https://github.com/rack/rack
A modular Ruby web server interface.
https://github.com/rack/rack
Keywords
rack ruby web
Keywords from Contributors
activerecord mvc activejob rubygems sinatra rspec crash-reporting rubocop multithreading background-jobs
Last synced: about 6 hours ago
JSON representation
Repository metadata
A modular Ruby web server interface.
- Host: GitHub
- URL: https://github.com/rack/rack
- Owner: rack
- License: other
- Created: 2008-12-24T03:03:12.000Z (about 17 years ago)
- Default Branch: main
- Last Pushed: 2026-02-16T03:41:48.000Z (16 days ago)
- Last Synced: 2026-02-28T17:40:20.197Z (3 days ago)
- Topics: rack, ruby, web
- Language: Ruby
- Homepage:
- Size: 10.1 MB
- Stars: 5,097
- Watchers: 153
- Forks: 1,668
- Open Issues: 17
- Releases: 16
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: MIT-LICENSE
- Security: SECURITY.md
README.md
Rack provides a minimal, modular, and adaptable interface for developing web
applications in Ruby. By wrapping HTTP requests and responses in the simplest
way possible, it unifies and distills the bridge between web servers, web
frameworks, and web application into a single method call.
The exact details of this are described in the Rack Specification, which all
Rack applications should conform to. Browse the Documentation for more
information.
Version support
| Version | Support |
|---|---|
| 3.2.x | Bug fixes and security patches. |
| 3.1.x | Security patches only. |
| 3.0.x | End of support. |
| 2.2.x | Security patches only. |
| <= 2.1.x | End of support. |
Rack 2.2.x is in security maintenance mode. Please upgrade to Rack 3.1+ as soon
as possible to ensure you are receiving the latest features and security patches.
Please see the Security Policy for more information.
Change log
See the Changelog for a detailed list of changes in each version of Rack.
Rack 3.2 (latest release)
This version of rack contains bug fixes and security patches.
Rack 3.1
This version of rack contains bug fixes and security patches.
Rack 3.0
This version of rack contains significant changes which are detailed in the
Upgrade Guide. It is recommended to upgrade to Rack 3 as soon
as possible to receive the latest features and security patches.
Rack 2.2
This version of Rack is receiving security patches only, and effort should be
made to move to Rack 3.
Starting in Ruby 3.4 the base64 dependency will no longer be a default gem,
and may cause a warning or error about base64 being missing. To correct this,
add base64 as a dependency to your project.
Installation
Add the rack gem to your application bundle, or follow the instructions provided
by a supported web framework:
# Install it generally:
$ gem install rack
# or, add it to your current application gemfile:
$ bundle add rack
If you need features from Rack::Session or bin/rackup please add those gems separately.
$ gem install rack-session rackup
Usage
Create a file called config.ru with the following contents:
run do |env|
[200, {}, ["Hello World"]]
end
Run this using the rackup gem or another supported web
server.
$ gem install rackup
$ rackup
# In another shell:
$ curl http://localhost:9292
Hello World
Supported web servers
Rack is supported by a wide range of servers, including:
- Agoo
- Falcon
- Iodine
- NGINX Unit
- Phusion Passenger (which is mod_rack for
Apache and for nginx) - Pitchfork
- Puma
- Thin
- Unicorn
- uWSGI
- Lamby (for AWS Lambda)
You will need to consult the server documentation to find out what features and
limitations they may have. In general, any valid Rack app will run the same on
all these servers, without changing anything.
Rackup
Rack provides a separate gem, rackup which is
a generic interface for running a Rack application on supported servers, which
include WEBRick, Puma, Falcon and others.
