rack-attack/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

v5.1.0 - 10 Mar 2018

• Fixes edge case bug when using ruby 2.5 and redis #253 (#271)
• Throws errors with better semantics when missing or misconfigured store caches to aid in developers debugging their configs (#274)
• Removed legacy code that was originally intended for Rails 3 apps (#264)

v5.0.1 - 11 Aug 2016

• Fixes arguments passed to deprecated internal methods. (#198)

v5.0.0 - 9 Aug 2016

• Deprecate whitelist/blacklist in favor of safelist/blocklist. (#181, thanks @renee-travisci). To upgrade and fix deprecations, find and replace instances of whitelist and blacklist with safelist and blocklist. If you reference rack.attack.match_type, note that it will have values like :safelist/:blocklist.
• Remove test coverage for unsupported ruby dependencies: ruby 2.0, activesupport 3.2/4.0, and dalli 1.

v4.4.1 - 17 Feb 2016

• Fix a bug affecting apps using Redis::Store and ActiveSupport that could generate an error saying dalli was a required dependency. I learned all about ActiveSupport autoloading. (#165)

v4.4.0 - 10 Feb 2016

• New: support for MemCacheStore (#153). Thanks @elhu.
• Some documentation and test harness improvements.

v4.3.1 - 18 Dec 2015

• SECURITY FIX: Normalize request paths when using ActionDispatch. Thanks Andres Riancho at @includesecurity for reporting it.
• Remove support for ruby 1.9.x
• Add Code of Conduct
• Several documentation and testing improvements

v4.3.0 - 22 May 2015

• Redis proxy passes raw: true (thanks @stanhu)
• Redis supports delete method to be consistent with Dalli (thanks @stanhu)
• Support the ability to reset Fail2Ban count and ban flag (thanks @stanhu)

v4.2.0 - 26 Oct 2014

• Throttle's period argument now takes a proc as well as a number (thanks @gsamokovarov)
• Invoke the #call method on blocklist_response and throttle_response instead of #[], as per the Rack spec. (thanks @gsamokovarov)

v4.1.1 - 11 Sept 2014

• Fix a race condition in throttles that could allow more requests than intended.

v4.1.0 - 22 May 2014

• Tracks take an optional limit and period to only notify once a threshold is reached (similar to throttles). Thanks @chiliburger!
• Default throttled & blocklist responses have Content-Type: text/plain
• Rack::Attack.clear! resets tracks

v4.0.1 - 14 May 2014

• Add throttle discriminator to rack env (thanks @blahed)

v4.0.0 - 28 April 2014

• Implement proxy for Dalli with better Memcachier support. (thanks @hakanensari)
• Rack::Attack.new returns an instance to ease testing. (thanks @stevehodgkiss) [Changing a module to a class is not backwards compatible, hence v4.0.0.]
• Use Rack::Attack::Request subclass of Rack::Request for easier extending (thanks @tristandunn)
• Test more dalli versions.

v3.0.0 - 15 March 2014

• Change default blocklisted response to 403 Forbidden (thanks @carpodaster).
• Fail gracefully when Redis store is not available; rescue exeption and don't throttle request. (thanks @wkimeria)
• TravisCI runs integration tests.

v2.3.0 - 11 October 2013

• Allow throttle limit argument to be a proc. (thanks @lunks)
• Add Allow2Ban, complement of Fail2Ban. (thanks @jormon)
• Improved TravisCI testing

v2.2.1 - 13 August 2013

• Add license to gemspec
• Support ruby version 1.9.2
• Change default blocklisted response code from 503 to 401; throttled response from 503 to 429.

v2.2.0 - 20 June 2013

• Fail2Ban filtering. See README for details. Thx @madlep!
• Introduce StoreProxy to more cleanly abstract cache stores. Thx @madlep.

v2.1.1 - 16 May 2013

• Start keeping changelog
• Fix Redis::CommandError when using ActiveSupport numeric extensions (e.g. 1.second)
• Remove unused variable
• Extract mandatory options to constants