Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: Update to version 2.2.20 bsc1251936 CVE-2025-61919: Fixed application/x-www-form-urlencoded, callingrack.input.readnil without enforcing a length or cap bsc1251936 CVE-2025-61780: Fixed improper handling of headers in Rack::Sendfile allows...

[SECURITY] [DLA 4357-1] ruby-rack security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4357-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta November 01, 2025 https://wiki.debian.org/LTS -...

CVE-2025-61780

A potential information disclosure vulnerability has been identified in the RubyGem Rack affecting Rack::Sendfile when used behind a proxy that supports x-sendfile headers e.g., Nginx. When processing untrusted x-sendfile-type or x-accel-mapping headers, the middleware could misinterpret them as...

CVE-2025-61780

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in Rack::Sendfile when running behind a proxy that supports x-sendfile headers such as Nginx. Specially crafted headers could cause Rack::Sendfile to...