Supported web frameworks
These frameworks and many others support the Rack Specification:
Available middleware shipped with Rack
Between the server and the framework, Rack can be customized to your
applications needs using middleware. Rack itself ships with the following
middleware:
Rack::CommonLoggerfor creating Apache-style logfiles.Rack::ConditionalGetfor returning Not
Modified
responses when the response has not changed.Rack::Configfor modifying the environment before processing the request.Rack::ContentLengthfor setting acontent-lengthheader based on body
size.Rack::ContentTypefor setting a defaultcontent-typeheader for responses.Rack::Deflaterfor compressing responses with gzip.Rack::ETagfor settingetagheader on bodies that can be buffered.Rack::Eventsfor providing easy hooks when a request is received and when
the response is sent.Rack::Headfor returning an empty body for HEAD requests.Rack::Lintfor checking conformance to the Rack Specification.Rack::Lockfor serializing requests using a mutex.Rack::MethodOverridefor modifying the request method based on a submitted
parameter.Rack::Recursivefor including data from other paths in the application, and
for performing internal redirects.Rack::Reloaderfor reloading files if they have been modified.Rack::Runtimefor including a response header with the time taken to process
the request.Rack::Sendfilefor working with web servers that can use optimized file
serving for file system paths.Rack::ShowExceptionfor catching unhandled exceptions and presenting them in
a nice and helpful way with clickable backtrace.Rack::ShowStatusfor using nice error pages for empty client error
responses.Rack::Staticfor configurable serving of static files.Rack::TempfileReaperfor removing temporary files creating during a request.
All these components use the same interface, which is described in detail in the
Rack Specification. These optional components can be used in any way you wish.
Convenience interfaces
If you want to develop outside of existing frameworks, implement your own ones,
or develop middleware, Rack provides many helpers to create Rack applications
quickly and without doing the same web stuff all over:
Rack::Requestwhich also provides query string parsing and multipart
handling.Rack::Responsefor convenient generation of HTTP replies and cookie
handling.Rack::MockRequestandRack::MockResponsefor efficient and quick testing
of Rack application without real HTTP round-trips.Rack::Cascadefor trying additional Rack applications if an application
returns a not found or method not supported response.Rack::Directoryfor serving files under a given directory, with directory
indexes.Rack::Filesfor serving files under a given directory, without directory
indexes.Rack::MediaTypefor parsing content-type headers.Rack::Mimefor determining content-type based on file extension.Rack::RewindableInputfor making any IO object rewindable, using a temporary
file buffer.Rack::URLMapto route to multiple applications inside the same process.
Configuration
Rack exposes several configuration parameters to control various features of the
implementation.
RACK_QUERY_PARSER_BYTESIZE_LIMIT
This environment variable sets the default for the maximum query string bytesize
that Rack::QueryParser will attempt to parse. Attempts to use a query string
that exceeds this number of bytes will result in a
Rack::QueryParser::QueryLimitError exception. If this enviroment variable is
provided, it must be an integer, or Rack::QueryParser will raise an exception.
The default limit can be overridden on a per-Rack::QueryParser basis using
the bytesize_limit keyword argument when creating the Rack::QueryParser.
RACK_QUERY_PARSER_PARAMS_LIMIT
This environment variable sets the default for the maximum number of query
parameters that Rack::QueryParser will attempt to parse. Attempts to use a
query string with more than this many query parameters will result in a
Rack::QueryParser::QueryLimitError exception. If this enviroment variable is
provided, it must be an integer, or Rack::QueryParser will raise an exception.
The default limit can be overridden on a per-Rack::QueryParser basis using
the params_limit keyword argument when creating the Rack::QueryParser.
This is implemented by counting the number of parameter separators in the
query string, before attempting parsing, so if the same parameter key is
used multiple times in the query, each counts as a separate parameter for
this check.
RACK_MULTIPART_BUFFERED_UPLOAD_BYTESIZE_LIMIT
This environment variable sets the maximum amount of memory Rack will use
to buffer multipart parameters when parsing a request body. This considers
the size of the multipart mime headers and the body part for multipart
parameters that are buffered in memory and do not use tempfiles. This
defaults to 16MB if not provided.
param_depth_limit
Rack::Utils.param_depth_limit = 32 # default
The maximum amount of nesting allowed in parameters. For example, if set to 3,
this query string would be allowed:
?a[b][c]=d
but this query string would not be allowed:
?a[b][c][d]=e
Limiting the depth prevents a possible stack overflow when parsing parameters.
multipart_file_limit
Rack::Utils.multipart_file_limit = 128 # default
The maximum number of parts with a filename a request can contain. Accepting
too many parts can lead to the server running out of file handles.
The default is 128, which means that a single request can't upload more than 128
files at once. Set to 0 for no limit.
Can also be set via the RACK_MULTIPART_FILE_LIMIT environment variable.
(This is also aliased as multipart_part_limit and RACK_MULTIPART_PART_LIMIT for compatibility)
multipart_total_part_limit
The maximum total number of parts a request can contain of any type, including
both file and non-file form fields.
The default is 4096, which means that a single request can't contain more than
4096 parts.
