cloudfoundry/bosh v282.1.0

on GitHub

Full Changelog: v282.0.10...v282.1.0
Same as v282.0.10 which should be a minor release update.

Fixed CVEs:

• CVE-2025-61770: rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
• CVE-2025-61771: rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
• CVE-2025-61772: rack: Rack memory exhaustion denial of service
• CVE-2025-61919: rubygem-rack: Unbounded read in Rack::Request form parsing can lead to memory exhaustion

Package Updates:

• Updates nginx from 1.29.1 to 1.29.2

What's Changed

• Bump actions/setup-go from 5 to 6 by @dependabot[bot] in #2624
• [RFC0038] Introduce prefix allocation by @fmoehler in #2611 #2626 #2628 #2629 #2630 #2631
• Update workstation_setup.md by @fmoehler in #2627