v2.4.1

Version 2.4.1

v2.3.2

Version 2.3.2

v2.3.1

This is a "dummy" release to warn about breaking changes coming in version 3.0.

v2.3.0

• Fix frozen string literal error #431
• Set OutputStream.write_buffer's buffer to binmode #439
• Upgrade rubocop and fix various linting complaints #437 #440

Tooling:

• Add a bin/console script for development #420
• Update rake requirement (development dependency only) to fix a security alert.

v2.2.0

• Add support for decompression plugin gems #427

v2.1.0

• Fix (at least partially) the restore_times and restore_permissions options to Zip::File.new #413
  • Previously, neither option did anything, regardless of what it was set to. We have therefore defaulted them to false to preserve the current behavior, for the time being. If you have explicitly set either to true, it will now have an effect.
  • Fix handling of UniversalTime (mtime, atime, ctime) fields. #421
  • Previously, Zip::File did not pass the options to Zip::Entry in some cases. #423
  • Note that restore_times in this release does nothing on Windows and only restores mtime, not atime or ctime.
• Allow Zip::File.open to take an options hash like Zip::File.new #418
• Always print warnings with warn, instead of a mix of puts and warn #416
• Create temporary files in the system temporary directory instead of the directory of the zip file #411
• Drop unused tmpdir requirement #411

Tooling

• Move CI to xenial and include jruby on JDK11 #419

v2.0.0

Security

• Default the validate_entry_sizes option to true, so that callers can trust an entry's reported size when using extract #403
  • This option defaulted to false in 1.3.0 for backward compatibility, but it now defaults to true. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to true.

Tooling / Documentation

• Remove test files from the gem to avoid problems with antivirus detections on the test files #405 / #384
• Drop support for unsupported ruby versions #406

v1.3.0

Security

• Add validate_entry_sizes option so that callers can trust an entry's reported size when using extract #403
  • This option defaults to false for backward compatibility in this release, but you are strongly encouraged to set it to true. It will default to true in rubyzip 2.0.

New Feature

• Add add_stored method to simplify adding entries without compression #366

Tooling / Documentation

• Add more gem metadata links #402

v1.2.4

• Do not rewrite zip files opened with open_buffer that have not changed #360

Tooling / Documentation

• Update example_recursive.rb in README #397
• Hold CI at trusty for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 #399

v1.2.3

• Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376)
• Support frozen string literals in more files #390
• Require pathname explicitly #388 (fixes regression in 1.2.2 from #376)

Tooling / Documentation:

• CI updates #392, #394
  • Bump supported ruby versions and add 2.6
  • JRuby failures are no longer ignored (reverts #375 / part of #371)
• Add changelog entry that was missing for last release #387
• Comment cleanup #385

Since the GitHub release information for 1.2.2 is missing, I will also include it here:

1.2.2

NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See #376 (comment) for details.

• Fix CVE-2018-1000544 #376 / #371
• Fix NoMethodError: undefined method `glob' #363
• Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set #358
• Fix close on StringIO-backed zip file #353
• Add Zip.force_entry_names_encoding option #340
• Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes #332, #355
• Save temporary files to temporary directory (rather than current directory) #325

Tooling / Documentation:

• Turn off all terminal output in all tests #361
• Several CI updates #346, #347, #350, #352
• Several README improvements #345, #326, #321