Set to 0 for no limit.
Can also be set via the RACK_MULTIPART_TOTAL_PART_LIMIT environment variable.
Contributing
See CONTRIBUTING.md for specific details about how to make a
contribution to Rack.
Please post bugs, suggestions and patches to GitHub Issues.
Please check our Security Policy
for responsible disclosure and security bug reporting process. Due to wide usage
of the library, it is strongly preferred that we manage timing in order to
provide viable patches at the time of disclosure. Your assistance in this matter
is greatly appreciated.
See Also
rackup
A useful tool for running Rack applications from the command line, including
Rackup::Server (previously Rack::Server) for scripting servers.
rack-contrib
The plethora of useful middleware created the need for a project that collects
fresh Rack middleware. rack-contrib includes a variety of add-on components
for Rack and it is easy to contribute new modules.
rack-session
Provides convenient session management for Rack.
Thanks
The Rack Core Team, consisting of
- Aaron Patterson tenderlove
- Samuel Williams ioquatix
- Jeremy Evans jeremyevans
- Eileen Uchitelle eileencodes
- Matthew Draper matthewd
- Rafael França rafaelfranca
and the Rack Alumni
- Ryan Tomayko rtomayko
- Scytrin dai Kinthra scytrin
- Leah Neukirchen leahneukirchen
- James Tucker raggi
- Josh Peek josh
- José Valim josevalim
- Michael Fellinger manveru
- Santiago Pastorino spastorino
- Konstantin Haase rkh
would like to thank:
- Adrian Madrid, for the LiteSpeed handler.
- Christoffer Sawicki, for the first Rails adapter and
Rack::Deflater. - Tim Fletcher, for the HTTP authentication code.
- Luc Heinrich for the Cookie sessions, the static file handler and bugfixes.
- Armin Ronacher, for the logo and racktools.
- Alex Beregszaszi, Alexander Kahn, Anil Wadghule, Aredridel, Ben Alpert, Dan
Kubb, Daniel Roethlisberger, Matt Todd, Tom Robinson, Phil Hagelberg, S. Brent
Faulkner, Bosko Milekic, Daniel Rodríguez Troitiño, Genki Takiuchi, Geoffrey
Grosenbach, Julien Sanchez, Kamal Fariz Mahyuddin, Masayoshi Takahashi,
Patrick Aljordm, Mig, Kazuhiro Nishiyama, Jon Bardin, Konstantin Haase, Larry
Siden, Matias Korhonen, Sam Ruby, Simon Chiang, Tim Connor, Timur Batyrshin,
and Zach Brock for bug fixing and other improvements. - Eric Wong, Hongli Lai, Jeremy Kemper for their continuous support and API
improvements. - Yehuda Katz and Carl Lerche for refactoring rackup.
- Brian Candler, for
Rack::ContentType. - Graham Batty, for improved handler loading.
- Stephen Bannasch, for bug reports and documentation.
- Gary Wright, for proposing a better
Rack::Responseinterface. - Jonathan Buch, for improvements regarding
Rack::Response. - Armin Röhrl, for tracking down bugs in the Cookie generator.
- Alexander Kellett for testing the Gem and reviewing the announcement.
- Marcus Rückert, for help with configuring and debugging lighttpd.
- The WSGI team for the well-done and documented work they've done and Rack
builds up on. - All bug reporters and patch contributors not mentioned above.
License
Rack is released under the MIT License.
