Loading...

XML

Word

Printable

Type: Task
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 2.16.0 GA
Component/s: Backend
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Upgrade rack dependency to fix potential CVEs:

CVE-2025-49007 Fix ReDoS in multipart request.

CVE-2025-61772 Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

CVE-2025-61771 Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

CVE-2025-61770 Unbounded multipart preamble buffering enables DoS (memory exhaustion)

CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass.

CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion.

See release notes: https://github.com/rack/rack/blob/main/CHANGELOG.md#3119---2025-11-03

clones

THREESCALE-12049 Upgrade rack for apisonator

To Test (QE)

links to

RHEA-2025:155899 Red Hat 3scale API Management 2.16.1 Release - Container Images

mentioned on

Merge request - Updated US source to: 7a113dd Merge pull request #445 from 3scale/upgrde-rack-2.16

Assignee:: Unassigned

Reporter:: Daria Mayorova

Developer:: Daria Mayorova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/11/06 11:15 AM

Updated:: 2025/11/12 11:35 AM