Releases: cloudfoundry/bosh
Releases · cloudfoundry/bosh
v282.1.2
v282.1.1
What's Changed
- CI: switch internal CIDR away from 10.0.0.0 by @aramprice in #2634
- adapt create_vm and attach_disk call for new cpi version 3 by @fmoehler in #2633
- remove duplicate ip addresses with smaller prefix by @fmoehler in #2636
Full Changelog: v282.1.0...v282.1.1
Contributors
aramprice and fmoehler
Assets 2
v282.1.0
Full Changelog: v282.0.10...v282.1.0
Same as v282.0.10 which should be a minor release update.
Fixed CVEs:
- CVE-2025-61770: rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
- CVE-2025-61771: rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
- CVE-2025-61772: rack: Rack memory exhaustion denial of service
- CVE-2025-61919: rubygem-rack: Unbounded read in
Rack::Requestform parsing can lead to memory exhaustion
Package Updates:
- Updates nginx from 1.29.1 to 1.29.2
What's Changed
Contributors
dependabot and fmoehler
Assets 2
v282.0.10
Fixed CVEs:
- CVE-2025-61770: rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
- CVE-2025-61771: rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
- CVE-2025-61772: rack: Rack memory exhaustion denial of service
- CVE-2025-61919: rubygem-rack: Unbounded read in
Rack::Requestform parsing can lead to memory exhaustion
Package Updates:
- Updates nginx from 1.29.1 to 1.29.2
What's Changed
- Bump actions/setup-go from 5 to 6 by @dependabot[bot] in #2624
- [RFC0038] Introduce prefix allocation by @fmoehler in #2611
- Fix regression issues by @fmoehler in #2626
- add missing expectations for integration tests by @fmoehler in #2628
- Update workstation_setup.md by @fmoehler in #2627
- stringify prefix for networks and not only its subnets by @fmoehler in #2629
- fix test expectation by @fmoehler in #2630
- Avoid unnecessary redeploys by @fmoehler in #2631
Full Changelog: v282.0.9...v282.0.10
Contributors
dependabot and fmoehler
Assets 2
v282.0.9
Fixed CVEs:
- CVE-2025-58767: rexml: REXML denial of service
What's Changed
- Add 'file' package to Dockerfile dependencies for intergration by @ramonskie in #2621
Full Changelog: v282.0.8...v282.0.9
Contributors
ramonskie
Assets 2
v282.0.8
v282.0.7
Package Updates:
- Updates director-ruby-3.3 from 3.3.8 to 3.3.9
- Updates nginx from 1.29.0 to 1.29.1
Updates:
- Updates postgresql-13 from 13.21 to 13.22
- Updates postgresql-15 from 15.13 to 15.14
What's Changed
- Fix tags extraction from runtime config by @IvayloIvanovSAP in #2617
- CI/Dev: remove
fly syncfrom fly rake task by @mkocher in #2619 - Bump actions/checkout from 4 to 5 by @dependabot[bot] in #2620
New Contributors
- @IvayloIvanovSAP made their first contribution in #2617
- @mkocher made their first contribution in #2619
Full Changelog: v282.0.6...v282.0.7
Contributors
mkocher, dependabot, and IvayloIvanovSAP
Assets 2
v282.0.6
v282.0.5
Fixed CVEs:
- CVE-2025-46727: rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
- CVE-2025-49007: rack: rubygem-rack: Rack Content-Disposition Denial of Service
Updates:
- Updates postgresql-13 from 13.20 to 13.21
- Updates postgresql-15 from 15.12 to 15.13
What's Changed
- Bump golangci/golangci-lint-action from 7 to 8 by @dependabot in #2613
Full Changelog: v282.0.4...v282.0.5
Contributors
dependabot
Assets 2
v282.0.4
Package Updates:
- Updates nginx from 1.27.5 to 1.28.0
Updates:
- Updates nats-server from 2.11.1 to 2.11.2
What's Changed
- Extract
bosh-templatetobosh-commonby @aramprice in #2608
Full Changelog: v282.0.3...v282.0.4
Contributors
aramprice