[SECURITY] Rack 1.1.2 / Rack 1.2.2, a modular Ruby webserver interface


Today we are proud to announce the release of Rack 1.1.2 and 1.2.2.

= Rack, a modular Ruby webserver interface

Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.

The exact details of this are described in the Rack specification,
which all Rack applications should conform to.

== Changes

  • March 13th, 2011: Twelfth public release 1.2.2/1.1.2.
    • Security fix in Rack::Auth::Digest::MD5: when authenticator
      returned nil, permission was granted on empty password.

== Where can I get it?

You can download Rack 1.2.2 at


You can download Rack 1.1.2 at


Alternatively, you can checkout from the development repository with:

git clone git://github.com/rack/rack.git
cd rack && git checkout rack-1.1
cd rack && git checkout rack-1.2

== Thanks

Thanks to Brad E. for the patch.

Happy hacking and have a nice day,
Christian N.
on behalf of the Rack Core Team.

26f0cb983fa8f64ab406184ba84e268c428c3a92 rack-1.2.2.tar.gz
ebdbd0ee7440a60d37a088acc1b3a63bf8acd275 rack-1.2.2.gem
ec107026d3923d86d9a6e8eeaef73c897a27e110 rack-1.1.2.tar.gz
42cae127d073e1aef097fae7006965486fd8efcd rack-1.1.2.gem