infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/lib/gemcache/ruby/1.9.1/gems/rack-cache-1.2/CHANGES

242 lines
10 KiB
Plaintext
Raw Blame History

## 1.2 / March 2012
* Fix a cookie leak vulnerability effecting large numbers of Rails 3.x installs:
https://github.com/rtomayko/rack-cache/pull/52
* Never 304 on PUT or POST requests.
* Misc bundler and test tooling fixes.
## 1.1 / September 2011
* Allow (INM/IMS) validation requests through to backend on miss. Makes it
possible to use validation for private / uncacheable responses. A number of
people using Rails's stale?() helper reported that their validation logic was
never kicking in.
* Add rack env rack-cache.force-pass option to bypass rack-cache on
per request basis
* Fix an issue with memcache namespace not being set when using the
:namespace option instead of :prefix_key.
* Fix test failures due to MockResponse changes in recent Rack
version (issue #34)
## 1.0.3 / August 2011
* Fix bug passing options to memcached and dalli
* Document cache_key
## 1.0.1 / April 2011
* Added lib/rack-cache.rb to match package name for auto-requiring machinery.
* Fixed a number of issues caused by Rack::Cache not closing the body received
from the application. Rack::Lock and other middleware use body.close to
signal the true end of request processing so failure to call this method
can result in strange issues (e.g.,
"ThreadError: deadlock; recursive locking")
* Fixed a bug where Rack::Cache would blow up writing the rack env to the meta
store when the env contained an all uppercase key whose value wasn't
marshalable. Passenger and some other stuff write such keys apparently.
* The test suite has moved from test-spec to bacon. This is a short term
solution to the problem of not being able to run tests under Ruby 1.9.x.
The test suite will be moved to basic Test::Unit style sometime in the
future.
## 1.0 / December 2010
* Rack::Cache is 1.0 and will now maintain semantic versioning <http://semver.org/>
* Add Dalli memcache client support and removed support for the unmaintained
memcache-client library. You will need to move your apps to Dalli before
upgrading rack-cache to 1.0.
## 0.5.3 / September 2010
* A matching If-Modified-Since is ignored if an If-None-Match is also provided
and doesn't match. This is in line with RFC 2616.
* Converts string status codes to integers before returns to workaround bad
behaving rack middleware and apps.
* Misc doc clean up.
## 0.5.2 / September 2009
* Exceptions raised from the metastore are not fatal. This makes a lot of
sense in most cases because its okay for the cache to be down - it
shouldn't blow up your app.
## 0.5.1 / June 2009
* Added support for memcached clusters and other advanced
configuration provided by the memcache-client and memcached
libraries. The "metastore" and "entitystore" options can now be
set to a MemCache object or Memcached object:
memcache = MemCache.new(['127.1.1.1', '127.1.1.2'], :namespace => "/foo")
use Rack::Cache,
:metastore => memcache,
:entitystore => memcache
* Fix "memcached://" metastore URL handling. The "memcached" variation
blew up, the "memcache" version was fine.
## 0.5.0 / May 2009
* Added meta and entity store implementations based on the
memcache-client library. These are the default unless the memcached
library has already been required.
* The "allow_reload" and "allow_revalidate" options now default to
false instead of true. This means we break with RFC 2616 out of
the box but this is the expected configuration in a huge majority
of gateway cache scenarios. See the docs on configuration
options for more information on these options:
http://tomayko.com/src/rack-cache/configuration
* Added Google AppEngine memcache entity store and metastore
implementations. To use GAE's memcache with rack-cache, set the
"metastore" and "entitystore" options as follows:
use Rack::Cache,
:metastore => 'gae://cache-meta',
:entitystore => 'gae://cache-body'
The 'cache-meta' and 'cache-body' parts are memcache namespace
prefixes and should be set to different values.
## 0.4.0 / March 2009
* Ruby 1.9.1 / Rack 1.0 compatible.
* Invalidate cache entries that match the request URL on non-GET/HEAD
requests. i.e., POST, PUT, DELETE cause matching cache entries to
be invalidated. The cache entry is validated with the backend using
a conditional GET the next time it's requested.
* Implement "Cache-Control: max-age=N" request directive by forcing
validation when the max-age provided exceeds the age of the cache
entry. This can be disabled by setting the "allow_revalidate" option to
false.
