{"id":25,"name":null,"description":"A modular Ruby web server interface.","url":"https://github.com/rack/rack","last_synced_at":"2026-04-30T22:01:49.494Z","repository":{"id":471102,"uuid":"96071","full_name":"rack/rack","owner":"rack","description":"A modular Ruby web server interface.","archived":false,"fork":false,"pushed_at":"2026-04-23T18:00:47.000Z","size":10731,"stargazers_count":5104,"open_issues_count":22,"forks_count":1671,"subscribers_count":152,"default_branch":"main","last_synced_at":"2026-04-24T17:21:59.391Z","etag":null,"topics":["rack","ruby","web"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2008-12-24T03:03:12.000Z","updated_at":"2026-04-24T11:15:31.000Z","dependencies_parsed_at":"2023-07-05T14:56:26.099Z","dependency_job_id":"6440b9dc-988a-4040-ae84-aebeb15e21c8","html_url":"https://github.com/rack/rack","commit_stats":{"total_commits":2694,"total_committers":544,"mean_commits":4.952205882352941,"dds":0.902746844840386,"last_synced_commit":"49d4ed033f9c6d0bdba7b2a181437589049dbf7f"},"previous_names":[],"tags_count":175,"template":false,"template_full_name":null,"purl":"pkg:github/rack/rack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","download_url":"https://codeload.github.com/rack/rack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/sbom","scorecard":{"id":748637,"data":{"date":"2025-08-11","repo":{"name":"github.com/rack/rack","commit":"ee7ac5a1db5bc5c65e4b83342b8f4df88ef3c075"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.6,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/depsreview.yaml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/documentation.yaml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/test-external.yaml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yaml:6","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":10,"reason":"27 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 15/29 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depsreview.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/depsreview.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depsreview.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/depsreview.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/documentation.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-external.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test-external.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-external.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test-external.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test.yaml/main?enable=pin","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: MIT-LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 504 Gateway Timeout body: \"{\\\"message\\\": \\\"We couldn't respond to your request in time. Sorry about that. Please try resubmitting your request and contact us if the problem persists.\\\"}\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T19:37:06.182Z","repository_id":471102,"created_at":"2025-08-22T19:37:06.182Z","updated_at":"2025-08-22T19:37:06.182Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32243803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T13:21:15.438Z","status":"ssl_error","status_checked_at":"2026-04-24T13:21:15.005Z","response_time":64,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"owner":{"login":"rack","name":"Official Rack repositories","uuid":"42379","kind":"organization","description":null,"email":null,"website":"http://rack.github.com","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/42379?v=4","repositories_count":10,"last_synced_at":"2024-03-25T19:32:49.958Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/rack","funding_links":[],"total_stars":12549,"followers":47,"following":0,"created_at":"2022-11-02T16:17:24.220Z","updated_at":"2024-03-25T19:32:56.784Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack/repositories"},"packages":[{"id":8614638,"name":"github.com/rack/rack","ecosystem":"go","description":null,"homepage":null,"licenses":"other","normalized_licenses":["Other"],"repository_url":"https://github.com/rack/rack","keywords_array":[],"namespace":null,"versions_count":67,"first_release_published_at":"2023-12-02T02:14:48.795Z","latest_release_published_at":"2026-04-01T06:31:03.000Z","latest_release_number":"v3.2.6+incompatible","last_synced_at":"2026-04-29T16:20:25.956Z","created_at":"2023-12-02T02:14:44.921Z","updated_at":"2026-04-29T16:20:25.957Z","registry_url":"https://pkg.go.dev/github.com/rack/rack","install_command":"go get github.com/rack/rack","documentation_url":"https://pkg.go.dev/github.com/rack/rack#section-documentation","metadata":{},"repo_metadata":{"id":471102,"uuid":"96071","full_name":"rack/rack","owner":"rack","description":"A modular Ruby web server interface.","archived":false,"fork":false,"pushed_at":"2026-02-16T03:41:48.000Z","size":10572,"stargazers_count":5097,"open_issues_count":17,"forks_count":1668,"subscribers_count":153,"default_branch":"main","last_synced_at":"2026-02-28T17:40:20.197Z","etag":null,"topics":["rack","ruby","web"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2008-12-24T03:03:12.000Z","updated_at":"2026-02-26T08:30:47.000Z","dependencies_parsed_at":"2023-07-05T14:56:26.099Z","dependency_job_id":"6440b9dc-988a-4040-ae84-aebeb15e21c8","html_url":"https://github.com/rack/rack","commit_stats":{"total_commits":2694,"total_committers":544,"mean_commits":4.952205882352941,"dds":0.902746844840386,"last_synced_commit":"49d4ed033f9c6d0bdba7b2a181437589049dbf7f"},"previous_names":[],"tags_count":169,"template":false,"template_full_name":null,"purl":"pkg:github/rack/rack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","download_url":"https://codeload.github.com/rack/rack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/sbom","scorecard":{"id":748637,"data":{"date":"2025-08-11","repo":{"name":"github.com/rack/rack","commit":"ee7ac5a1db5bc5c65e4b83342b8f4df88ef3c075"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.6,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/depsreview.yaml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/documentation.yaml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/test-external.yaml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yaml:6","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":10,"reason":"27 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 15/29 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depsreview.