sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-31 10:25:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
rack-attack/CHANGELOG.md
Aaron Suggs 4ec58e36de Version v4.3.1
2015-12-18 11:43:14 -05:00

66 lines
2.6 KiB
Markdown
Raw Blame History

# Changlog
## master (unreleased)
## v4.3.1 - 18 Dec 2015
- SECURITY FIX: Normalize request paths when using ActionDispatch. Thanks
Andres Riancho at @includesecurity for reporting it.
- Remove support for ruby 1.9.x
- Add Code of Conduct
- Several documentation and testing improvements
## v4.3.0 - 22 May 2015
- Redis proxy passes `raw: true` (thanks @stanhu)
- Redis supports `delete` method to be consistent with Dalli (thanks @stanhu)
- Support the ability to reset Fail2Ban count and ban flag (thanks @stanhu)
## v4.2.0 - 26 Oct 2014
- Throttle's `period` argument now takes a proc as well as a number (thanks @gsamokovarov)
- Invoke the `#call` method on `blacklist_response` and `throttle_response` instead of `#[]`, as per the Rack spec. (thanks @gsamokovarov)
## v4.1.1 - 11 Sept 2014
- Fix a race condition in throttles that could allow more requests than intended.
## v4.1.0 - 22 May 2014
- Tracks take an optional limit and period to only notify once a threshold
is reached (similar to throttles). Thanks @chiliburger!
- Default throttled & blacklist responses have Content-Type: text/plain
- Rack::Attack.clear! resets tracks
## v4.0.1 - 14 May 2014
* Add throttle discriminator to rack env (thanks @blahed)
## v4.0.0 - 28 April 2014
* Implement proxy for Dalli with better Memcachier support. (thanks @hakanensari)
* Rack::Attack.new returns an instance to ease testing. (thanks @stevehodgkiss)
[Changing a module to a class is not backwards compatible, hence v4.0.0.]
* Use Rack::Attack::Request subclass of Rack::Request for easier extending (thanks @tristandunn)
* Test more dalli versions.
## v3.0.0 - 15 March 2014
* Change default blacklisted response to 403 Forbidden (thanks @carpodaster).
* Fail gracefully when Redis store is not available; rescue exeption and don't
throttle request. (thanks @wkimeria)
* TravisCI runs integration tests.
## v2.3.0 - 11 October 2013
* Allow throttle `limit` argument to be a proc. (thanks @lunks)
* Add Allow2Ban, complement of Fail2Ban. (thanks @jormon)
* Improved TravisCI testing
## v2.2.1 - 13 August 2013
* Add license to gemspec
* Support ruby version 1.9.2
* Change default blacklisted response code from 503 to 401; throttled response
from 503 to 429.
## v2.2.0 - 20 June 2013
* Fail2Ban filtering. See README for details. Thx @madlep!
* Introduce StoreProxy to more cleanly abstract cache stores. Thx @madlep.
## v2.1.1 - 16 May 2013
* Start keeping changelog
* Fix `Redis::CommandError` when using ActiveSupport numeric extensions (e.g. `1.second`)
* Remove unused variable
* Extract mandatory options to constants
Reference in a new issue View git blame Copy permalink