Changes in Rack 2

rack2.diff

diff --git a/HISTORY.md b/HISTORY.md
index 2635c60..406d175 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,14 +1,162 @@
-Fri Jun 19 07:14:50 2015  Matthew Draper <matthew@trebex.net>
+Sun Dec 4 18:48:03 2015  Jeremy Daer <jeremydaer@gmail.com>
 
-	* Work around a Rails incompatibility in our private API
+	* First-party "SameSite" cookies. Browsers omit SameSite cookies
+	from third-party requests, closing the door on many CSRF attacks.
+
+	Pass `same_site: true` (or `:strict`) to enable:
+	    response.set_cookie 'foo', value: 'bar', same_site: true
+	or `same_site: :lax` to use Lax enforcement:
+	    response.set_cookie 'foo', value: 'bar', same_site: :lax
+
+	Based on version 7 of the Same-site Cookies internet draft:
+	https://tools.ietf.org/html/draft-west-first-party-cookies-07
+
+	Thanks to Ben Toews (@mastahyeti) and Bob Long (@bobjflong) for
+	updating to drafts 5 and 7.
+
+Tue Nov  3 16:17:26 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Add `Rack::Events` middleware for adding event based middleware:
+	middleware that does not care about the response body, but only cares
+	about doing work at particular points in the request / response
+	lifecycle.
+
+Thu Oct  8 14:58:46 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Add `Rack::Request#authority` to calculate the authority under which
+	the response is being made (this will be handy for h2 pushes).
+
+Tue Oct  6 13:19:04 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Add `Rack::Response::Helpers#cache_control` and `cache_control=`.
+	Use this for setting cache control headers on your response objects.
+
+Tue Oct  6 13:12:21 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Add `Rack::Response::Helpers#etag` and `etag=`.  Use this for
+	setting etag values on the response.
+
+Sun Oct 3 18:25:03 2015  Jeremy Daer <jeremydaer@gmail.com>
+
+	* Introduce `Rack::Response::Helpers#add_header` to add a value to a
+	multi-valued response header. Implemented in terms of other
+	`Response#*_header` methods, so it's available to any response-like
+	class that includes the `Helpers` module.
+
+	* Add `Rack::Request#add_header` to match.
+
+Fri Sep  4 18:34:53 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* `Rack::Session::Abstract::ID` IS DEPRECATED.  Please switch to
+	`Rack::Session::Abstract::Persisted`.
+	`Rack::Session::Abstract::Persisted` uses a request object rather than
+	the `env` hash.
+
+Fri Sep  4 17:32:12 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Pull `ENV` access inside the request object in to a module.  This
+	will help with legacy Request objects that are ENV based but don't
+	want to inherit from Rack::Request
+
+Fri Sep  4 16:09:11 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Move most methods on the `Rack::Request` to a module
+	`Rack::Request::Helpers` and use public API to get values from the
+	request object.  This enables users to mix `Rack::Request::Helpers` in
+	to their own objects so they can implement
+	`(get|set|fetch|each)_header` as they see fit (for example a proxy
+	object).
+
+Fri Sep  4 14:15:32 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Files and directories with + in the name are served correctly.
+	Rather than unescaping paths like a form, we unescape with a URI
+	parser using `Rack::Utils.unescape_path`. Fixes #265
+
+Thu Aug 27 15:43:48 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Tempfiles are automatically closed in the case that there were too
+	many posted.
+
+Thu Aug 27 11:00:03 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Added methods for manipulating response headers that don't assume
+	they're stored as a Hash. Response-like classes may include the
+	Rack::Response::Helpers module if they define these methods:
+
+	  * Rack::Response#has_header?
+	  * Rack::Response#get_header
+	  * Rack::Response#set_header
+	  * Rack::Response#delete_header
+
+Mon Aug 24 18:05:23 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Introduce Util.get_byte_ranges that will parse the value of the
+	HTTP_RANGE string passed to it without depending on the `env` hash.
+	`byte_ranges` is deprecated in favor of this method.
+
+Sat Aug 22 17:49:49 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Change Session internals to use Request objects for looking up
+	session information. This allows us to only allocate one request
+	object when dealing with session objects (rather than doing it every
+	time we need to manipulate cookies, etc).
+
+Fri Aug 21 16:30:51 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Add `Rack::Request#initialize_copy` so that the env is duped when
+	the request gets duped.
+
+Thu Aug 20 16:20:58 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	* Added methods for manipulating request specific data.  This includes
+	data set as CGI parameters, and just any arbitrary data the user wants
+	to associate with a particular request.  New methods:
+
+	  * Rack::Request#has_header?
+	  * Rack::Request#get_header
+	  * Rack::Request#fetch_header
+	  * Rack::Request#each_header
+	  * Rack::Request#set_header
+	  * Rack::Request#delete_header
+
+Thu Jun 18 16:00:05 2015  Aaron Patterson <tenderlove@ruby-lang.org>
+
+	*  lib/rack/utils.rb: add a method for constructing "delete" cookie
+	headers.  This allows us to construct cookie headers without depending
+	on the side effects of mutating a hash.
 