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/depsreview.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depsreview.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/depsreview.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/documentation.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-external.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test-external.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-external.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test-external.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test.yaml/main?enable=pin","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: MIT-LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 504 Gateway Timeout body: \"{\\\"message\\\": \\\"We couldn't respond to your request in time. Sorry about that. Please try resubmitting your request and contact us if the problem persists.\\\"}\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T19:37:06.182Z","repository_id":471102,"created_at":"2025-08-22T19:37:06.182Z","updated_at":"2025-08-22T19:37:06.182Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29948226,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-28T18:42:55.706Z","status":"ssl_error","status_checked_at":"2026-02-28T18:42:48.811Z","response_time":90,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"rack","name":"Official Rack repositories","uuid":"42379","kind":"organization","description":null,"email":null,"website":"http://rack.github.com","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/42379?v=4","repositories_count":10,"last_synced_at":"2024-03-25T19:32:49.958Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/rack","funding_links":[],"total_stars":12549,"followers":47,"following":0,"created_at":"2022-11-02T16:17:24.220Z","updated_at":"2024-03-25T19:32:56.784Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack/repositories"},"tags":[{"name":"v3.2.4","sha":"4c24539777db8833d78f881680cd245878cfba31","kind":"tag","published_at":"2025-11-02T12:41:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.4","html_url":"https://github.com/rack/rack/releases/tag/v3.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.4/manifests"},{"name":"v3.1.19","sha":"b29df3156208326916cf60482eaec42574b65ff0","kind":"tag","published_at":"2025-11-02T12:28:58.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.19","html_url":"https://github.com/rack/rack/releases/tag/v3.1.19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.19/manifests"},{"name":"v2.2.21","sha":"851dc02672eca361a48e5a097818aa3cec1d3206","kind":"tag","published_at":"2025-11-02T12:18:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.21","html_url":"https://github.com/rack/rack/releases/tag/v2.2.21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.21/manifests"},{"name":"v3.2.3","sha":"32bf8887d00bd86494f0ce08c46cda59a65d332f","kind":"tag","published_at":"2025-10-10T00:40:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.3","html_url":"https://github.com/rack/rack/releases/tag/v3.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.3/manifests"},{"name":"v3.1.18","sha":"96cf07879a084e4488d705ed093395e86bb554f5","kind":"tag","published_at":"2025-10-10T00:39:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.18","html_url":"https://github.com/rack/rack/releases/tag/v3.1.18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.18/manifests"},{"name":"v2.2.20","sha":"6ef591522bb44f80654ad1a80654ba46cafdc7c1","kind":"tag","published_at":"2025-10-10T00:36:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.20","html_url":"https://github.com/rack/rack/releases/tag/v2.2.20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.20/manifests"},{"name":"v3.2.2","sha":"bce149b11154e851c437b5ece1c026c943f4b571","kind":"tag","published_at":"2025-10-07T01:55:07.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.2","html_url":"https://github.com/rack/rack/releases/tag/v3.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.2/manifests"},{"name":"v3.1.17","sha":"8d141b301dd1eeda363d87d61499fe21dd90f4a5","kind":"tag","published_at":"2025-10-07T01:52:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.17","html_url":"https://github.com/rack/rack/releases/tag/v3.1.17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.17/manifests"},{"name":"v2.2.19","sha":"4c4ea296fdfd115377912aa7dbcb55b83bf2888e","kind":"tag","published_at":"2025-10-07T01:50:11.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.19","html_url":"https://github.com/rack/rack/releases/tag/v2.2.19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.19/manifests"},{"name":"v2.2.18","sha":"0f76d43c0d5624bd0d325df4f0a63f5e1faa7254","kind":"tag","published_at":"2025-09-25T09:01:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.18","html_url":"https://github.com/rack/rack/releases/tag/v2.2.18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.18/manifests"},{"name":"v3.2.1","sha":"14c8731436785d7e79a4db0f3304769a26083182","kind":"tag","published_at":"2025-09-02T02:53:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.1","html_url":"https://github.com/rack/rack/releases/tag/v3.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.1/manifests"},{"name":"v3.2.0","sha":"b68251c03788ff39d4a4b25424df7360426e4afd","kind":"tag","published_at":"2025-07-30T22:28:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.0","html_url":"https://github.com/rack/rack/releases/tag/v3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.0/manifests"},{"name":"v3.1.16","sha":"df2f3f2804373acafc429ed9f0770847a9c6b226","kind":"tag","published_at":"2025-06-04T22:28:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.16","html_url":"https://github.com/rack/rack/releases/tag/v3.1.16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.16/manifests"},{"name":"v2.2.17","sha":"9163ac3f5fac795179f9935e2ba6533a0ca1cf82","kind":"tag","published_at":"2025-06-03T01:57:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.17","html_url":"https://github.com/rack/rack/releases/tag/v2.2.17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.17/manifests"},{"name":"v3.0.18","sha":"e95f187b11c5f342d2de00a38ce10bc7ad435409","kind":"tag","published_at":"2025-05-22T06:06:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.18","html_url":"https://github.com/rack/rack/releases/tag/v3.0.18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.18/manifests"},{"name":"v2.2.16","sha":"2a32ecaaa8460a9af9963ee46ba04afbd1b47220","kind":"tag","published_at":"2025-05-22T05:33:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.16","html_url":"https://github.com/rack/rack/releases/tag/v2.2.16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.16/manifests"},{"name":"v3.1.15","sha":"835e15bf9e51846471e3da63ce474f6836ebd203","kind":"tag","published_at":"2025-05-18T02:39:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.15","html_url":"https://github.com/rack/rack/releases/tag/v3.1.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.15/manifests"},{"name":"v3.0.17","sha":"29094bd481b7849b1dd44423ac9ff22b225f52bf","kind":"tag","published_at":"2025-05-18T02:38:35.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.17","html_url":"https://github.com/rack/rack/releases/tag/v3.0.17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.17/manifests"},{"name":"v2.2.15","sha":"d2b6af2062a4687f928491f801984b948a63ecbb","kind":"tag","published_at":"2025-05-18T02:37:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.15","html_url":"https://github.com/rack/rack/releases/tag/v2.2.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.15/manifests"},{"name":"v3.1.14","sha":"5440b2c8b006f1c2ef202c2bd60dd70924c9b1c1","kind":"tag","published_at":"2025-05-06T21:35:14.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.14","html_url":"https://github.com/rack/rack/releases/tag/v3.1.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.14/manifests"},{"name":"v3.0.16","sha":"5a1591960cbe28ed87e7fe5e00cbb7d6524f593b","kind":"tag","published_at":"2025-05-06T21:34:09.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.16","html_url":"https://github.com/rack/rack/releases/tag/v3.0.16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.16/manifests"},{"name":"v2.2.14","sha":"d0dcf75706d72d7e874ee31934a97881c1a439ce","kind":"tag","published_at":"2025-05-06T21:33:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.14","html_url":"https://github.com/rack/rack/releases/tag/v2.2.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.14/manifests"},{"name":"v3.1.13","sha":"037953789da9cd49c4a3453ade6ede13619276e0","kind":"tag","published_at":"2025-04-13T12:27:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.13","html_url":"https://github.com/rack/rack/releases/tag/v3.1.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.13/manifests"},{"name":"v3.0.15","sha":"9413a87c2a88203ad06955aea29ede2d1f39526a","kind":"tag","published_at":"2025-04-13T12:19:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.15","html_url":"https://github.com/rack/rack/releases/tag/v3.0.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.15/manifests"},{"name":"v3.1.12","sha":"e8f47608668d507e0f231a932fa37c9ca551c0a5","kind":"tag","published_at":"2025-03-10T21:22:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.12","html_url":"https://github.com/rack/rack/releases/tag/v3.1.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.12/manifests"},{"name":"v3.0.14","sha":"340cd1f11f9d6c16c0c50bba2be0062aa661baf0","kind":"tag","published_at":"2025-03-10T21:20:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.14","html_url":"https://github.com/rack/rack/releases/tag/v3.0.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.14/manifests"},{"name":"v2.2.13","sha":"df6c47357f6c6bec2d585f45f417285d813d9b3a","kind":"tag","published_at":"2025-03-10T21:18:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.13","html_url":"https://github.com/rack/rack/releases/tag/v2.2.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.13/manifests"},{"name":"v2.2.12","sha":"78296637d7b35dcd357a64e8c76bd7f664c1cdbf","kind":"tag","published_at":"2025-03-04T05:45:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.12","html_url":"https://github.com/rack/rack/releases/tag/v2.2.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.12/manifests"},{"name":"v3.0.13","sha":"ef96f4aa2f6f670233eca3e9bc780809914dd93b","kind":"tag","published_at":"2025-03-04T05:37:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.13","html_url":"https://github.com/rack/rack/releases/tag/v3.0.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.13/manifests"},{"name":"v3.1.11","sha":"c827c3324827f3aefe73f0800d1a717c0c15537b","kind":"tag","published_at":"2025-03-04T05:36:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.11","html_url":"https://github.com/rack/rack/releases/tag/v3.1.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.11/manifests"},{"name":"v2.2.11","sha":"aa5a0f532aac7a57e4bc7e857eca1c38229f7b30","kind":"tag","published_at":"2025-02-12T03:54:10.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.11","html_url":"https://github.com/rack/rack/releases/tag/v2.2.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.11/manifests"},{"name":"v3.0.12","sha":"545951332eb66efb8e61ed51cb16c95443d85dc6","kind":"tag","published_at":"2025-02-12T03:32:58.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.12","html_url":"https://github.com/rack/rack/releases/tag/v3.0.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.12/manifests"},{"name":"v3.1.10","sha":"03494889c72513eee24a3fc715eb34869a7d4c88","kind":"tag","published_at":"2025-02-12T03:29:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.10","html_url":"https://github.com/rack/rack/releases/tag/v3.1.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.10/manifests"},{"name":"v3.1.9","sha":"e217a399eb116362710aac7c5b8dc691ea2189b3","kind":"tag","published_at":"2025-01-30T22:38:55.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.9","html_url":"https://github.com/rack/rack/releases/tag/v3.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.9/manifests"},{"name":"v3.1.8","sha":"0eabeb73b3fb590e187dacfd9a890fbb7ffb9477","kind":"tag","published_at":"2024-10-14T01:51:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.8","html_url":"https://github.com/rack/rack/releases/tag/v3.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.8/manifests"},{"name":"v2.2.10","sha":"14c9dec60bb4a1c5b848d829d5a0a6572b63293b","kind":"tag","published_at":"2024-10-14T01:47:19.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.10","html_url":"https://github.com/rack/rack/releases/tag/v2.2.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.10/manifests"},{"name":"v3.1.7","sha":"4bb2f723fa103de1351acd6a53d1889fd5578848","kind":"tag","published_at":"2024-07-11T01:45:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.7","html_url":"https://github.com/rack/rack/releases/tag/v3.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.7/manifests"},{"name":"v3.1.6","sha":"98aa9474180a09d722e7e1d8e75eb683be787b3c","kind":"tag","published_at":"2024-07-02T15:30:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.6","html_url":"https://github.com/rack/rack/releases/tag/v3.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.6/manifests"},{"name":"v3.1.5","sha":"3620bb1d140da996a95d941c64eda5dd7b54ed47","kind":"tag","published_at":"2024-07-02T06:41:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.5","html_url":"https://github.com/rack/rack/releases/tag/v3.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.5/manifests"},{"name":"v3.1.4","sha":"c108f08f23e9df8b2f741390a847cddb038e5f9a","kind":"tag","published_at":"2024-06-22T10:00:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.4","html_url":"https://github.com/rack/rack/releases/tag/v3.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.4/manifests"},{"name":"v3.1.3","sha":"e2020c155201e48dfcd87cd1d9cfa1b439fb66be","kind":"tag","published_at":"2024-06-12T07:24:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.3","html_url":"https://github.com/rack/rack/releases/tag/v3.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.3/manifests"},{"name":"v3.1.2","sha":"d43ab86513818c04dc27e89c6e426c12dfb05835","kind":"commit","published_at":"2024-06-11T20:38:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.2","html_url":"https://github.com/rack/rack/releases/tag/v3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.2/manifests"},{"name":"v3.1.1","sha":"899a415498c591ece9dc28bcb78cd9e2b3ab776d","kind":"tag","published_at":"2024-06-11T20:02:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.1","html_url":"https://github.com/rack/rack/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"606365ba1353cbffdf94422c20166dc2e6d6286d","kind":"tag","published_at":"2024-06-11T05:49:54.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.0","html_url":"https://github.com/rack/rack/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.0/manifests"},{"name":"v2.2.9","sha":"b1deebdc0a4f61cc141cece5a911917ff1e4b901","kind":"tag","published_at":"2024-03-21T01:18:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.9","html_url":"https://github.com/rack/rack/releases/tag/v2.2.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.9/manifests"},{"name":"v3.0.10","sha":"d3c545e69d58e588622bcf9b1ab9f971b8a02112","kind":"tag","published_at":"2024-03-20T21:56:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.10","html_url":"https://github.com/rack/rack/releases/tag/v3.0.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.10/manifests"},{"name":"v3.0.9.1","sha":"a4bc5e0f41c750135969ceece8772ab112dc8f17","kind":"tag","published_at":"2024-02-21T19:23:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.9.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9.1/manifests"},{"name":"v2.2.8.1","sha":"e83001100ad9dd24e1744b13669dcb2736a13ebd","kind":"tag","published_at":"2024-02-21T19:22:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.8.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.8.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8.1/manifests"},{"name":"v2.1.4.4","sha":"c465c6389cc56ffdfa30718e490f31bcc2efbfc9","kind":"tag","published_at":"2024-02-21T19:21:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.4","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.1.4.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.4/manifests"},{"name":"v2.0.9.4","sha":"8eb8bc6c7c4d3dd912d169c850fe2695d1728555","kind":"tag","published_at":"2024-02-21T19:20:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.4","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.0.9.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.4/manifests"},{"name":"v3.0.9","sha":"0b3f997e7bb14c1dc42130e1eb50e62797d8c039","kind":"tag","published_at":"2024-01-31T07:51:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.9","html_url":"https://github.com/rack/rack/releases/tag/v3.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9/manifests"},{"name":"v2.2.8","sha":"f169ff75b0a0b84c031960ffc5fcd0414eb64a2e","kind":"tag","published_at":"2023-07-31T02:43:28.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.8","html_url":"https://github.com/rack/rack/releases/tag/v2.