We have just released Open Build Service 2.10.20 which fixes security vulnerabilities. You should update
your installations as soon as possible.
## Fixed Issues
* Update globalid gem from 1.0.0 to 1.0.1
- Fixes CVE-2023-22799 ReDoS based DoS vulnerability in the GlobalID gem
* Update rack gem from 2.2.4 to 126.96.36.199
- Fixes CVE-2022-44571 Denial of service vulnerability in the Content-Disposition parsing
component of Rack.
- Fixes CVE-2022-44572 Denial of service vulnerability in the multipart parsing component
- Fixes CVE-2022-44570 Possible denial of service vulnerability in the Range header
parsing component of Rack.
## How to Update
Package updates are available from the 2.10 repositories
Fixed appliances can be downloaded from
-- Lukas Krause, Build Solutions SUSE Software Solutions Germany GmbH Maxfeldstrasse 5 90409 Nürnberg (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev