Rack: a Ruby Webserver Interface

Rack provides a minimal interface between webservers supporting Ruby and Ruby frameworks.

To use Rack, provide an "app": an object that responds to the call method, taking the environment hash as a parameter, and returning an Array with three elements:

You can handle an app directly:

                # my_rack_app.rb

                require 'rack'

                app = Proc.new do |env|
                    ['200', {'Content-Type' => 'text/html'}, ['A barebones rack app.']]
                end

                Rack::Handler::WEBrick.run app
            

Or, you can use the rackup command line tool and avoid specifying details like port and server until runtime:

                # config.ru

                run Proc.new { |env| ['200', {'Content-Type' => 'text/html'}, ['get rack\'d']] }
            

Invoked like so:

$ rackup config.ru

... and you're good to go!

Outrageous.

News

February 7th, 2013

Today's releases are important. All users should upgrade ASAP!

  • CVE-2013-0262, symlink path traversal in Rack::File
  • CVE-2013-0263, timing attack against Rack::Session::Cookie
Some notes on CVE-2013-0263 that affects all prior versions:
  • Some Rails users may not be affected (if they only use Rails managed sessions).
  • If users are using the Marshal (default) session cookie encoding, then those users are vulnerable to a Remote Code Execution, after a successful timing attack.
  • While some users may assume that timing attacks are not viable over the Internet, Cloud users in particular are reminded that intra-cloud latencies are sufficiently low to be viable.

Rack 1.5.2 has been released!.
Rack 1.4.5 has been released!.
Rack 1.3.10 has been released!.
Rack 1.2.8 has been released!.
Rack 1.1.6 has been released!.
January 28th, 2013
Rack 1.5.1 has been released!.
January 21st, 2013
Rack 1.5.0 has been released!.
January 13th, 2013

Today's releases are again a minor DoS. All users should ugprade!

Rack 1.4.4 has been released!.
Rack 1.3.9 has been released!.
Rack 1.2.7 has been released!.
Rack 1.1.5 has been released!.
January 7th, 2013
Rack 1.4.3 has been released!.
See security fix here.
All users should upgrade!
Rack 1.3.8 has been released!.
See security fix here.
All users should upgrade!
January 6th, 2013
Rack 1.4.2 has been released!.
See DoS vector report here.
All users should upgrade!
Rack 1.3.7 has been released!.
See DoS vector report here.
All users should upgrade!
Rack 1.2.6 has been released!.
See DoS vector report here.
All users should upgrade!
Rack 1.1.4 has been released!.
See DoS vector report here.
All users should upgrade!
January 23rd, 2012
Rack 1.4.1 has been released!
December 28th, 2011
Rack 1.4.0 has been released!
December 28th, 2011
Rack 1.3.6 has been released!
October 18th, 2011
Rack 1.3.5 has been released!
October 1st, 2011
Rack 1.3.4 has been released!
September 16th, 2011
Rack 1.3.3 has been released!
July 26th, 2011
Rack 1.3.2 has been released!
July 13th, 2011
Rack 1.3.1 has been released!
May 23rd, 2011
Rack 1.3.0 has been released!
June 13th, 2010
Rack 1.2.0 has been released!
January 3rd, 2010
Rack 1.1.0 has been released!
October 18th, 2009
Rack 1.0.1 has been released!
April 25th, 2009
Rack 1.0.0 has been released!
January 9th, 2009
Rack 0.9.1 has been released! This is a security release, please update.
January 6th, 2009
Rack 0.9 has been released!
December 24th, 2008
Introducing the Rack Core Team
December 23rd, 2008
Rack is mentioned on heise.de!
December 5th, 2008
The tighter integration of Rails with Rack continues.
August 21st, 2008
Rack 0.4 has been released!
May 31st, 2008
Rack development moves to Git.
May 24th, 2008
There now is a Google Group on Rack Development.
February 26th, 2008
Rack 0.3 has been released!
November 10th, 2007
Rack has been presented at the Euruko 2007.
October 2007
Ryan Allen gave a presentation on Rack (PDF).
May 16th, 2007
Rack 0.2 has been released!

Documentation

Contact

More information

License

Rack is licensed under the very liberal MIT License.

Get it!

Current stable release:

gem install rack

Bleeding-Edge

Available on GitHub:

git clone git://github.com/rack/rack.git

The repository is browsable online, too.

Releases

Rack 1.4.1
rack-1.4.1.tar.gz (e822bb1c1dd9306f1f4cc6c7c208ac3fe0aa4018)
Rack 1.4.0
rack-1.4.0.tar.gz (0fec4d01e20b1ad13fd7809d0083292a71d3ec84)
Rack 1.3.6
rack-1.3.6.tar.gz (367f91c3b3917a8d3709c8ec13d09cca5d3ca253)
Rack 1.3.5
rack-1.3.5.tar.gz (9768a2140711c3a92e194ddeb2f5671f6aa89bf3)
Rack 1.3.4
rack-1.3.4.tar.gz (bdd02c8185c0c184e56b05489554f91b0f5feb4a)
Rack 1.3.3
rack-1.3.3.tar.gz (5bcb00a9d8cbd87c415ad08958db0768ce589c1b)
Rack 1.3.2
rack-1.3.2.tar.gz (b351131fb809375f7ebed128a541664b8be26c8b)
Rack 1.3.1
rack-1.3.1.tar.gz (d0149b63b50b3c6b819ccabf6d93ce28f4de9db6)
Rack 1.3.0
rack-1.3.0.tar.gz (214a3af03896e9b1fbddbe647b796426d930edd8)
Rack 1.2.0
rack-1.2.0.tar.gz (c69b0a120b249832f9701e6a9fe6692e6728940f)
Rack 1.1.0
rack-1.1.0.tar.gz (0289477e44262c5067c61cfe13b39d0de2f3f3de)
Rack 1.0.1
rack-1.0.1.tar.gz (d489661be03d0c5d08daa4158b09e937778783ed)
Rack 1.0.0
rack-1.0.0.tar.gz (53609db88608fb846a0a62df803ae2bb33372cfe)
Rack 0.9.1
rack-0.9.1.tar.gz (237e24207b39c384d78c266d86bbf2a0808dc417)
Rack 0.9
rack-0.9.0.tar.gz (445f542ed89308b9352d7653f33fe63c50453e3e)
Rack 0.4
rack-0.4.0.tar.gz (65a19e53a0dc661f4055d043126585b49a0b618d)
Rack 0.3
rack-0.3.0.tar.gz (5e92f2901d2dc77eb0453fc3acdd6c4a07fc167a)
Rack 0.2
rack-0.2.0.tar.gz (f1063711f228d19875a3211d71308b5c)
Rack 0.1
rack-0.1.0.tar.gz (79b46158b7b30adcd7a9148cc7ed4305)