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8/manifests"},{"name":"v3.0.8","sha":"d28c464bcb55a9e26b9a9656e4ba484d327515ed","kind":"tag","published_at":"2023-06-14T02:01:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.8","html_url":"https://github.com/rack/rack/releases/tag/v3.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.8/manifests"},{"name":"v2.2.7","sha":"983b6e3b29a2048a86518c008fc46f4c86105683","kind":"tag","published_at":"2023-04-24T23:22:06.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.7","html_url":"https://github.com/rack/rack/releases/tag/v2.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.7/manifests"},{"name":"v3.0.7","sha":"2429b7ba38e402fc2e29405cab69395134020aed","kind":"tag","published_at":"2023-03-16T02:22:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.7","html_url":"https://github.com/rack/rack/releases/tag/v3.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.7/manifests"},{"name":"v2.2.6.4","sha":"27addc7f1ae290b6b84c1c351e5b6d75a05bb40b","kind":"tag","published_at":"2023-03-13T18:08:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.4","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.4/manifests"},{"name":"v3.0.6.1","sha":"098d8e12c1553411ee198d7890c1fd9f1e8cf979","kind":"tag","published_at":"2023-03-13T18:07:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.6.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6.1/manifests"},{"name":"v3.0.6","sha":"e9e9ae663d83f142d7666aee49622287828fa06f","kind":"tag","published_at":"2023-03-13T05:59:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.6","html_url":"https://github.com/rack/rack/releases/tag/v3.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6/manifests"},{"name":"v3.0.5","sha":"9f8ba5e1fdf860338af7a65519278b32de00f516","kind":"tag","published_at":"2023-03-12T06:27:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.5","html_url":"https://github.com/rack/rack/releases/tag/v3.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.5/manifests"},{"name":"v3.0.4.2","sha":"5c18f306ef0d26917d490aa1f686dd68de738384","kind":"tag","published_at":"2023-03-02T22:56:37.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4.2","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.2/manifests"},{"name":"v2.2.6.3","sha":"d6b5b2bab88f458fb048133604faebea952d8133","kind":"tag","published_at":"2023-03-02T22:56:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.3","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.3/manifests"},{"name":"v2.1.4.3","sha":"7bdc55dd21ec76811ad74c1ae14c1588d2f2ca49","kind":"tag","published_at":"2023-03-02T22:55:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.3","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.1.4.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.3/manifests"},{"name":"v2.0.9.3","sha":"9996d403584fb7609708f582f7647868b4444949","kind":"tag","published_at":"2023-03-02T22:54:34.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.3","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.0.9.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.3/manifests"},{"name":"v3.0.4.1","sha":"d1b4c2d82ac5444228d30e66f38156f7046b4296","kind":"tag","published_at":"2023-01-17T21:27:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.1/manifests"},{"name":"v2.1.4.2","sha":"8b8efd9591876cb6d40b3120388a8b9a0e083777","kind":"tag","published_at":"2023-01-17T21:26:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.2","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.1.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.2/manifests"},{"name":"v2.0.9.2","sha":"d573159067d8dc64db97beff67621654754e86f2","kind":"tag","published_at":"2023-01-17T21:26:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.2","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.0.9.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.2/manifests"},{"name":"v2.2.6.2","sha":"2606ac5d5d180c00a8cbcaa4d634276bab06500e","kind":"tag","published_at":"2023-01-17T21:22:10.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.2","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.2/manifests"},{"name":"v2.2.6.1","sha":"20bc90c2431d7fabcd1873410543cf3d72f65004","kind":"tag","published_at":"2023-01-17T21:21:54.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.1/manifests"},{"name":"v3.0.4","sha":"9a2f06e7c20ca89b9e12b305bbd21901bd106d1e","kind":"tag","published_at":"2023-01-16T22:40:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4/manifests"},{"name":"v2.2.6","sha":"ea39e49442e0008bfce4ad628ce52a4be2a20b5b","kind":"tag","published_at":"2023-01-16T21:04:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6/manifests"},{"name":"v3.0.3","sha":"081ae02a1e3fbd925c1dc85d6c4d91d09ca29514","kind":"tag","published_at":"2022-12-26T20:20:01.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.3","html_url":"https://github.com/rack/rack/releases/tag/v3.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.3/manifests"},{"name":"v2.2.5","sha":"8312a2fd6aee0950d7b2deb548aaf600cb871d80","kind":"tag","published_at":"2022-12-26T20:19:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.5","html_url":"https://github.com/rack/rack/releases/tag/v2.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.5/manifests"},{"name":"v3.0.2","sha":"dcbda319d807baab594820da58cf7bbf44702d1b","kind":"tag","published_at":"2022-12-05T05:12:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.2","html_url":"https://github.com/rack/rack/releases/tag/v3.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.2/manifests"},{"name":"v3.0.1","sha":"87984bf621be18c028a96f416bb222c68c8ae14c","kind":"tag","published_at":"2022-11-18T20:59:17.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.1/manifests"},{"name":"3.0.0","sha":"52901caf09ebcda879512a8605059963a49df55d","kind":"tag","published_at":"2022-09-06T16:28:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0","html_url":"https://github.com/rack/rack/releases/tag/3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@3.