UbuntuUpdates.org

Package "ruby-rack"

Name: ruby-rack

Description:

modular Ruby webserver interface
Latest version: 2.2.7-1.1ubuntu0.25.04.1
Release: plucky (25.04)
Level: security
Repository: main
Homepage: https://rack.github.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ruby-rack"

All arch deb package
APT INSTALL

Other versions of "ruby-rack" in Plucky

Repository Area Version
base main 2.2.7-1.1
updates main 2.2.7-1.1ubuntu0.25.04.1

Changelog

Version: 2.2.7-1.1ubuntu0.25.04.1 2025-05-12 13:07:22 UTC

  ruby-rack (2.2.7-1.1ubuntu0.25.04.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Race condition with authentication sessions.
    - debian/patches/CVE-2025-32441.patch: Add get_session_with_fallback()
      check and pool.store in ./lib/rack/session/pool.rb.
    - CVE-2025-32441
  * SECURITY UPDATE: Denial of service through large query parameters.
    - debian/patches/CVE-2025-46727.patch: Add query parameter limit and
      bytesize limit and corresponding checks in ./lib/rack/query_parser.rb.
    - CVE-2025-46727

 -- Hlib Korzhynskyy <email address hidden> Thu, 08 May 2025 15:12:56 -0230
CVE-2025-32441 Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can
CVE-2025-46727 Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/


About   -   Send Feedback to @ubuntu_updates