Package Updates:

• Updates nginx from 1.29.2 to 1.29.3

Full Changelog: v282.1.1...v282.1.2

What's Changed

• CI: switch internal CIDR away from 10.0.0.0 by @aramprice in #2634
• adapt create_vm and attach_disk call for new cpi version 3 by @fmoehler in #2633
• remove duplicate ip addresses with smaller prefix by @fmoehler in #2636

Full Changelog: v282.1.0...v282.1.1

Full Changelog: v282.0.10...v282.1.0
Same as v282.0.10 which should be a minor release update.

Fixed CVEs:

• CVE-2025-61770: rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
• CVE-2025-61771: rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
• CVE-2025-61772: rack: Rack memory exhaustion denial of service
• CVE-2025-61919: rubygem-rack: Unbounded read in Rack::Request form parsing can lead to memory exhaustion

Package Updates:

• Updates nginx from 1.29.1 to 1.29.2

What's Changed

• Bump actions/setup-go from 5 to 6 by @dependabot[bot] in #2624
• [RFC0038] Introduce prefix allocation by @fmoehler in #2611 #2626 #2628 #2629 #2630 #2631
• Update workstation_setup.md by @fmoehler in #2627

Fixed CVEs:

• CVE-2025-61770: rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
• CVE-2025-61771: rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
• CVE-2025-61772: rack: Rack memory exhaustion denial of service
• CVE-2025-61919: rubygem-rack: Unbounded read in Rack::Request form parsing can lead to memory exhaustion

Package Updates:

• Updates nginx from 1.29.1 to 1.29.2

What's Changed

• Bump actions/setup-go from 5 to 6 by @dependabot[bot] in #2624
• [RFC0038] Introduce prefix allocation by @fmoehler in #2611
• Fix regression issues by @fmoehler in #2626
• add missing expectations for integration tests by @fmoehler in #2628
• Update workstation_setup.md by @fmoehler in #2627
• stringify prefix for networks and not only its subnets by @fmoehler in #2629
• fix test expectation by @fmoehler in #2630
• Avoid unnecessary redeploys by @fmoehler in #2631

Full Changelog: v282.0.9...v282.0.10

Fixed CVEs:

• CVE-2025-58767: rexml: REXML denial of service

What's Changed

• Add 'file' package to Dockerfile dependencies for intergration by @ramonskie in #2621

Full Changelog: v282.0.8...v282.0.9

Updates:

• Updates mariadb-connector from 3.4.5 to 3.4.7

Full Changelog: v282.0.7...v282.0.8

Package Updates:

• Updates director-ruby-3.3 from 3.3.8 to 3.3.9
• Updates nginx from 1.29.0 to 1.29.1

Updates:

• Updates postgresql-13 from 13.21 to 13.22
• Updates postgresql-15 from 15.13 to 15.14

What's Changed

• Fix tags extraction from runtime config by @IvayloIvanovSAP in #2617
• CI/Dev: remove fly sync from fly rake task by @mkocher in #2619
• Bump actions/checkout from 4 to 5 by @dependabot[bot] in #2620

New Contributors

• @IvayloIvanovSAP made their first contribution in #2617
• @mkocher made their first contribution in #2619

Full Changelog: v282.0.6...v282.0.7

Package Updates:

• Updates nginx from 1.28.0 to 1.29.0

Full Changelog: v282.0.5...v282.0.6

Fixed CVEs:

• CVE-2025-46727: rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser
• CVE-2025-49007: rack: rubygem-rack: Rack Content-Disposition Denial of Service

Updates:

• Updates postgresql-13 from 13.20 to 13.21
• Updates postgresql-15 from 15.12 to 15.13

What's Changed

• Bump golangci/golangci-lint-action from 7 to 8 by @dependabot in #2613

Full Changelog: v282.0.4...v282.0.5

Package Updates:

• Updates nginx from 1.27.5 to 1.28.0

Updates:

• Updates nats-server from 2.11.1 to 2.11.2

What's Changed

• Extract bosh-template to bosh-common by @aramprice in #2608

Full Changelog: v282.0.3...v282.0.4