Owner metadata
- Name: Official Rack repositories
- Login: rack
- Email:
- Kind: organization
- Description:
- Website: http://rack.github.com
- Location:
- Twitter:
- Company:
- Icon url: https://avatars.githubusercontent.com/u/42379?v=4
- Repositories: 10
- Last ynced at: 2024-03-25T19:32:49.958Z
- Profile URL: https://github.com/rack
GitHub Events
Total
- Issues event: 86
- Watch event: 169
- Delete event: 25
- Issue comment event: 445
- Push event: 247
- Pull request review comment event: 173
- Pull request event: 148
- Pull request review event: 246
- Fork event: 35
- Discussion event: 1
- Create event: 51
Last Year
- Issues event: 73
- Watch event: 127
- Delete event: 20
- Issue comment event: 359
- Push event: 221
- Pull request review event: 212
- Pull request review comment event: 153
- Pull request event: 121
- Fork event: 26
- Discussion event: 1
- Create event: 45
Committers metadata
Last synced: 2 days ago
Total Commits: 2,794
Total Committers: 563
Avg Commits per committer: 4.963
Development Distribution Score (DDS): 0.903
Commits in past year: 87
Committers in past year: 28
Avg Commits per committer in past year: 3.107
Development Distribution Score (DDS) in past year: 0.575
| Name | Commits | |
|---|---|---|
| Samuel Williams | s****s@o****z | 270 |
| Leah Neukirchen | l****h@v****g | 262 |
| James Tucker | j****r@g****m | 228 |
| Jeremy Evans | c****e@j****t | 215 |
| Aaron Patterson | a****n@g****m | 177 |
| Scytrin dai Kinthra | s****n@g****m | 105 |
| Joshua Peek | j****h@j****m | 101 |
| Konstantin Haase | k****s@g****m | 63 |
| Michael Fellinger | m****r@g****m | 44 |
| Santiago Pastorino | s****o@w****m | 44 |
| Ryan Tomayko | r****o@g****m | 31 |
| Jeremy Kemper | j****y@b****t | 27 |
| James Tucker | r****i@g****m | 24 |
| deepj | d****a@g****m | 23 |
| José Valim | j****m@g****m | 22 |
| Christoffer Sawicki | c****i@g****m | 20 |
| Ravil Bayramgalin | b****a@e****m | 17 |
| Eric Wong | n****n@y****t | 16 |
| Eric Wong | e@8****g | 14 |
| Lars Gierth | l****h@g****m | 14 |
| Oscar Del Ben | o****r@o****m | 14 |
| Rafael Mendonça França | r****a@g****m | 14 |
| Postmodern | p****3@g****m | 13 |
| eileencodes | e****s@g****m | 13 |
| Olle Jonsson | o****n@a****m | 12 |
| Nick Adams | n****k@n****k | 12 |
| Hongli Lai (Phusion) | h****i@p****l | 12 |
| Thomas Klemm | g****b@t****u | 12 |
| Yoshiyuki Hirano | y****o@m****m | 12 |
| Max Cantor | m****x@m****t | 11 |
| and 533 more... | ||
Committer domains:
- shopify.com: 5
- github.com: 4
- me.com: 4
- redhat.com: 2
- heroku.com: 2
- engineyard.com: 2
- clio.com: 2
- hey.com: 2
- zzak.io: 2
- 80x24.org: 2
- pivotallabs.com: 2
- undev.ru: 2
- wyeworks.com: 2
- plataformatec.com.br: 2
- us.ibm.com: 2
- unwwwired.net: 1
- gmx.com: 1
- soundcloud.com: 1
- anaeinteractive.com: 1
- midhirrecords.com: 1
- weizheheng.com: 1
- stephencelis.com: 1
- vision-media.ca: 1
- toolmantim.com: 1
- incrementalism.net: 1
- thomsen.io: 1
- udzura.jp: 1
- izumo-it.co.jp: 1
- mail.ru: 1
- alpaca.tc: 1
- oxos.pl: 1
- boedicker.org: 1
- michaeljherold.com: 1
- experteer.com: 1
- rys.me: 1
- craic.com: 1
- thewebfellas.com: 1
- deheus.net: 1
- ohler.com: 1
- fixieconsulting.com: 1
- elabs.se: 1
- audioboo.fm: 1
- bestbefore.tv: 1
- collabora.com: 1
- wovn.io: 1
- mcommons.com: 1
- retailnext.net: 1
- squareup.com: 1
- pinnacol.com: 1
- ravinggenius.com: 1
- dwango.co.jp: 1
- lab.io: 1
- mediadrive.ca: 1
- svario.it: 1
- obfusk.net: 1
- jm3.net: 1
- goodmeasures.com: 1
- suse.de: 1
- julik.nl: 1
- clear-code.com: 1
- amerine.net: 1
- baent.net: 1
- informatik.uni-kiel.de: 1
- backlotcars.com: 1
- covermymeds.com: 1
- zendesk.com: 1
- 123mail.org: 1
- linkleaf.com: 1
- headius.com: 1
- benhamill.com: 1
- dblock.org: 1
- code.org: 1
- holymonkey.com: 1
- dio.jp: 1
- hawthorn.email: 1