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0/manifests"},{"name":"3.0.0.rc1","sha":"12742a0610806acb769be67fd6c27fdc6c0ee593","kind":"tag","published_at":"2022-09-04T23:51:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0.rc1","html_url":"https://github.com/rack/rack/releases/tag/3.0.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@3.0.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.rc1/manifests"},{"name":"3.0.0.beta1","sha":"572a42a705b423ce98ef4e81435d4f60fb0ae53d","kind":"tag","published_at":"2022-08-08T20:34:36.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0.beta1","html_url":"https://github.com/rack/rack/releases/tag/3.0.0.beta1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@3.0.0.beta1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.beta1/manifests"},{"name":"2.2.4","sha":"abca7d59c566320f1b60d1f5224beac9d201fa3b","kind":"tag","published_at":"2022-06-30T22:19:37.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.4","html_url":"https://github.com/rack/rack/releases/tag/2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.4/manifests"},{"name":"2.2.3.1","sha":"925a4a6599ab26b4f3455b525393fe155d443655","kind":"tag","published_at":"2022-05-27T15:30:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.3.1","html_url":"https://github.com/rack/rack/releases/tag/2.2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3.1/manifests"},{"name":"2.1.4.1","sha":"374f89aaa9ee5dc1de0802bfecce988cabfa3ead","kind":"tag","published_at":"2022-05-27T15:29:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.4.1","html_url":"https://github.com/rack/rack/releases/tag/2.1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4.1/manifests"},{"name":"2.0.9.1","sha":"f9cc7c2ae161820e36635734cff6e932d99e6aa8","kind":"tag","published_at":"2022-05-27T15:29:26.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.9.1","html_url":"https://github.com/rack/rack/releases/tag/2.0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9.1/manifests"},{"name":"2.1.4","sha":"52808700e0ade4225625c6729529e13a6b31cc2f","kind":"tag","published_at":"2020-06-15T22:23:25.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.4","html_url":"https://github.com/rack/rack/releases/tag/2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4/manifests"},{"name":"2.2.3","sha":"1741c580d71cfca8e541e96cc372305c8892ee74","kind":"tag","published_at":"2020-06-15T22:23:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.3","html_url":"https://github.com/rack/rack/releases/tag/2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3/manifests"},{"name":"2.1.3","sha":"b9b8652334e833e32b5fb8627463632867b5d6a8","kind":"tag","published_at":"2020-05-12T21:43:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.3","html_url":"https://github.com/rack/rack/releases/tag/2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.3/manifests"},{"name":"v2.2.2","sha":"a5e80f01947954af76b14c1d1fdd8e79dd8337f3","kind":"tag","published_at":"2020-02-10T22:24:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.2","html_url":"https://github.com/rack/rack/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.2/manifests"},{"name":"v2.2.1","sha":"961d9761bcb2bee17c80bba8b7bc9e285086d6c4","kind":"tag","published_at":"2020-02-09T06:19:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.1/manifests"},{"name":"2.2.0","sha":"39d501a28c1fe51284addfe6dacffafb69d49849","kind":"tag","published_at":"2020-02-08T18:25:48.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.0","html_url":"https://github.com/rack/rack/releases/tag/2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.0/manifests"},{"name":"2.0.9","sha":"85684323f8f58409e717af91e446d257d496f8b8","kind":"tag","published_at":"2020-02-08T18:21:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.9","html_url":"https://github.com/rack/rack/releases/tag/2.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9/manifests"},{"name":"1.6.13","sha":"47a1fd73fc77f094573f4215b0fc884f4ac1c03c","kind":"tag","published_at":"2020-02-08T18:19:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.13","html_url":"https://github.com/rack/rack/releases/tag/1.6.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.13/manifests"},{"name":"2.1.2","sha":"16a51d8e0b64964323c3719b8154106af5cc0feb","kind":"tag","published_at":"2020-01-27T22:42:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.2","html_url":"https://github.com/rack/rack/releases/tag/2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.2/manifests"},{"name":"2.1.1","sha":"799a520a015de5938bc01faa8e90b76589c6e7d3","kind":"tag","published_at":"2020-01-11T22:18:02.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.1","html_url":"https://github.com/rack/rack/releases/tag/2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.1/manifests"},{"name":"2.1.0","sha":"879ae7163a399a9ed36d876668f4ecae4ae8b9e4","kind":"tag","published_at":"2020-01-10T17:48:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.0","html_url":"https://github.com/rack/rack/releases/tag/2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.0/manifests"},{"name":"1.6.12","sha":"de902e48d1c971fe145002039121afb69e10af5a","kind":"tag","published_at":"2019-12-18T18:05:59.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.12","html_url":"https://github.com/rack/rack/releases/tag/1.6.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.12/manifests"},{"name":"2.0.8","sha":"e7ee459546d217f32afc83e0b168c5eb9f95d784","kind":"tag","published_at":"2019-12-18T18:05:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.8","html_url":"https://github.com/rack/rack/releases/tag/2.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.8/manifests"},{"name":"2.0.7","sha":"7fb95dbec28dc70f3cfbba0a684db0735d8ab2ca","kind":"tag","published_at":"2019-04-02T16:53:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.7","html_url":"https://github.com/rack/rack/releases/tag/2.