Skip to content

v282.1.7

Choose a tag to compare

View all tags
@bosh-admin-bot bosh-admin-bot released this 09 Apr 09:35
v282.1.7
ef36ef9

Fixed CVEs:

  • CVE-2026-33946: MCP Ruby SDK - Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
  • CVE-2026-34785: github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check
  • CVE-2026-34827: rack: Rack: Denial of Service via crafted multipart/form-data requests
  • CVE-2026-34829: rack: Rack: Denial of Service via unbounded multipart file upload

Package Updates:

  • Updates nginx from 1.29.7 to 1.29.8

What's Changed

  • Add disk update action via CPI by @neddp in #2701
  • Fix integration tests broken by new update_disk function by @neddp in #2703
  • Fix unit test flakes by ordering configs by ID by @aramprice in #2704
  • Fix IP Allocation Bug: Reserved Range Not Detected by @neddp in #2657
  • Fix ~75% flake rate in upgrade-mysql and upgrade-postgres pipelines by @aramprice in #2705

Full Changelog: v282.1.6...v282.1.7

Contributors

aramprice and neddp
Assets 2
Loading