- stormbrew.ca: 1
- sophiedeziel.com: 1
- simplybusiness.co.uk: 1
- autopilotmarketing.com: 1
- trebex.net: 1
- lucaguidi.com: 1
- easy.cz: 1
- starkast.net: 1
- zenspider.com: 1
- maxcantor.net: 1
- tklemm.eu: 1
- phusion.nl: 1
- nickadams.co.uk: 1
- auctionet.com: 1
- oscardelben.com: 1
- yhbt.net: 1
- evilmartians.com: 1
- google.com: 1
- bitsweat.net: 1
- joshpeek.com: 1
- jeremyevans.net: 1
- vuxu.org: 1
- leonidasoy.fi: 1
- debu.gs: 1
- intertwingly.net: 1
- abshere.net: 1
- instructure.com: 1
- usergenic.com: 1
- retrosync.com: 1
- ktheory.com: 1
- ignition-project.com: 1
- brunoaguirre.com: 1
- jakubpawlowicz.com: 1
- telkomsa.net: 1
- davidcel.is: 1
- roe.ch: 1
- yahoo.es: 1
- daniel.priv.no: 1
- cjkinni.com: 1
- suse.com: 1
- sonicgarden.jp: 1
- pobox.com: 1
- aps.org: 1
- nginx.com: 1
- ruby-lang.org: 1
- highgroove.com: 1
- zacharyscott.net: 1
- linux-ei28.site: 1
- aloop.org: 1
- bbc.co.uk: 1
- louis.info: 1
- fallingsnow.net: 1
- mabreys.com: 1
- nockert.se: 1
- odd-e.com: 1
- benmorgan.io: 1
- benle.de: 1
- serendipity.cx: 1
- adrienjarthon.com: 1
- akshayjoshi.com: 1
- tmm1.net: 1
- gmx.de: 1
- blacksquaremedia.com: 1
- dougmcinnes.com: 1
- alexspeller.com: 1
- madriska.com: 1
- paragon-labs.com: 1
- ozmm.org: 1
- webit.de: 1
- well.com: 1
- oiax.jp: 1
- debian.org: 1
- daumkakao.com: 1
- bitfission.com: 1
- singpolyma.net: 1
- hodgkiss.me: 1
- tavianator.com: 1
- teoljungberg.com: 1
- spork.in: 1
- schilling.io: 1
- alush.co.uk: 1
- codon.com: 1
- tomwardrop.com: 1
- kittensoft.org: 1
- amedia.no: 1
- tracefunc.com: 1
- jandudek.com: 1
- sixtwothree.org: 1
- mooseyard.com: 1
- jc00ke.com: 1
- jimeh.me: 1
- joefiorini.com: 1
- ardiangroup.com: 1
- cpan.org: 1
- jakimowicz.com: 1
- asquera.de: 1
- robustsoftware.co.uk: 1
- s21g.com: 1
- topfunky.com: 1
- lostapathy.com: 1
- metaskills.net: 1
- ksylvest.com: 1
- soen.ca: 1
- familysearch.org: 1
- joncrosby.me: 1
- jonathanleighton.com: 1
- jonathanmoss.me: 1
- dnil.net: 1
- tron.name: 1
- altlinux.org: 1
- johnandrewmarshall.com: 1
- crous.co.za: 1
- terceiro.xyz: 1
- nbtsc.org: 1
- p8952.info: 1
- archlinux.us: 1
- sikac.hu: 1
- detailedbalance.net: 1
- induktiv.at: 1
- mooh.org: 1
- tcare.fr: 1
- gree.net: 1
- remitaylor.com: 1
- gto.net: 1
- 280north.com: 1
- univie.ac.at: 1
- hashrocket.com: 1
- junivi.com: 1
- plentz.org: 1
- contentfree.com: 1
- goodreads.com: 1
- mac.com: 1
- tesla.(none): 1
- tstmedia.com: 1
- cs.stanford.edu: 1
- ramaze.net: 1
- assist.ro: 1
- datira.com: 1
- harper.nu: 1
- manny.codes: 1
- steeple.fr: 1
- otrobloggeek.com: 1
- protonmail.ch: 1
- student.42.fr: 1
- cable.comcast.com: 1
- mrageh.com: 1
- myconan.net: 1
- websages.com: 1
- unbit.it: 1
- live.jp: 1
- iprog.com: 1
- hannebauer.name: 1
- glasz.org: 1
- 178.is: 1
- novemberain.com: 1
- mypeplum.com: 1
- oobak.org: 1
- managebac.com: 1
- deckle.co.uk: 1
- saikyoline.jp: 1
- novemberborn.net: 1
- schuerrer.org: 1
- kiskolabs.com: 1
- ydekproductions.com: 1
- mattwildig.co.uk: 1
- wikimatze.de: 1
- freelancing-gods.com: 1
- bashme.org: 1
- techouse.jp: 1
- 37signals.com: 1
- seantheprogrammer.com: 1
- mcgivern.me.uk: 1
- chooh.msk.ru: 1
- sul.im: 1
- raxoft.cz: 1
- stanford.edu: 1
- oriontransfer.co.nz: 1
Issue and Pull Request metadata
Last synced: 3 days ago
Total issues: 146
Total pull requests: 427
Average time to close issues: 4 months
Average time to close pull requests: about 1 month
Total issue authors: 108
Total pull request authors: 100
Average comments per issue: 5.36
Average comments per pull request: 2.84
Merged pull request: 323
Bot issues: 0
Bot pull requests: 5
Past year issues: 43
Past year pull requests: 95
Past year average time to close issues: 13 days
Past year average time to close pull requests: 5 days
Past year issue authors: 29
Past year pull request authors: 32
