Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-12049

Upgrade rack for apisonator

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • Backend
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started

      Upgrade rack dependency to fix potential CVEs:

      • CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)
      • CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
      • CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)
      • CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.
      • CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.

      See release notes: https://github.com/rack/rack/blob/main/CHANGELOG.md#3119---2025-11-03

              Unassigned Unassigned
              rhn-support-dmayorov Daria Mayorova
              Daria Mayorova Daria Mayorova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: