bump version2.1.4

author: Aaron Patterson <tenderlove@ruby-lang.org> 2020-06-15 14:55:32 -0700
committer: Aaron Patterson <tenderlove@ruby-lang.org> 2020-06-15 15:18:06 -0700
commit: 52808700e0ade4225625c6729529e13a6b31cc2f (patch)
tree: b3ce4af5fbfb19bc8ab9a0c428db7c56b65d7fbf
parent: a2435106dc1216d8785fcac68ef53030bb484b92 (diff)
download: rack-2.1.4.tar.gz
2 files changed, 9 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f0fa2ec0..4f0be342 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+## [2.1.4] - 2020-06-15
+
+- [CVE-2020-8184] When parsing cookies, only decode the value
+
+## [2.1.3] - 2020-05-12
+
+- [CVE-2020-8161] Use Dir.entries instead of Dir[glob] to prevent user-specified glob metacharacters
+-
 ## [2.1.2] - 2020-01-27
 
 - Fix multipart parser for some files to prevent denial of service ([@aiomaster](https://github.com/aiomaster))
diff --git a/lib/rack.rb b/lib/rack.rb
index f864ef9f..634235ae 100644
--- a/lib/rack.rb
+++ b/lib/rack.rb
@@ -20,7 +20,7 @@ module Rack
     VERSION.join(".")
   end
 
-  RELEASE = "2.1.3"
+  RELEASE = "2.1.4"
 
   # Return the Rack release as a dotted string.
   def self.release
author	Aaron Patterson <tenderlove@ruby-lang.org>	2020-06-15 14:55:32 -0700
committer	Aaron Patterson <tenderlove@ruby-lang.org>	2020-06-15 15:18:06 -0700
commit	52808700e0ade4225625c6729529e13a6b31cc2f (patch)
tree	b3ce4af5fbfb19bc8ab9a0c428db7c56b65d7fbf
parent	a2435106dc1216d8785fcac68ef53030bb484b92 (diff)
download	rack-2.1.4.tar.gz