close body when replacing it
* Rack::Request#params is no longer persistent with only GET params
* Rack::Request#update_param and #delete_param provide persistent operations
* Rack::Request#trusted_proxy? now returns true for local unix sockets
* Rack::Response no longer forces Content-Types
* Rack::Sendfile provides local mapping configuration options
* Rack::Utils#rfc2109 provides old netscape style time output
* Updated HTTP status codes
* Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
== Where can I get it?
You can download Rack at
http://chneukirchen.org/releases/rack-1.5.0.tar.gz (upload pending at time of writing)
http://rubyforge.org/projects/rack
Alternatively, you can checkout from the development repository with:
git clone git://github.com/rack/rack.git
cd rack && git checkout rack-1.5 # for this release
Happy hacking and have a nice day,
James Tucker
on behalf of the Rack Core Team.
9f506c84a6edbeb8c98f381e8edce15e7ae08324 rack-1.5.0.tar.gz
71b6627efbc8795bd3077eff9850fcb508d57ea3 rack-1.5.0.gem
Today we are proud to announce the release of Rack 1.5.0.
= Rack, a modular Ruby webserver interface
Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
The exact details of this are described in the Rack specification, which all Rack applications should conform to.
== Changes
Please note that this release includes a few potentially breaking changes.
Of particular note are:
* SessionHash is no longer a Hash sublcass
* Rack::File cache_control parameter is removed in place of headers options
Additonally, SPEC has been updated in several areas and is now at 1,2.
A new SPEC section was introduced that provides two server-optional IO hijacking
APIs. Further information on these APIs will be made available by the community
in good time. In the mean time, some information can be found in the original
pull request: https://github.com/rack/rack/pull/481
* January 21st, 2013: Thirty third public release 1.5.0
* Introduced hijack SPEC, for before-response and after-response hijacking
* SessionHash is no longer a Hash subclass
* Rack::File cache_control parameter is removed, in place of headers options
* Rack::Auth::AbstractRequest#scheme now yields strings, not symbols
* Rack::Utils cookie functions now format expires in RFC 2822 format
* Rack::File now has a default mime type
* rackup -b 'run Rack::File.new(".")', option provides command line configs
* Rack::Deflater will no longer double encode bodies
* Rack::Mime#match? provides convenience for Accept header matching
* Rack::Utils#q_values provides splitting for Accept headers
* Rack::Utils#best_q_match provides a helper for Accept headers
* Rack::Handler.pick provides convenience for finding available servers
* Puma added to the list of default servers (preferred over Webrick)
* Various middleware now correctly close body when replacing it
* Rack::Request#params is no longer persistent with only GET params
* Rack::Request#update_param and #delete_param provide persistent operations
* Rack::Request#trusted_proxy? now returns true for local unix sockets
* Rack::Response no longer forces Content-Types
* Rack::Sendfile provides local mapping configuration options
* Rack::Utils#rfc2109 provides old netscape style time output
* Updated HTTP status codes
* Ruby 1.8.6 likely no longer passes tests, and is no longer fully supported
== Where can I get it?
You can download Rack at
http://chneukirchen.org/releases/rack-1.5.0.tar.gz (upload pending at time of writing)
http://rubyforge.org/projects/rack
Alternatively, you can checkout from the development repository with:
git clone git://github.com/rack/rack.git
cd rack && git checkout rack-1.5 # for this release
Happy hacking and have a nice day,
James Tucker
on behalf of the Rack Core Team.
9f506c84a6edbeb8c98f381e8edce15e7ae08324 rack-1.5.0.tar.gz
71b6627efbc8795bd3077eff9850fcb508d57ea3 rack-1.5.0.gem
raggi
Jan 22, 2013, 2:46:54 AM1/22/13
to ruby-talk ML, rack-...@googlegroups.com, ruby...@ruby-lang.org, rack...@googlegroups.com
My sincerest apologies, this was not a SEC release.
Eric Wong
Jan 22, 2013, 5:08:02 AM1/22/13
to rack-...@googlegroups.com, ruby...@ruby-lang.org, rack...@googlegroups.com
SPEC still says this:
<tt>rack.version</tt>:: The Array [1,1], representing this version of Rack.
I take it 1,2-compliant servers should set [1,2] there instead?
> A new SPEC section was introduced that provides two server-optional IO hijacking
> APIs. Further information on these APIs will be made available by the community
> in good time. In the mean time, some information can be found in the original
> pull request: https://github.com/rack/rack/pull/481
Cool. Should be easy for unicorn, and some configurations of Rainbows!/zbatery.
<tt>rack.version</tt>:: The Array [1,1], representing this version of Rack.
I take it 1,2-compliant servers should set [1,2] there instead?