Past year average comments per issue: 2.44
Past year average comments per pull request: 2.37
Past year merged pull request: 63
Past year bot issues: 0
Past year bot pull requests: 1
Top Issue Authors
- ioquatix (29)
- catatsuy (3)
- Fjan (3)
- gegenelnet (2)
- doriantaylor (2)
- mikgry (2)
- radar (2)
- LevitatingBusinessMan (2)
- lloeki (2)
- xxz199539 (1)
- dmix (1)
- jurruh (1)
- JunichiIto (1)
- larouxn (1)
- zzak (1)
Top Pull Request Authors
- ioquatix (123)
- jeremyevans (67)
- Earlopain (34)
- dentarg (15)
- skipkayhil (8)
- casperisfine (6)
- dependabot[bot] (5)
- MSP-Greg (5)
- alexanderadam (5)
- byroot (4)
- tenderlove (4)
- adam12 (4)
- willbryant (4)
- sandipransing (4)
- wtn (3)
Top Issue Labels
- Documentation (6)
- SPEC (3)
- Maintenance (2)
- Bug (2)
- Needs Feedback (1)
Top Pull Request Labels
- Backport (8)
- dependencies (5)
- Bug (4)
- Maintenance (3)
- SPEC (3)
- hacktoberfest-accepted (2)
- Needs Feedback (1)
- github_actions (1)
- Feature (1)
Package metadata
- Total packages: 3
-
Total downloads:
- rubygems: 2,463,881,429 total
- Total docker downloads: 2,693,372,318
- Total dependent packages: 3,634 (may contain duplicates)
- Total dependent repositories: 1,043,594 (may contain duplicates)
- Total versions: 414
- Total maintainers: 6
- Total advisories: 76
gem.coop: rack
Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
- Homepage: https://github.com/rack/rack
- Documentation: http://www.rubydoc.info/gems/rack/
- Licenses: MIT
- Latest release: 3.2.5 (published 16 days ago)
- Last Synced: 2026-03-01T21:32:13.651Z (2 days ago)
- Versions: 175
- Dependent Packages: 0
- Dependent Repositories: 0
- Downloads: 1,231,775,661 Total
- Docker Downloads: 1,346,686,159
-
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 0.001%
- Downloads: 0.004%
- Maintainers (6)
-
Advisories:
- Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
- Rack has a Directory Traversal via Rack:Directory
- Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
- Rack has a Possible Information Disclosure Vulnerability
- Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
- Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
- Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
- Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
- ReDoS Vulnerability in Rack::Multipart handle_mime_head
- Rack has an Unbounded-Parameter DoS in Rack::QueryParser
- Rack session gets restored after deletion
- Local File Inclusion in Rack::Static
- Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
- Possible Log Injection in Rack::CommonLogger
- Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
- Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
- Rack has possible DoS Vulnerability with Range Header
- Rack Header Parsing leads to Possible Denial of Service Vulnerability
- Possible Denial of Service Vulnerability in Rack's header parsing
- Rack has possible DoS Vulnerability in Multipart MIME parsing
- Denial of Service Vulnerability in Rack Content-Disposition parsing
- Denial of service via header parsing in Rack
- Denial of service via multipart parsing in Rack
- Denial of Service Vulnerability in Rack Multipart Parsing
- Possible shell escape sequence injection vulnerability in Rack
- Rack Gem Subject to Denial of Service via Hash Collisions
- Rack arbitrary code execution via timing attack
- Rack vulnerable to Denial of Service
- Directory traversal in Rack::Directory app bundled with Rack
- Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
- Possible Information Leak / Session Hijack Vulnerability in Rack
- Rack vulnerable to Cross-site Scripting
- Rack vulnerable to Denial of Service
- Moderate severity vulnerability that affects rack
- Rack vulnerable to REDoS
- Rack Vulnerable to Path Traversal