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.7/manifests"},{"name":"1.6.11","sha":"2bef132505cb2f80c432e3f4526dfef969cd2e25","kind":"tag","published_at":"2018-11-05T19:57:47.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.11","html_url":"https://github.com/rack/rack/releases/tag/1.6.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.11/manifests"},{"name":"2.0.6","sha":"8376dd11e6526a53432ee59b7a5d092bda9fc901","kind":"tag","published_at":"2018-11-05T19:29:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.6","html_url":"https://github.com/rack/rack/releases/tag/2.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.6/manifests"},{"name":"1.6.10","sha":"fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77","kind":"commit","published_at":"2018-04-23T17:50:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.10","html_url":"https://github.com/rack/rack/releases/tag/1.6.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.10/manifests"},{"name":"2.0.5","sha":"decd97682ec4c6345fe359b6a1d3c51e5fbdce5b","kind":"commit","published_at":"2018-04-23T17:44:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.5","html_url":"https://github.com/rack/rack/releases/tag/2.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.5/manifests"},{"name":"1.6.9","sha":"617aac0fb89f25603afc2b6497fdc3333354aee5","kind":"tag","published_at":"2018-02-28T18:51:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.9","html_url":"https://github.com/rack/rack/releases/tag/1.6.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.9/manifests"},{"name":"2.0.4","sha":"0a95875745ec65e91a57460a41373ae4d3a94934","kind":"commit","published_at":"2018-01-31T18:16:21.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.4","html_url":"https://github.com/rack/rack/releases/tag/2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.4/manifests"},{"name":"1.6.8","sha":"90afdf309b4c0665f542579a21fbd1c285d05083","kind":"tag","published_at":"2017-05-16T21:28:21.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.8","html_url":"https://github.com/rack/rack/releases/tag/1.6.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.8/manifests"},{"name":"2.0.3","sha":"6a5f356cc12e5801843fbd95ecc603416c901cf3","kind":"commit","published_at":"2017-05-15T16:49:24.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.3","html_url":"https://github.com/rack/rack/releases/tag/2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.3/manifests"},{"name":"1.6.7","sha":"51e8891e4807495d972fcba9832c4fdb30d37b50","kind":"commit","published_at":"2017-05-15T16:45:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.7","html_url":"https://github.com/rack/rack/releases/tag/1.6.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.7/manifests"},{"name":"2.0.2","sha":"620766d061975a67f80fa5dc3887563c1563a64d","kind":"commit","published_at":"2017-05-08T17:03:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.2","html_url":"https://github.com/rack/rack/releases/tag/2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.2/manifests"},{"name":"1.6.6","sha":"2ed117a11a8ed0455260b10f6696d4d3919f7dc5","kind":"commit","published_at":"2017-05-08T17:02:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.6","html_url":"https://github.com/rack/rack/releases/tag/1.6.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.6/manifests"},{"name":"1.6.5","sha":"1886a60e9b96c2a4106fd89eb41dc817696c6369","kind":"commit","published_at":"2016-11-10T21:51:57.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.5","html_url":"https://github.com/rack/rack/releases/tag/1.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.5/manifests"},{"name":"2.0.1","sha":"25a549883b85fb33970b4a1530a365c0c9e51f95","kind":"tag","published_at":"2016-06-30T17:34:34.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.1","html_url":"https://github.com/rack/rack/releases/tag/2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.1/manifests"},{"name":"2.0.0","sha":"1a408687493175250408fe87c5046bf1adfa6386","kind":"tag","published_at":"2016-06-30T15:39:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0","html_url":"https://github.com/rack/rack/releases/tag/2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0/manifests"},{"name":"2.0.0.rc1","sha":"9073125f71afd615091f575d74ec468a0b1b79bf","kind":"commit","published_at":"2016-05-06T20:51:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0.rc1","html_url":"https://github.com/rack/rack/releases/tag/2.0.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.rc1/manifests"},{"name":"2.0.0.alpha","sha":"f4562619c3c669404e39d9b09924bed5a6b71c14","kind":"commit","published_at":"2015-12-17T21:28:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0.alpha","html_url":"https://github.com/rack/rack/releases/tag/2.0.0.alpha","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.0.alpha","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.alpha","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.alpha/manifests"},{"name":"1.6.4","sha":"ee18520bd9894e68a5d2b26c82835c2e67a43a8b","kind":"commit","published_at":"2015-06-18T21:51:01.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.4","html_url":"https://github.com/rack/rack/releases/tag/1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.4/manifests"},{"name":"1.4.7","sha":"f5c09684fb93dbe76d7b9d0a0411d32ba5d66d04","kind":"commit","published_at":"2015-06-18T21:11:28.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.7","html_url":"https://github.com/rack/rack/releases/tag/1.4.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.7/manifests"},{"name":"1.5.5","sha":"e7e064611e1004ec62b593ec993a06d967d6c72e","kind":"commit","published_at":"2015-06-18T18:45:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.5","html_url":"https://github.com/rack/rack/releases/tag/1.5.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.5/manifests"},{"name":"1.6.3","sha":"134d6218d0881d87ae6a522e88eafbddb6cd1bb7","kind":"commit","published_at":"2015-06-18T18:40:38.