> A new SPEC section was introduced that provides two server-optional IO hijacking
> APIs. Further information on these APIs will be made available by the community
> in good time. In the mean time, some information can be found in the original
> pull request: https://github.com/rack/rack/pull/481
Hongli Lai
Jan 22, 2013, 1:14:33 PM1/22/13
to rack-...@googlegroups.com, ruby...@ruby-lang.org, rack...@googlegroups.com
We've also implemented the socket hijacking API in the upcoming Phusion Passenger 4: https://github.com/FooBarWidget/passenger/commit/c5b5b2e76034f7c7010c46aefc08967240eda122
Eric Wong
Jan 22, 2013, 7:27:43 PM1/22/13
to rack-...@googlegroups.com
(culling Cc:)
Eric Wong <normal...@yhbt.net> wrote:
> jftu...@gmail.com wrote:
> > Additonally, SPEC has been updated in several areas and is now at 1,2.
>
> SPEC still says this:
>
> <tt>rack.version</tt>:: The Array [1,1], representing this version of Rack.
>
> I take it 1,2-compliant servers should set [1,2] there instead?
>
> > A new SPEC section was introduced that provides two server-optional IO hijacking
> > APIs. Further information on these APIs will be made available by the community
> > in good time. In the mean time, some information can be found in the original
> > pull request: https://github.com/rack/rack/pull/481
So once a connection is hijacked, there's no un-hijacking, correct?
The server needs to completely ignore the normal Rack response
(I also just posted a Rack::Lint patch here to that effect)
> Cool. Should be easy for unicorn, and some configurations of
> Rainbows!/zbatery.
I'm setting env["rack.version"] to [1,2] in my unicorn hijack branch.
Would greatly appreciate ACK/NACK on whether this is the way to go.
Original patch to implement hijack:
http://mid.gmane.org/2013012211...@dcvr.yhbt.net
Followup to ignore responses for hijacked requests:
http://mid.gmane.org/2013012223...@dcvr.yhbt.net
Eric Wong <normal...@yhbt.net> wrote:
> jftu...@gmail.com wrote:
> > Additonally, SPEC has been updated in several areas and is now at 1,2.
>
> SPEC still says this:
>
> <tt>rack.version</tt>:: The Array [1,1], representing this version of Rack.
>
> I take it 1,2-compliant servers should set [1,2] there instead?
>
> > A new SPEC section was introduced that provides two server-optional IO hijacking
> > APIs. Further information on these APIs will be made available by the community
> > in good time. In the mean time, some information can be found in the original
> > pull request: https://github.com/rack/rack/pull/481
The server needs to completely ignore the normal Rack response
(I also just posted a Rack::Lint patch here to that effect)
> Cool. Should be easy for unicorn, and some configurations of
> Rainbows!/zbatery.
Would greatly appreciate ACK/NACK on whether this is the way to go.
Original patch to implement hijack:
http://mid.gmane.org/2013012211...@dcvr.yhbt.net
Followup to ignore responses for hijacked requests:
http://mid.gmane.org/2013012223...@dcvr.yhbt.net
Hongli Lai
Jan 23, 2013, 5:40:50 PM1/23/13
to rack-...@googlegroups.com
We've written an article on how the hijacking API works: http://blog.phusion.nl/2013/01/23/the-new-rack-socket-hijacking-api/
James Tucker
Jan 26, 2013, 2:11:11 PM1/26/13
to rack-...@googlegroups.com
On Jan 22, 2013, at 4:27 PM, Eric Wong <normal...@yhbt.net> wrote:
> (culling Cc:)
>
> Eric Wong <normal...@yhbt.net> wrote:
>> jftu...@gmail.com wrote:
>>> Additonally, SPEC has been updated in several areas and is now at 1,2.
>>
>> SPEC still says this:
>>
>> <tt>rack.version</tt>:: The Array [1,1], representing this version of Rack.
>>
>> I take it 1,2-compliant servers should set [1,2] there instead?
>>
>>> A new SPEC section was introduced that provides two server-optional IO hijacking
>>> APIs. Further information on these APIs will be made available by the community
>>> in good time. In the mean time, some information can be found in the original
>>> pull request: https://github.com/rack/rack/pull/481
>
> So once a connection is hijacked, there's no un-hijacking, correct?
> The server needs to completely ignore the normal Rack response
> (I also just posted a Rack::Lint patch here to that effect)
>
>> Cool. Should be easy for unicorn, and some configurations of
>> Rainbows!/zbatery.
>
> I'm setting env["rack.version"] to [1,2] in my unicorn hijack branch.
> Would greatly appreciate ACK/NACK on whether this is the way to go.
Only had a quick scan, but LGTM.
Reply all
Reply to author
Forward
0 new messages