New
v282.1.0
Full Changelog: https://github.com/cloudfoundry/bosh/compare/v282.0.10...v282.1.0 Same as v282.0.10 which should be a minor release update.
Fixed CVEs:
- CVE-2025-61770: rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
- CVE-2025-61771: rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
- CVE-2025-61772: rack: Rack memory exhaustion denial of service
- CVE-2025-61919: rubygem-rack: Unbounded read in
Rack::Requestform parsing can lead to memory exhaustion
Package Updates:
- Updates nginx from 1.29.1 to 1.29.2
What's Changed
- Bump actions/setup-go from 5 to 6 by @dependabot[bot] in https://github.com/cloudfoundry/bosh/pull/2624
- [RFC0038] Introduce prefix allocation by @fmoehler in https://github.com/cloudfoundry/bosh/pull/2611 https://github.com/cloudfoundry/bosh/pull/2626 https://github.com/cloudfoundry/bosh/pull/2628 https://github.com/cloudfoundry/bosh/pull/2629 https://github.com/cloudfoundry/bosh/pull/2630 https://github.com/cloudfoundry/bosh/pull/2631
- Update workstation_setup.md by @fmoehler in https://github.com/cloudfoundry/bosh/pull/2627