- Rack rubygems receiving excessively long lines triggers out-of-memory error
- Rack vulnerable to Denial of Service via large parameter depth request
rubygems.org: rack
Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
- Homepage: https://github.com/rack/rack
- Documentation: http://www.rubydoc.info/gems/rack/
- Licenses: MIT
- Latest release: 3.2.5 (published 16 days ago)
- Last Synced: 2026-03-02T12:13:12.751Z (1 day ago)
- Versions: 175
- Dependent Packages: 3,634
- Dependent Repositories: 1,043,594
- Downloads: 1,232,105,768 Total
- Docker Downloads: 1,346,686,159
-
Rankings:
- Dependent repos count: 0.004%
- Downloads: 0.007%
- Dependent packages count: 0.014%
- Average: 0.091%
- Docker downloads count: 0.098%
- Forks count: 0.146%
- Stargazers count: 0.275%
- Maintainers (6)
-
Advisories:
- Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
- Rack has a Directory Traversal via Rack:Directory
- Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing
- Rack has a Possible Information Disclosure Vulnerability
- Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
- Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
- Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
- Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters
- ReDoS Vulnerability in Rack::Multipart handle_mime_head
- Rack has an Unbounded-Parameter DoS in Rack::QueryParser
- Rack session gets restored after deletion
- Local File Inclusion in Rack::Static
- Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
- Possible Log Injection in Rack::CommonLogger
- Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
- Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
- Rack has possible DoS Vulnerability with Range Header
- Rack Header Parsing leads to Possible Denial of Service Vulnerability
- Possible Denial of Service Vulnerability in Rack's header parsing
- Rack has possible DoS Vulnerability in Multipart MIME parsing
- Denial of Service Vulnerability in Rack Content-Disposition parsing
- Denial of service via header parsing in Rack
- Denial of service via multipart parsing in Rack
- Denial of Service Vulnerability in Rack Multipart Parsing
- Possible shell escape sequence injection vulnerability in Rack
- Rack Gem Subject to Denial of Service via Hash Collisions
- Rack arbitrary code execution via timing attack
- Rack vulnerable to Denial of Service
- Directory traversal in Rack::Directory app bundled with Rack
- Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
- Possible Information Leak / Session Hijack Vulnerability in Rack
- Rack vulnerable to Cross-site Scripting
- Rack vulnerable to Denial of Service
- Moderate severity vulnerability that affects rack
- Rack rubygems receiving excessively long lines triggers out-of-memory error
- Rack Vulnerable to Path Traversal
- Rack vulnerable to REDoS
- Rack vulnerable to Denial of Service via large parameter depth request
proxy.golang.org: github.com/rack/rack
- Homepage:
- Documentation: https://pkg.go.dev/github.com/rack/rack#section-documentation
- Licenses: other
- Latest release: v3.2.5+incompatible (published 16 days ago)
- Last Synced: 2026-03-02T10:22:31.923Z (1 day ago)
- Versions: 64
- Dependent Packages: 0
- Dependent Repositories: 0
-
Rankings:
- Forks count: 0.578%
- Stargazers count: 0.977%
- Average: 5.483%
- Dependent packages count: 9.576%
- Dependent repos count: 10.802%
Dependencies
- rdoc >= 0 development
- rubocop >= 0
- rubocop-packaging >= 0
- webrick >= 0
- bundler >= 0 development
- minitest ~> 5.0 development
- minitest-global_expectations >= 0 development
- rake >= 0 development
- actions/checkout v3 composite
- actions/dependency-review-action v3 composite
- actions/checkout v3 composite
- ruby/setup-ruby v1 composite
- actions/checkout v3 composite
- ruby/setup-ruby v1 composite
Score: 37.236890894024675