[racket-users] Racket Web Server Security Vulnerability

We recently discovered a serious security vulnerability in the Racket web server, which can lead to unintended disclosure of files on the machine running the web server. This vulnerability is fixed in Racket version 6.4, just released, and we encourage people to upgrade to that version. The

[racket-users] Racket v6.4

Racket version 6.4 is now available from http://racket-lang.org/ - We fixed a security vulnerability in the web server. The existing web server is vulnerable to a navigation attack if it is also enabled to serve files statically; that is, any file readable by the web server is

[racket-users] Package documentation category with info.rkt

Hi Racket users, I'm wondering how to control the documentation category for user-defined packages? For example, I've created a YAML package and would like it to show up under "Parsing Libraries". I tried setting (define scribblings '(("yaml/yaml.scrbl" () (parsing-library in info.rkt,

[racket-users] Using scribble to print BSL output

Prior to v6.3, I was able to create a BSL evaluator with the following set up: @(define-syntax-rule (*sl-eval module-lang reader def ...) ;; ===>>> (let () (define me (make-base-eval))

Re: [racket-users] Expression-style printing and quotation: helpful or harmful?

On 02/07/2016 08:38 PM, Alexis King wrote: > I appreciate your input, Matthew, but the location of the documentation > is a separate conversation—the point seems to be that the current > documentation is insufficient. Throwing a whole book at someone who is > confused about apostrophes in their

[racket-users] anyone using MongoDB 2.x or 3.2 with Racket 6.x ?

I tried: (require (planet jaymccarthy/mongodb:1:12)) and got some errors about write permissions on both Windows and Mac OS X. The console messages referenced "planet/300" so I wondered if the driver is stale. Is this MongoDB driver incompatible with the Racket I'm using (6.3)? The docs

Re: [racket-users] Slack IRC bridge malfunctioning

Neil, hello. Separately from the question about the wisdom or not of a Slack/IRC bridge, you mentioned On 7 Feb 2016, at 20:31, Neil Van Dyke wrote: much less bridged to this billion-dollar data-grabbing intermediary Slack dotcom. Is that a thing that Slack do? I've previously been

[racket-users] Re: anyone using MongoDB 2.x or 3.2 with Racket 6.x ?

That library is the old Planet one, Racket has a new package management system and the mongodb package has been moved to it. Try running `raco pkg install mongodb` at a terminal (or installing through DrRacket's GUI) and then `(require mongodb)`. The package server

[racket-users] Re: Slack IRC bridge malfunctioning

Slack's business model would be negatively affected by user data mining. They operate on a "free for small hobbyist use, expensive for large corporate use". Corporations do not like when you mine their data and are generally able to do far more about it than average citizens. By default Slack's

[racket-users] Re: Racket Web Server Security Vulnerability

On Mon, 8 Feb 2016 11:16:03 -0500, Sam Tobin-Hochstadt wrote: >The vulnerability affects web servers that serve static files using >the `#:extra-static-files` option, including the default value of this >option. Um ... where is that keyword used? Or documented? I'm

Re: [racket-users] Re: anyone using MongoDB 2.x or 3.2 with Racket 6.x ?

I believe that the pkgs test fail because mongodb isn't installed on the machine, which is understandable. It's really an example of "platform dependencies". Jay On Mon, Feb 8, 2016 at 2:14 PM, Geoffrey Knauth wrote: > That did the trick, Jack, thanks. I should have realized

Re: [racket-users] Re: Racket Web Server Security Vulnerability

On Mon, Feb 8, 2016 at 1:43 PM, George Neuner wrote: > On Mon, 8 Feb 2016 11:16:03 -0500, Sam Tobin-Hochstadt > wrote: > >>The vulnerability affects web servers that serve static files using >>the `#:extra-static-files` option, including the default

[racket-users] Re: anyone using MongoDB 2.x or 3.2 with Racket 6.x ?

That did the trick, Jack, thanks. I should have realized raco was the answer, but thank you! All's well now. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [racket-users] Re: Slack IRC bridge malfunctioning

Slack looks slightly better than the average dotcoms[*], but a skim of even their ToU shows what are likely showstoppers for a CIO or IT manager who does their due-diligence. Even moreso if you're not paying Slack, and may consequently have less legal standing, and no SLA.

Re: [racket-users] Re: Slack IRC bridge malfunctioning

On Monday, February 8, 2016 at 10:25:50 AM UTC-8, Jack Firth wrote: > Slack's business model would be negatively affected by user data mining. They > operate on a "free for small hobbyist use, expensive for large corporate > use". Corporations do not like when you mine their data and are