Skip to content

Latest commit

 

History

History
66 lines (52 loc) · 2.59 KB

CHANGELOG.md

File metadata and controls

66 lines (52 loc) · 2.59 KB

Changlog

master (unreleased)

v4.3.1 - 18 Dec 2015

  • SECURITY FIX: Normalize request paths when using ActionDispatch. Thanks Andres Riancho at @includesecurity for reporting it.
  • Remove support for ruby 1.9.x
  • Add Code of Conduct
  • Several documentation and testing improvements

v4.3.0 - 22 May 2015

  • Redis proxy passes raw: true (thanks @stanhu)
  • Redis supports delete method to be consistent with Dalli (thanks @stanhu)
  • Support the ability to reset Fail2Ban count and ban flag (thanks @stanhu)

v4.2.0 - 26 Oct 2014

  • Throttle's period argument now takes a proc as well as a number (thanks @gsamokovarov)
  • Invoke the #call method on blacklist_response and throttle_response instead of #[], as per the Rack spec. (thanks @gsamokovarov)

v4.1.1 - 11 Sept 2014

  • Fix a race condition in throttles that could allow more requests than intended.

v4.1.0 - 22 May 2014

  • Tracks take an optional limit and period to only notify once a threshold is reached (similar to throttles). Thanks @chiliburger!
  • Default throttled & blacklist responses have Content-Type: text/plain
  • Rack::Attack.clear! resets tracks

v4.0.1 - 14 May 2014

  • Add throttle discriminator to rack env (thanks @blahed)

v4.0.0 - 28 April 2014

  • Implement proxy for Dalli with better Memcachier support. (thanks @hakanensari)
  • Rack::Attack.new returns an instance to ease testing. (thanks @stevehodgkiss) [Changing a module to a class is not backwards compatible, hence v4.0.0.]
  • Use Rack::Attack::Request subclass of Rack::Request for easier extending (thanks @tristandunn)
  • Test more dalli versions.

v3.0.0 - 15 March 2014

  • Change default blacklisted response to 403 Forbidden (thanks @carpodaster).
  • Fail gracefully when Redis store is not available; rescue exeption and don't throttle request. (thanks @wkimeria)
  • TravisCI runs integration tests.

v2.3.0 - 11 October 2013

  • Allow throttle limit argument to be a proc. (thanks @lunks)
  • Add Allow2Ban, complement of Fail2Ban. (thanks @jormon)
  • Improved TravisCI testing

v2.2.1 - 13 August 2013

  • Add license to gemspec
  • Support ruby version 1.9.2
  • Change default blacklisted response code from 503 to 401; throttled response from 503 to 429.

v2.2.0 - 20 June 2013

  • Fail2Ban filtering. See README for details. Thx @madlep!
  • Introduce StoreProxy to more cleanly abstract cache stores. Thx @madlep.

v2.1.1 - 16 May 2013

  • Start keeping changelog
  • Fix Redis::CommandError when using ActiveSupport numeric extensions (e.g. 1.second)
  • Remove unused variable
  • Extract mandatory options to constants