## 1.6.0

* Noop backend
* No longer read responses from cache when we already have them
* renamed files from entitystore -> entity_store (metastore/cachecontrol/appengine) and added warns for old ones

## 1.5.1

* fix key generation for query strings that include encoded equals

## 1.5.0

* only catch StandardError and not Exception

## 1.4.3

* After overriding the REQUEST_METHOD, store the original request method in "rack.methodoverride.original_method"

## 1.4.1

* Ignore invalid Expires date as per RFC

## 1.4.0

* Not invalidating the cache for preflight CORS request

## 1.3.1 / October 2015

* Support Ruby 1.9

## 1.3 / Octorber 2015

* Ruby 2.0 only

* Gracefully degrade when cache store goes offline

* allow_reload/revalidate is not enabled by default

* Make Rack::Cache multithread friendly

## 1.2 / March 2012

* Fix a cookie leak vulnerability effecting large numbers of Rails 3.x installs:
  https://github.com/rtomayko/rack-cache/pull/52

* Never 304 on PUT or POST requests.

* Misc bundler and test tooling fixes.

## 1.1 / September 2011

* Allow (INM/IMS) validation requests through to backend on miss. Makes it
  possible to use validation for private / uncacheable responses. A number of
  people using Rails's stale?() helper reported that their validation logic was
  never kicking in.

* Add rack env rack-cache.force-pass option to bypass rack-cache on
  per request basis

* Fix an issue with memcache namespace not being set when using the
  :namespace option instead of :prefix_key.

* Fix test failures due to MockResponse changes in recent Rack
  version (issue #34)

## 1.0.3 / August 2011

* Fix bug passing options to memcached and dalli

* Document cache_key

## 1.0.1 / April 2011

* Added lib/rack-cache.rb to match package name for auto-requiring machinery.

* Fixed a number of issues caused by Rack::Cache not closing the body received
  from the application. Rack::Lock and other middleware use body.close to
  signal the true end of request processing so failure to call this method
  can result in strange issues (e.g.,
  "ThreadError: deadlock; recursive locking")

* Fixed a bug where Rack::Cache would blow up writing the rack env to the meta
  store when the env contained an all uppercase key whose value wasn't
  marshalable. Passenger and some other stuff write such keys apparently.

* The test suite has moved from test-spec to bacon. This is a short term
  solution to the problem of not being able to run tests under Ruby 1.9.x.
  The test suite will be moved to basic Test::Unit style sometime in the
  future.

## 1.0 / December 2010

* Rack::Cache is 1.0 and will now maintain semantic versioning <http://semver.org/>

* Add Dalli memcache client support and removed support for the unmaintained
  memcache-client library. You will need to move your apps to Dalli before
  upgrading rack-cache to 1.0.

## 0.5.3 / September 2010

* A matching If-Modified-Since is ignored if an If-None-Match is also provided
  and doesn't match. This is in line with RFC 2616.

* Converts string status codes to integers before returns to workaround bad
  behaving rack middleware and apps.

* Misc doc clean up.

## 0.5.2 / September 2009

* Exceptions raised from the metastore are not fatal. This makes a lot of
  sense in most cases because its okay for the cache to be down - it
  shouldn't blow up your app.

## 0.5.1 / June 2009

* Added support for memcached clusters and other advanced
  configuration provided by the memcache-client and memcached
  libraries. The "metastore" and "entitystore" options can now be
  set to a MemCache object or Memcached object:

  memcache = MemCache.new(['127.1.1.1', '127.1.1.2'], :namespace => "/foo")
  use Rack::Cache,
    :metastore => memcache,
    :entitystore => memcache

* Fix "memcached://" metastore URL handling. The "memcached" variation
  blew up, the "memcache" version was fine.

## 0.5.0 / May 2009

* Added meta and entity store implementations based on the
  memcache-client library. These are the default unless the memcached
  library has already been required.

* The "allow_reload" and "allow_revalidate" options now default to
  false instead of true. This means we break with RFC 2616 out of
  the box but this is the expected configuration in a huge majority
  of gateway cache scenarios. See the docs on configuration
  options for more information on these options:
  http://tomayko.com/src/rack-cache/configuration

* Added Google AppEngine memcache entity store and metastore
  implementations. To use GAE's memcache with rack-cache, set the
  "metastore" and "entitystore" options as follows:

      use Rack::Cache,
        :metastore   => 'gae://cache-meta',
        :entitystore => 'gae://cache-body'

  The 'cache-meta' and 'cache-body' parts are memcache namespace
  prefixes and should be set to different values.

## 0.4.0 / March 2009

* Ruby 1.9.1 / Rack 1.0 compatible.

* Invalidate cache entries that match the request URL on non-GET/HEAD
  requests. i.e., POST, PUT, DELETE cause matching cache entries to
  be invalidated. The cache entry is validated with the backend using
  a conditional GET the next time it's requested.

