Release Minor release 2.10.29 · openSUSE/open-build-service

2.10.29
ed0b012
Choose a tag to compare

Filter

View all tags

2.10.29
ed0b012
Choose a tag to compare

Filter

View all tags

eduardoj tagged this 21 Nov 15:57

Features
========

Backend:
 * Support added for zstd compressed repomd meta data of download on demand repositories

Bugfixes
========

Frontend:
 * Update rack RubyGem to version 2.2.20
   - Unbounded parameter parsing in Rack::QueryParser can lead to memory exhaustion via semicolon-separated parameters (CVE-2025-59830)
   - Unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)
   - Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)
   - Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) (CVE-2025-61772)
   - Improper handling of headers in Rack::Sendfile may allow proxy bypass (CVE-2025-61780)
   - Unbounded read in Rack::Request form parsing can lead to memory exhaustion (CVE-2025-61919)

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Choose a tag to compare

Sorry, something went wrong.

Sorry, something went wrong.

Uh oh!

No results found

Uh oh!