Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade rack-attack gem #3636

Merged
merged 3 commits into from
Dec 17, 2019
Merged

upgrade rack-attack gem #3636

merged 3 commits into from
Dec 17, 2019

Conversation

annaswims
Copy link
Contributor

@annaswims annaswims commented Dec 12, 2019
edited
Loading

Description of change

upgrade rack-attack

Testing done

specs

@annaswims
Copy link
Contributor Author

Changelog

All notable changes to this project will be documented in this file.

[6.2.1] - 2019-10-30

Fixed

  • Remove unintended side-effects on Rails app initialization order. It was potentially affecting the order of config/initializers/* in respect to gems initializers (Enable breakers for EVSS services #457)

[6.2.0] - 2019-10-12

Added

[6.1.0] - 2019-07-11

Added

  • Provide throttle discriminator in the env throttle_data

[6.0.0] - 2019-04-17

Added

  • #blocklist and #safelist name argument (the first one) is now optional.
  • Added support to subscribe only to specific event types via ActiveSupport::Notifications, e.g. subscribe to the
    throttle.rack_attack or the blocklist.rack_attack event.

Changed

  • Changed ActiveSupport::Notifications event naming to comply with the recommended format.
  • Changed ActiveSupport::Notifications event so that the 5th yielded argument to the #subscribe method is now a
    Hash instead of a Rack::Attack::Request, to comply with ActiveSupports spec. The original request object is
    still accessible, being the value of the hash's :request key.

Deprecated

  • Subscriptions via ActiveSupport::Notifications to the "rack.attack" event will continue to work (receive event
    notifications), but it is going to be removed in a future version. Replace the event name with /rack_attack/ to
    continue to be subscribed to all events, or "throttle.rack_attack" e.g. for specific type of events only.

Removed

  • Removed support for ruby 2.2.
  • Removed support for obsolete memcache-client as a cache store.
  • Removed deprecated methods #blacklist and #whitelist (use #blocklist and #safelist instead).

[5.4.2] - 2018-10-30

Fixed

  • Fix unexpected error when using redis 3 and any store which is not proxied

Changed

  • Provide better information in MisconfiguredStoreError exception message to aid end-user debugging

[5.4.1] - 2018-09-29

Fixed

[5.4.0] - 2018-07-02

Added

  • Support "plain" Redis as a cache store backend (#280). Thanks @bfad and @ryandv.
  • When overwriting Rack::Attack.throttled_response you can now access the exact epoch integer that was used for caching
    so your custom code is less prone to race conditions (#282). Thanks @doliveirakn.

Dependency changes

  • Explictly declare ancient rack 0.x series as incompatible in gemspec

[5.3.2] - 2018-06-25

Fixed

[5.3.1] - 2018-06-20

Fixed

[5.3.0] - 2018-06-19

Added

[5.2.0] - 2018-03-29

Added

  • Shorthand for blocking an IP address Rack::Attack.blocklist_ip("1.2.3.4") (#320)
  • Shorthand for blocking an IP subnet Rack::Attack.blocklist_ip("1.2.0.0/16") (#320)
  • Shorthand for safelisting an IP address Rack::Attack.safelist_ip("5.6.7.8") (#320)
  • Shorthand for safelisting an IP subnet Rack::Attack.safelist_ip("5.6.0.0/16") (#320)
  • Throw helpful error message when using allow2ban but cache store is misconfigured (#315)
  • Throw helpful error message when using fail2ban but cache store is misconfigured (#315)

[5.1.0] - 2018-03-10

  • Fixes edge case bug when using ruby 2.5.0 and redis #253 (#271)
  • Throws errors with better semantics when missing or misconfigured store caches to aid in developers debugging their configs (#274)
  • Removed legacy code that was originally intended for Rails 3 apps (#264)

[5.0.1] - 2016-08-11

  • Fixes arguments passed to deprecated internal methods. (#198)

@annaswims annaswims mentioned this pull request Dec 12, 2019
Closed
4 tasks
@va-vfs-bot va-vfs-bot temporarily deployed to upgrade_rack-attack/master December 13, 2019 15:42 Inactive
johnpaulashenfelter
johnpaulashenfelter approved these changes Dec 13, 2019
View reviewed changes
Copy link
Contributor

@johnpaulashenfelter johnpaulashenfelter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't see any of the deprecated black/white list methods, so seems like this is ok.

Was surprised (pleasantly) to see we have test coverage for rack-attack config

@annaswims annaswims added the VSP VSP Contract label Dec 16, 2019
@annaswims annaswims marked this pull request as ready for review December 17, 2019 18:54
@annaswims annaswims requested review from a team as code owners December 17, 2019 18:54
@annaswims annaswims requested a review from jholton December 17, 2019 18:54
@annaswims annaswims merged commit a3f9640 into master Dec 17, 2019
@annaswims annaswims deleted the upgrade_rack-attack branch December 17, 2019 18:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johnpaulashenfelter johnpaulashenfelter johnpaulashenfelter approved these changes

@jholton jholton Awaiting requested review from jholton

Assignees
No one assigned
Labels
VSP VSP Contract
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@annaswims @johnpaulashenfelter @va-vfs-bot