Sha256: 8f1dddb1a1510478dcd3759b37d9babaffd907c1d8d53b8271f20ed71449b986

Contents?: true

Size: 1.99 KB

Versions: 74

Compression:

Stored size: 1.99 KB

Contents

= Improvements

* The order in which internal plugin before and after hooks are run
  when multiple plugins are loaded is now fixed and does not depend
  on the order in which the plugins are loaded.  This can prevent
  some issues in cases the plugins were not loaded in the order
  previously recommended in the documentation.

  Internal plugin before hooks are now run in the following order:

  * hooks
  * heartbeat
  * static_routing

  and internal plugin after hooks are now run in the following order:

  * class_level_routing
  * status_handler
  * head
  * flash
  * session
  * hooks

* Default compression of sessions over 128 bytes in length has been
  disabled in the sessions plugin.  Compression of sessions must now
  be manually enabled if it is desired by setting :gzip_over to an
  integer.

  This change is being made to avoid possible compression ratio
  attacks if both sensitive data and user-submitted data are stored in
  the session.  Such attacks were mitigated by the sessions plugin's
  default use of padding after compression, and the JSON serialization
  format used, but disabling compression avoids the possibility.

  This does not affect backwards compatibility, as compressed sessions
  will still be decompressed correctly, unless the size of the session
  cookie when not using compression is over 4096 bytes.

= Backwards Compatibility

* When using the error_handler plugin, if routing raises an exception that
  is handled by the error handler, but an exception is raised by a plugin
  internal after hook after the error handler has been run, the exception
  will be logged to the rack.errors entry in the environment, but it will
  be otherwise ignored.

  Exceptions raised inside the error handler will continue to be be raised
  to the application's caller.

  Additionally, the error_handler plugin no longers call before hooks
  during error handling.

* A private Roda#_call method has been added.  This could potentially
  cause issues for applications that add their own _call method.

Version data entries

74 entries across 74 versions & 1 rubygems

Version Path
roda-3.62.0 doc/release_notes/3.11.0.txt
roda-3.61.0 doc/release_notes/3.11.0.txt
roda-3.60.0 doc/release_notes/3.11.0.txt
roda-3.59.0 doc/release_notes/3.11.0.txt
roda-3.58.0 doc/release_notes/3.11.0.txt
roda-3.57.0 doc/release_notes/3.11.0.txt
roda-3.56.0 doc/release_notes/3.11.0.txt
roda-3.55.0 doc/release_notes/3.11.0.txt
roda-3.54.0 doc/release_notes/3.11.0.txt
roda-3.53.0 doc/release_notes/3.11.0.txt
roda-3.52.0 doc/release_notes/3.11.0.txt
roda-3.51.0 doc/release_notes/3.11.0.txt
roda-3.50.0 doc/release_notes/3.11.0.txt
roda-3.49.0 doc/release_notes/3.11.0.txt
roda-3.48.0 doc/release_notes/3.11.0.txt
roda-3.47.0 doc/release_notes/3.11.0.txt
roda-3.46.0 doc/release_notes/3.11.0.txt
roda-3.45.0 doc/release_notes/3.11.0.txt
roda-3.44.0 doc/release_notes/3.11.0.txt
roda-3.43.1 doc/release_notes/3.11.0.txt