kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/ruby-mechanize
History
taca 5fdb62bb0e Update ruby-mechanize to 2.4. 
=== 2.4

* Security fix:

  Mechanize#auth and Mechanize#basic_auth allowed disclosure of passwords to
  malicious servers and have been removed.

  In prior versions of mechanize only one set of HTTP authentication
  credentials were allowed for all connections.  If a mechanize instance
  connected to more than one server then a malicious server detecting
  mechanize could ask for HTTP Basic authentication.  This would expose the
  username and password intended only for one server.

  Mechanize#auth and Mechanize#basic_auth now warn when used.

  To fix the warning switch to Mechanize#add_auth which requires at the URI
  the credentials are intended for, the username and the password.
  Optionally an HTTP authentication realm or NTLM domain may be provided.

* Minor enhancement
  * Improved exception messages for 401 Unauthorized responses.  Mechanize now
    tells you if you were missing credentials, had an incorrect password, etc.
2012-04-29 16:11:17 +00:00
..
DESCR
distinfo Update ruby-mechanize to 2.4. 2012-04-29 16:11:17 +00:00
Makefile Update ruby-mechanize to 2.4. 2012-04-29 16:11:17 +00:00
PLIST Update ruby-mechanize to 2.4. 2012-04-29 16:11:17 +00:00