* Implement "Cache-Control: max-age=N" request directive by forcing
  validation when the max-age provided exceeds the age of the cache
  entry. This can be disabled by setting the "allow_revalidate" option to
  false.

* Properly implement "Cache-Control: no-cache" request directive by
  performing a full reload. RFC 2616 states that when "no-cache" is
  present in the request, the cache MUST NOT serve a stored response even
  after successful validation. This is slightly different from the
  "no-cache" directive in responses, which indicates that the cache must
  first validate its entry with the origin. Previously, we implemented
  "no-cache" on requests by passing so no new cache entry would be stored
  based on the response. Now we treat it as a forced miss and enter the
  response into the cache if it's cacheable. This can be disabled by
  setting the "allow_reload" option to false.

* Assume identical semantics for the "Pragma: no-cache" request header
  as the "Cache-Control: no-cache" directive described above.

* Less crazy logging. When the verbose option is set, a single log entry
  is written with a comma separated list of trace events. For example, if
  the cache was stale but validated, the following log entry would be
  written: "cache: stale, valid, store". When the verbose option is false,
  no logging occurs.

* Added "X-Rack-Cache" response header with the same comma separated trace
  value as described above. This gives some visibility into how the cache
  processed the request.

* Add support for canonicalized cache keys, as well as custom cache key
  generators, which are specified in the options as :cache_key as either
  any object that has a call() or as a block. Cache key generators get
  passed a request object and return a cache key string.

## 0.3.0 / December 2008

* Add support for public and private cache control directives. Responses
  marked as explicitly public are cached even when the request includes
  an Authorization or Cookie header. Responses marked as explicitly private
  are considered uncacheable.

* Added a "private_headers" option that dictates which request headers
  trigger default "private" cache control processing. By default, the
  Cookie and Authorization headers are included. Headers may be added or
  removed as necessary to change the default private logic.

* Adhere to must-revalidate/proxy-revalidate cache control directives by
  not assigning the default_ttl to responses that don't include freshness
  information. This should let us begin using default_ttl more liberally
  since we can control it using the must-revalidate/proxy-revalidate directives.

* Use the s-maxage Cache-Control value in preference to max-age when
  present. The ttl= method now sets the s-maxage value instead of max-age.
  Code that used ttl= to control freshness at the client needs to change
  to set the max-age directive explicitly.

* Enable support for X-Sendfile middleware by responding to #to_path on
  bodies served from disk storage. Adding the Rack::Sendfile component
  upstream from Rack::Cache will result in cached bodies being served
  directly by the web server (instead of being read in Ruby).

* BUG: MetaStore hits but EntityStore misses. This would 500 previously; now
  we detect it and act as if the MetaStore missed as well.

* Implement low level #purge method on all concrete entity store
  classes -- removes the entity body corresponding to the SHA1 key
  provided and returns nil.

* Basically sane handling of HEAD requests. A HEAD request is never passed
  through to the backend except when transitioning with pass!. This means
  that the cache responds to HEAD requests without invoking the backend at
  all when the cached entry is fresh. When no cache entry exists, or the
  cached entry is stale and can be validated, the backend is invoked with
  a GET request and the HEAD is handled right before the response
  is delivered upstream.

* BUG: The Age response header was not being set properly when a stale
  entry was validated. This would result in Age values that exceeded
  the freshness lifetime in responses.

* BUG: A cached entry in a heap meta store could be unintentionally
  modified by request processing since the cached objects were being
  returned directly. The result was typically missing/incorrect header
  values (e.g., missing Content-Type header). [dkubb]

* BUG: 304 responses should not include entity headers (especially
  Content-Length). This is causing Safari/WebKit weirdness on 304
  responses.

* BUG: The If-None-Match header was being ignored, causing the cache
  to send 200 responses to matching conditional GET requests.

## 0.2.0 / 2008-10-24 / Initial Release

* Document events and transitions in `rack/cache/config/default.rb`
* Basic logging support (`trace`, `warn`, `info`, `error` from within Context)
* EntityStore: store entity bodies keyed by SHA
* MetaStore: store response headers keyed by URL
* Last-Modified/ETag validation
* Vary support
* Implement error! transition
* New Rack::Cache::Core
* memcached meta and entity store implementations
* URI based storage configuration
* Read options from Rack env if present (rack-cache.XXX keys)
* `object` is now `entry`
* Documentation framework and website
* Document storage areas and implementations
* Document configuration/events

## 0.1.0 / 2008-07-21 / Proof of concept (unreleased)

* Basic core with event support
* `#import` method for bringing in config files
* Freshness based expiration
* RFC 2616 If-Modified-Since based validation
* A horribly shitty storage back-end (Hash in mem)
* Don't cache hop-by-hop headers: Connection, Keep-Alive, Proxy-Authenticate,
  Proxy-Authorization, TE, Trailers, Transfer-Encoding, Upgrade