 Fri Jun 12 11:37:41 2015  Aaron Patterson <tenderlove@ruby-lang.org>
 
 	* Prevent extremely deep parameters from being parsed. CVE-2015-3225
 
-### December 18th, Thirty sixth public release 1.6.0
-
-### February 7th, Thirty fifth public release 1.5.2
+### May 6th, 2015, Thirty seventh public release 1.6.1
+  - Fix CVE-2014-9490, denial of service attack in OkJson ([8cd610](https://github.com/rack/rack/commit/8cd61062954f70e0a03e2855704e95ff4bdd4f6e))
+  - Use a monotonic time for Rack::Runtime, if available ([d170b2](https://github.com/rack/rack/commit/d170b2363c949dce60871f9d5a6bfc83da2bedb5))
+  - RACK_MULTIPART_LIMIT changed to RACK_MULTIPART_PART_LIMIT (RACK_MULTIPART_LIMIT is deprecated and will be removed in 1.7.0) ([c096c5](https://github.com/rack/rack/commit/c096c50c00230d8eee13ad5f79ad027d9a3f3ca9))
+  - See the full [git history](https://github.com/rack/rack/compare/1.6.0...1.6.1) and [milestone tag](https://github.com/rack/rack/issues?utf8=%E2%9C%93&q=milestone%3A%22Rack+1.6%22)
+
+### May 6th, 2015, Thirty seventh public release 1.5.3
+  - Fix CVE-2014-9490, denial of service attack in OkJson ([99f725](https://github.com/rack/rack/commit/99f725b583b357376ffbb7b3b042c5daa3106ad6))
+  - Backport bug fixes to 1.5 series ([#585](https://github.com/rack/rack/pull/585), [#711](https://github.com/rack/rack/pull/711), [#756](https://github.com/rack/rack/pull/756))
+  - See the full [git history](https://github.com/rack/rack/compare/1.5.2...1.5.3) and [milestone tag](https://github.com/rack/rack/issues?utf8=%E2%9C%93&q=milestone%3A%22Rack+1.5.3%22)
+
+### December 18th, 2014, Thirty sixth public release 1.6.0
+  - Response#unauthorized? helper ([#580](https://github.com/rack/rack/pull/580))
+  - Deflater now accepts an options hash to control compression on a per-request level ([#457](https://github.com/rack/rack/pull/457))
+  - Builder#warmup method for app preloading ([#617](https://github.com/rack/rack/pull/617))
+  - Request#accept_language method to extract HTTP_ACCEPT_LANGUAGE ([#623](https://github.com/rack/rack/pull/623))
+  - Add quiet mode of rack server, rackup --quiet ([#674](https://github.com/rack/rack/pull/674))
+  - Update HTTP Status Codes to RFC 7231 ([#754](https://github.com/rack/rack/pull/754))
+  - Less strict header name validation according to [RFC 2616](https://tools.ietf.org/html/rfc2616) ([#399](https://github.com/rack/rack/pull/399))
+    - SPEC updated to specify headers conform to RFC7230 specification ([6839fc](https://github.com/rack/rack/commit/6839fc203339f021cb3267fb09cba89410f086e9))
+  - Etag correctly marks etags as weak ([#681](https://github.com/rack/rack/issues/681))
+  - Request#port supports multiple x-http-forwarded-proto values ([#669](https://github.com/rack/rack/pull/669))
+  - Utils#multipart_part_limit configures the maximum number of parts a request can contain ([#684](https://github.com/rack/rack/pull/684))
+  - Default host to localhost when in development mode ([#514](https://github.com/rack/rack/pull/514))
+  - Various bugfixes and performance improvements (See the full [git history](https://github.com/rack/rack/compare/1.5.2...1.6.0) and [milestone tag](https://github.com/rack/rack/issues?utf8=%E2%9C%93&q=milestone%3A%22Rack+1.6%22))
+
+### February 7th, 2013, Thirty fifth public release 1.5.2
   - Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
   - Fix CVE-2013-0262, symlink path traversal in Rack::File
   - Add various methods to Session for enhanced Rails compatibility
@@ -18,7 +166,7 @@ Fri Jun 12 11:37:41 2015  Aaron Patterson <tenderlove@ruby-lang.org>
   - Fix a race condition that could result in overwritten pidfiles
   - Various documentation additions
 
-### February 7th, Thirty fifth public release 1.4.5
+### February 7th, 2013, Thirty fifth public release 1.4.5
   - Fix CVE-2013-0263, timing attack against Rack::Session::Cookie
   - Fix CVE-2013-0262, symlink path traversal in Rack::File
 
@@ -353,3 +501,5 @@ Fri Jun 12 11:37:41 2015  Aaron Patterson <tenderlove@ruby-lang.org>
   - Removed Rails adapter, was too alpha.
 
 ### March 3rd, 2007: First public release 0.1.
+
+/* vim: set filetype=changelog */

How Obtained:

git clone https://github.com/rack/rack.git
cd rack
git diff 1.6.4 2.0.0 HISTORY.md | gist -f rack2.diff -d 'Changes in Rack 2'