* Properly implement "Cache-Control: no-cache" request directive by
performing a full reload. RFC 2616 states that when "no-cache" is
present in the request, the cache MUST NOT serve a stored response even
after successful validation. This is slightly different from the
"no-cache" directive in responses, which indicates that the cache must
first validate its entry with the origin. Previously, we implemented
"no-cache" on requests by passing so no new cache entry would be stored
based on the response. Now we treat it as a forced miss and enter the
response into the cache if it's cacheable. This can be disabled by
setting the "allow_reload" option to false.
* Assume identical semantics for the "Pragma: no-cache" request header
as the "Cache-Control: no-cache" directive described above.
* Less crazy logging. When the verbose option is set, a single log entry
is written with a comma separated list of trace events. For example, if
the cache was stale but validated, the following log entry would be
written: "cache: stale, valid, store". When the verbose option is false,
no logging occurs.
* Added "X-Rack-Cache" response header with the same comma separated trace
value as described above. This gives some visibility into how the cache
processed the request.
* Add support for canonicalized cache keys, as well as custom cache key
generators, which are specified in the options as :cache_key as either
any object that has a call() or as a block. Cache key generators get
passed a request object and return a cache key string.
## 0.3.0 / December 2008
* Add support for public and private cache control directives. Responses
marked as explicitly public are cached even when the request includes
an Authorization or Cookie header. Responses marked as explicitly private
are considered uncacheable.
* Added a "private_headers" option that dictates which request headers
trigger default "private" cache control processing. By default, the
Cookie and Authorization headers are included. Headers may be added or
removed as necessary to change the default private logic.
* Adhere to must-revalidate/proxy-revalidate cache control directives by
not assigning the default_ttl to responses that don't include freshness
information. This should let us begin using default_ttl more liberally
since we can control it using the must-revalidate/proxy-revalidate directives.
* Use the s-maxage Cache-Control value in preference to max-age when
present. The ttl= method now sets the s-maxage value instead of max-age.
Code that used ttl= to control freshness at the client needs to change
to set the max-age directive explicitly.
* Enable support for X-Sendfile middleware by responding to #to_path on
bodies served from disk storage. Adding the Rack::Sendfile component
upstream from Rack::Cache will result in cached bodies being served
directly by the web server (instead of being read in Ruby).
* BUG: MetaStore hits but EntityStore misses. This would 500 previously; now
we detect it and act as if the MetaStore missed as well.
* Implement low level #purge method on all concrete entity store
classes -- removes the entity body corresponding to the SHA1 key
provided and returns nil.
* Basically sane handling of HEAD requests. A HEAD request is never passed
through to the backend except when transitioning with pass!. This means
that the cache responds to HEAD requests without invoking the backend at
all when the cached entry is fresh. When no cache entry exists, or the
cached entry is stale and can be validated, the backend is invoked with
a GET request and the HEAD is handled right before the response
is delivered upstream.
* BUG: The Age response header was not being set properly when a stale
entry was validated. This would result in Age values that exceeded
the freshness lifetime in responses.
* BUG: A cached entry in a heap meta store could be unintentionally
modified by request processing since the cached objects were being
returned directly. The result was typically missing/incorrect header
values (e.g., missing Content-Type header). [dkubb]
* BUG: 304 responses should not include entity headers (especially
Content-Length). This is causing Safari/WebKit weirdness on 304
responses.
* BUG: The If-None-Match header was being ignored, causing the cache
to send 200 responses to matching conditional GET requests.
## 0.2.0 / 2008-10-24 / Initial Release
* Document events and transitions in `rack/cache/config/default.rb`
* Basic logging support (`trace`, `warn`, `info`, `error` from within Context)
* EntityStore: store entity bodies keyed by SHA
* MetaStore: store response headers keyed by URL
* Last-Modified/ETag validation
* Vary support
* Implement error! transition
* New Rack::Cache::Core
* memcached meta and entity store implementations
* URI based storage configuration
* Read options from Rack env if present (rack-cache.XXX keys)
* `object` is now `entry`
* Documentation framework and website
* Document storage areas and implementations
* Document configuration/events
## 0.1.0 / 2008-07-21 / Proof of concept (unreleased)
* Basic core with event support
* `#import` method for bringing in config files
* Freshness based expiration
* RFC 2616 If-Modified-Since based validation
* A horribly shitty storage back-end (Hash in mem)
* Don't cache hop-by-hop headers: Connection, Keep-Alive, Proxy-Authenticate,
Proxy-Authorization, TE, Trailers, Transfer-Encoding, Upgrade
Reference in New Issue View Git Blame Copy Permalink