[CVE] Updating Rack by johnmccrae · Pull Request #367 · chef/chef-zero

johnmccrae · 2026-05-26T22:09:16Z

Description

Rack 3.2.5 has a CVE. Chef-Zero was vulnerable to all kinds of mayhem because the version constraint was too low. We're fixing that here.

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Breaking change (fix or feature that would cause existing functionality to change)
Chore (non-breaking change that does not add functionality or fix an issue)

I have read the CONTRIBUTING document.
I have run the pre-merge tests locally and they pass.
I have updated the documentation accordingly.
I have added tests to cover my changes.
If Gemfile.lock has changed, I have used --conservative to do it and included the full output in the Description above.
All new and existing tests passed.
All commits have been signed-off for the Developer Certificate of Origin.

Signed-off-by: John McCrae <john.mccrae@progress.com>

Updating Rack

26a7235

Signed-off-by: John McCrae <john.mccrae@progress.com>

johnmccrae requested review from a team and jaymzh as code owners May 26, 2026 22:09

tpowell-progress approved these changes May 27, 2026

View reviewed changes

johnmccrae changed the title ~~Updating Rack~~ [CVE] Updating Rack May 27, 2026

johnmccrae merged commit a15dd17 into main May 27, 2026
43 checks passed

johnmccrae deleted the jfm/chef18-update-rack branch May 27, 2026 18:52