Forum: Ruby [SECURITY] Rack 0.9.1, a modular Ruby webserver interface

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Christian N. (Guest)
on 2009-01-09 19:01
(Received via mailing list)

Today we release Rack 0.9.1.  This release is a *security release*, it
only fixes directory traversal exploits in Rack::File and
Rack::Directory, dating back to Rack 0.3.  Updating is highly
recommended if you use these modules.

= Rack, a modular Ruby webserver interface

Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby.  By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.

The exact details of this are described in the Rack specification,
which all Rack applications should conform to.

== Changes

* January 9th, 2009: Sixth public release 0.9.1.
  * Fix directory traversal exploits in Rack::File and Rack::Directory.

== Where can I get it?

You can download Rack 0.9.1 at

Alternatively, you can checkout from the development repository with:

    git clone git://
    cd rack && git checkout rack-0.9   # for this release

== Installing with RubyGems

A Gem of Rack is available.  You can install it with:

    gem install rack

I also provide a local mirror of the gems (and development snapshots)
at my site:

    gem install rack --source

== Contact

Please mail bugs, suggestions and patches to

Mailing list archives are available at

There is a bug tracker at <>.

Git repository (patches rebased on master are most welcome):

You are also welcome to join the #rack channel on

== Thanks

The Rack Core Team, consisting of

* Christian N. (chneukirchen)
* James T. (raggi)
* Josh P. (josh)
* Michael F. (manveru)
* Ryan T. (rtomayko)
* Scytrin dai Kinthra (scytrin)

would like to thank:

* Tom R., for finding and reporting these bugs.

== Copyright

Copyright (C) 2007, 2008, 2009 Christian N.

Rack is freely distributable under the terms of an MIT-style license.

== Links

Rack:: <>
Rack's Rubyforge project:: <>
Official Rack repositories:: <>
rack-devel mailing list:: <>

Happy hacking and have a nice day,
Christian N.
on behalf of the Rack Core Team.

237e24207b39c384d78c266d86bbf2a0808dc417  rack-0.9.1.tar.gz
d3383a4b4abfc2de43df69d1fd7f24995a6e5fe4  rack-0.9.1.gem
This topic is locked and can not be replied to.