2.2.1 (from changelog)

Fixed

• Rework Rack::Request#ip to handle empty forwarded_for. (#1577, @ioquatix)

2.2.0 (from changelog)

SPEC Changes

• rack.session request environment entry must respond to to_hash and return unfrozen Hash. (@jeremyevans)
• Request environment cannot be frozen. (@jeremyevans)
• CGI values in the request environment with non-ASCII characters must use ASCII-8BIT encoding. (@jeremyevans)
• Improve SPEC/lint relating to SERVER_NAME, SERVER_PORT and HTTP_HOST. (#1561, @ioquatix)

Added

• rackup supports multiple -r options and will require all arguments. (@jeremyevans)
• Server supports an array of paths to require for the :require option. (@khotta)
• Files supports multipart range requests. (@fatkodima)
• Multipart::UploadedFile supports an IO-like object instead of using the filesystem, using :filename and :io options. (@jeremyevans)
• Multipart::UploadedFile supports keyword arguments :path, :content_type, and :binary in addition to positional arguments. (@jeremyevans)
• Static supports a :cascade option for calling the app if there is no matching file. (@jeremyevans)
• Session::Abstract::SessionHash#dig. (@jeremyevans)
• Response.[] and MockResponse.[] for creating instances using status, headers, and body. (@ioquatix)
• Convenient cache and content type methods for Rack::Response. (#1555, @ioquatix)

Changed

• Request#params no longer rescues EOFError. (@jeremyevans)
• Directory uses a streaming approach, significantly improving time to first byte for large directories. (@jeremyevans)
• Directory no longer includes a Parent directory link in the root directory index. (@jeremyevans)
• QueryParser#parse_nested_query uses original backtrace when reraising exception with new class. (@jeremyevans)
• ConditionalGet follows RFC 7232 precedence if both If-None-Match and If-Modified-Since headers are provided. (@jeremyevans)
• .ru files supports the frozen-string-literal magic comment. (@eregon)
• Rely on autoload to load constants instead of requiring internal files, make sure to require 'rack' and not just 'rack/...'. (@jeremyevans)
• Etag will continue sending ETag even if the response should not be cached. (@henm)
• Request#host_with_port no longer includes a colon for a missing or empty port. (@AlexWayfer)
• All handlers uses keywords arguments instead of an options hash argument. (@ioquatix)
• Files handling of range requests no longer return a body that supports to_path, to ensure range requests are handled correctly. (@jeremyevans)
• Multipart::Generator only includes Content-Length for files with paths, and Content-Disposition filename if the UploadedFile instance has one. (@jeremyevans)
• Request#ssl? is true for the wss scheme (secure websockets). (@jeremyevans)
• Rack::HeaderHash is memoized by default. (#1549, @ioquatix)
• Rack::Directory allow directory traversal inside root directory. (#1417, @ThomasSevestre)
• Sort encodings by server preference. (#1184, @ioquatix, @wjordan)
• Rework host/hostname/authority implementation in Rack::Request. #host and #host_with_port have been changed to correctly return IPv6 addresses formatted with square brackets, as defined by RFC3986. (#1561, @ioquatix)
• Rack::Builder parsing options on first #\ line is deprecated. (#1574, @ioquatix)

Removed

• Directory#path as it was not used and always returned nil. (@jeremyevans)
• BodyProxy#each as it was only needed to work around a bug in Ruby <1.9.3. (@jeremyevans)
• URLMap::INFINITY and URLMap::NEGATIVE_INFINITY, in favor of Float::INFINITY. (@ch1c0t)
• Deprecation of Rack::File. It will be deprecated again in rack 2.2 or 3.0. (@rafaelfranca)
• Support for Ruby 2.2 as it is well past EOL. (@ioquatix)
• Remove Rack::Files#response_body as the implementation was broken. (#1153, @ioquatix)
• Remove SERVER_ADDR which was never part of the original SPEC. (#1573, @ioquatix)

Fixed

• Directory correctly handles root paths containing glob metacharacters. (@jeremyevans)
• Cascade uses a new response object for each call if initialized with no apps. (@jeremyevans)
• BodyProxy correctly delegates keyword arguments to the body object on Ruby 2.7+. (@jeremyevans)
• BodyProxy#method correctly handles methods delegated to the body object. (@jeremyevans)
• Request#host and Request#host_with_port handle IPv6 addresses correctly. (@AlexWayfer)
• Lint checks when response hijacking that rack.hijack is called with a valid object. (@jeremyevans)
• Response#write correctly updates Content-Length if initialized with a body. (@jeremyevans)
• CommonLogger includes SCRIPT_NAME when logging. (@Erol)
• Utils.parse_nested_query correctly handles empty queries, using an empty instance of the params class instead of a hash. (@jeremyevans)
• Directory correctly escapes paths in links. (@yous)
• Request#delete_cookie and related Utils methods handle :domain and :path options in same call. (@jeremyevans)
• Request#delete_cookie and related Utils methods do an exact match on :domain and :path options. (@jeremyevans)
• Static no longer adds headers when a gzipped file request has a 304 response. (@chooh)
• ContentLength sets Content-Length response header even for bodies not responding to to_ary. (@jeremyevans)
• Thin handler supports options passed directly to Thin::Controllers::Controller. (@jeremyevans)
• WEBrick handler no longer ignores :BindAddress option. (@jeremyevans)
• ShowExceptions handles invalid POST data. (@jeremyevans)
• Basic authentication requires a password, even if the password is empty. (@jeremyevans)
• Lint checks response is array with 3 elements, per SPEC. (@jeremyevans)
• Support for using :SSLEnable option when using WEBrick handler. (Gregor Melhorn)
• Close response body after buffering it when buffering. (@ioquatix)
• Only accept ; as delimiter when parsing cookies. (@mrageh)
• Utils::HeaderHash#clear clears the name mapping as well. (@raxoft)
• Support for passing nil Rack::Files.new, which notably fixes Rails' current ActiveStorage::FileServer implementation. (@ioquatix)

Documentation

• CHANGELOG updates. (@aupajo)
• Added CONTRIBUTING. (@dblock)

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)