Update Rack to v2.2.3 (!45183) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-update-rack-2.2.3 into master Oct 14, 2020

Rack v2.1.4 already has the CVEs fixed in v2.2.3, but we might as well upgrade to the latest version to keep up with the latest changes. Plus, we are already shipping Rack v2.2.3 with gitlab-exporter and Gitaly, so eliminates some gem duplication.

List of changes: https://github.com/rack/rack/blob/master/CHANGELOG.md

Import SPEC changes:

    rack.session request environment entry must respond to to_hash and return unfrozen Hash. (@jeremyevans)
    Request environment cannot be frozen. (@jeremyevans)
    CGI values in the request environment with non-ASCII characters must use ASCII-8BIT encoding. (@jeremyevans)
    Improve SPEC/lint relating to SERVER_NAME, SERVER_PORT and HTTP_HOST. (#1561, @ioquatix)

Edited Nov 08, 2020 by Stan Hu

Update Rack to v2.2.3

Merge request reports