Hi all, Mongrel 1.1.4 is ready: svn://rubyforge.org/var/svn/mongrel/tags/rel_1-1-4 . It fixes the camping handler, adds a test for the path traversal security flaw, and corrects the treatment of the @throttle parameter. Please try it out, or at least audit the commits, which is easy to do on the Trac now. If I don''t hear anything by next Friday I will go ahead and make the release. After 1.1.4 I am going to push towards 1.2 which you can see described on the Roadmap: http://mongrel.rubyforge.org/roadmap . Thanks Evan -- Evan Weaver Cloudburst, LLC
On Fri, Feb 22, 2008 at 4:40 PM, Evan Weaver <evan at cloudbur.st> wrote:> Hi all, > > Mongrel 1.1.4 is ready: > svn://rubyforge.org/var/svn/mongrel/tags/rel_1-1-4 . It fixes the > camping handler, adds a test for the path traversal security flaw, and > corrects the treatment of the @throttle parameter. > > Please try it out, or at least audit the commits, which is easy to do > on the Trac now. > > If I don''t hear anything by next Friday I will go ahead and make the > release. After 1.1.4 I am going to push towards 1.2 which you can see > described on the Roadmap: http://mongrel.rubyforge.org/roadmap . >Excellent news Evan, we should put a ticket to simplify the gem versioning thing (the constant and the built in one in the C extension). There are too many places to make mistakes about that, and should be simpler :-) I''ll try to hang out later during the weekend on #mongrel-dev FYI. Regards, -- Luis Lavena Multimedia systems - A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. Douglas Adams
On Fri, 22 Feb 2008 13:40:02 -0500 "Evan Weaver" <evan at cloudbur.st> wrote:> Hi all, > > Mongrel 1.1.4 is ready: > svn://rubyforge.org/var/svn/mongrel/tags/rel_1-1-4 . It fixes the > camping handler, adds a test for the path traversal security flaw, and > corrects the treatment of the @throttle parameter.I''ll try it out under JRuby with our Rails project and let you know. One thing I''ll send you a patch for is the fact that under jruby mongrel tries to trap("USR1") but that''s not supported in Java so it blows up hard. I got the fix in yesterday, but I''ll reapply it to 1.1.4 and send it on. -- Zed A. Shaw - Hate: http://savingtheinternetwithhate.com/ - Good: http://www.zedshaw.com/ - Evil: http://yearofevil.com/
1.1.4 is going live real soon now, since I haven''t heard any further updates. Evan On Sun, Feb 24, 2008 at 2:38 PM, Zed A. Shaw <zedshaw at zedshaw.com> wrote:> On Fri, 22 Feb 2008 13:40:02 -0500 > > "Evan Weaver" <evan at cloudbur.st> wrote: > > > > Hi all, > > > > Mongrel 1.1.4 is ready: > > svn://rubyforge.org/var/svn/mongrel/tags/rel_1-1-4 . It fixes the > > camping handler, adds a test for the path traversal security flaw, and > > corrects the treatment of the @throttle parameter. > > I''ll try it out under JRuby with our Rails project and let you know. > One thing I''ll send you a patch for is the fact that under jruby > mongrel tries to trap("USR1") but that''s not supported in Java so it > blows up hard. I got the fix in yesterday, but I''ll reapply it to > 1.1.4 and send it on. > > -- > Zed A. Shaw > - Hate: http://savingtheinternetwithhate.com/ > - Good: http://www.zedshaw.com/ > - Evil: http://yearofevil.com/ > > > _______________________________________________ > Mongrel-development mailing list > Mongrel-development at rubyforge.org > http://rubyforge.org/mailman/listinfo/mongrel-development >-- Evan Weaver Cloudburst, LLC
Luis, Can you verify that the filename for the win32 build is correct? Gems seems to have changed it again: http://rubyforge.org/frs/?group_id=1306 . Now gems outputs mongrel-1.1.4-x86-mswin32-60.gem, whereas before we had mongrel-1.1.3-i386-mswin32.gem, and before that it was mongrel-1.1.2-mswin32.gem . Evan On Fri, Feb 29, 2008 at 1:16 PM, Evan Weaver <evan at cloudbur.st> wrote:> 1.1.4 is going live real soon now, since I haven''t heard any further updates. > > Evan > > > > On Sun, Feb 24, 2008 at 2:38 PM, Zed A. Shaw <zedshaw at zedshaw.com> wrote: > > On Fri, 22 Feb 2008 13:40:02 -0500 > > > > "Evan Weaver" <evan at cloudbur.st> wrote: > > > > > > > Hi all, > > > > > > Mongrel 1.1.4 is ready: > > > svn://rubyforge.org/var/svn/mongrel/tags/rel_1-1-4 . It fixes the > > > camping handler, adds a test for the path traversal security flaw, and > > > corrects the treatment of the @throttle parameter. > > > > I''ll try it out under JRuby with our Rails project and let you know. > > One thing I''ll send you a patch for is the fact that under jruby > > mongrel tries to trap("USR1") but that''s not supported in Java so it > > blows up hard. I got the fix in yesterday, but I''ll reapply it to > > 1.1.4 and send it on. > > > > -- > > Zed A. Shaw > > - Hate: http://savingtheinternetwithhate.com/ > > - Good: http://www.zedshaw.com/ > > - Evil: http://yearofevil.com/ > > > > > > _______________________________________________ > > Mongrel-development mailing list > > Mongrel-development at rubyforge.org > > http://rubyforge.org/mailman/listinfo/mongrel-development > > > > > > -- > Evan Weaver > Cloudburst, LLC >-- Evan Weaver Cloudburst, LLC
On Fri, Feb 29, 2008 at 5:31 PM, Evan Weaver <evan at cloudbur.st> wrote:> Luis, > > Can you verify that the filename for the win32 build is correct? Gems > seems to have changed it again: > http://rubyforge.org/frs/?group_id=1306 . > > Now gems outputs mongrel-1.1.4-x86-mswin32-60.gem, whereas before we > had mongrel-1.1.3-i386-mswin32.gem, and before that it was > mongrel-1.1.2-mswin32.gem . >That''s due two changes: 1) previous versions (with mswin32 as platform) was using incorrectly the #platform Gem::Specification), latest version used the CURRENT platform instead. 2) The new naming scheme came from RubyGems 1.0.1, but I prefer build these with 0.9.4 to keep compatibility with users that didn''t upgraded to latest ruby or latest rubygems. In any case, most of the users doing Rails already have RubyGems 1.0.1, so no damage will happen with new schema. Regards, -- Luis Lavena Multimedia systems - A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. Douglas Adams