[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/ruby-mechanize
Module Name: pkgsrc
Committed By: taca
Date: Sun Apr 29 16:11:17 UTC 2012
pkgsrc/www/ruby-mechanize: Makefile PLIST distinfo
Update ruby-mechanize to 2.4.
* Security fix:
Mechanize#auth and Mechanize#basic_auth allowed disclosure of passwords to
malicious servers and have been removed.
In prior versions of mechanize only one set of HTTP authentication
credentials were allowed for all connections. If a mechanize instance
connected to more than one server then a malicious server detecting
mechanize could ask for HTTP Basic authentication. This would expose the
username and password intended only for one server.
Mechanize#auth and Mechanize#basic_auth now warn when used.
To fix the warning switch to Mechanize#add_auth which requires at the URI
the credentials are intended for, the username and the password.
Optionally an HTTP authentication realm or NTLM domain may be provided.
* Minor enhancement
* Improved exception messages for 401 Unauthorized responses. Mechanize now
tells you if you were missing credentials, had an incorrect password, etc.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/www/ruby-mechanize/Makefile \
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-mechanize/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Main Index |
Thread Index |