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.3","html_url":"https://github.com/rack/rack/releases/tag/1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.3/manifests"},{"name":"1.4.6","sha":"e4f4df517b73ee4e7d365891f4ac2fb6a09a026c","kind":"commit","published_at":"2015-06-16T20:46:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.6","html_url":"https://github.com/rack/rack/releases/tag/1.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.6/manifests"},{"name":"1.5.4","sha":"90e627ab60d4df281206621a34271a9867a84fc7","kind":"commit","published_at":"2015-06-16T14:56:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.4","html_url":"https://github.com/rack/rack/releases/tag/1.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.4/manifests"},{"name":"1.6.2","sha":"90d7d2a8f7ab50cb80adcc05a7fcdd1dfa60f2ad","kind":"commit","published_at":"2015-06-12T18:40:36.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.2","html_url":"https://github.com/rack/rack/releases/tag/1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.2/manifests"},{"name":"1.5.3","sha":"14e139c4a87c2e1a94dd3e305d6f485a19719855","kind":"commit","published_at":"2015-05-06T18:42:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.3","html_url":"https://github.com/rack/rack/releases/tag/1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.3/manifests"},{"name":"1.6.1","sha":"08e62f29164505e50f3b3acc09e4c67a843e0172","kind":"commit","published_at":"2015-05-06T18:36:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.1","html_url":"https://github.com/rack/rack/releases/tag/1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.1/manifests"},{"name":"1.6.0","sha":"65a7104b6b3e9ecd8f33c63a478ab9a33a103507","kind":"tag","published_at":"2014-12-18T22:44:42.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0","html_url":"https://github.com/rack/rack/releases/tag/1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0/manifests"},{"name":"1.6.0.beta2","sha":"8cb9b65b4e7c7157aba0f5421e59c70411c919cf","kind":"tag","published_at":"2014-11-27T18:51:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0.beta2","html_url":"https://github.com/rack/rack/releases/tag/1.6.0.beta2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.0.beta2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta2/manifests"},{"name":"1.6.0.beta","sha":"e4e4c397e89c026f9c23500cf7fc14ccdb756010","kind":"tag","published_at":"2014-08-18T18:28:57.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0.beta","html_url":"https://github.com/rack/rack/releases/tag/1.6.0.beta","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.0.beta","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta/manifests"},{"name":"1.5.2","sha":"ac590d055c936bb9a618e955a690dc836c625211","kind":"tag","published_at":"2013-02-08T03:13:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.2","html_url":"https://github.com/rack/rack/releases/tag/1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.2/manifests"},{"name":"1.4.5","sha":"9939d40a5e23dcb058751d1029b794aa2f551900","kind":"tag","published_at":"2013-02-08T03:12:48.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.5","html_url":"https://github.com/rack/rack/releases/tag/1.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.5/manifests"},{"name":"1.3.10","sha":"a176b537d9e083033819efbafac3271bbbde23fb","kind":"tag","published_at":"2013-02-08T03:10:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.10","html_url":"https://github.com/rack/rack/releases/tag/1.3.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.10/manifests"},{"name":"1.2.8","sha":"ba8c6c2b3a5d03675ce7efc0e2308225809a74b8","kind":"tag","published_at":"2013-02-08T03:09:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.8","html_url":"https://github.com/rack/rack/releases/tag/1.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.8/manifests"},{"name":"1.1.6","sha":"0232e227b1cf3e67fbb82b2198311fa8ca618fbd","kind":"tag","published_at":"2013-02-08T03:08:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.6","html_url":"https://github.com/rack/rack/releases/tag/1.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.6/manifests"},{"name":"1.5.1","sha":"42b11a7fb918127143ca570af9930b2e7ef7222c","kind":"tag","published_at":"2013-01-28T22:51:59.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.1","html_url":"https://github.com/rack/rack/releases/tag/1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.1/manifests"},{"name":"1.5.0","sha":"0cba6a4d5aeb1ac8768b6ca36320731487fb596b","kind":"tag","published_at":"2013-01-22T07:36:55.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.0","html_url":"https://github.com/rack/rack/releases/tag/1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.0/manifests"},{"name":"1.4.4","sha":"ffbdb982a731df7c5b166354a09a3d239f7b18c8","kind":"tag","published_at":"2013-01-13T22:07:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.4","html_url":"https://github.com/rack/rack/releases/tag/1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.4/manifests"},{"name":"1.3.9","sha":"8ded2f72dce26a4f3e45ce810b8670e455c5ae9a","kind":"tag","published_at":"2013-01-13T22:06:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.9","html_url":"https://github.com/rack/rack/releases/tag/1.3.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.9/manifests"},{"name":"1.2.7","sha":"22ef9e18198eaa4cb7c6c38df296a2fa7c5d8581","kind":"tag","published_at":"2013-01-13T22:04:42.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.7","html_url":"https://github.com/rack/rack/releases/tag/1.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.7/manifests"},{"name":"1.1.5","sha":"966df947b0e826610409c63cdbff7ee325875393","kind":"tag","published_at":"2013-01-13T22:03:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.5","html_url":"https://github.com/rack/rack/releases/tag/1.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.5/manifests"},{"name":"1.4.3","sha":"55ea327306f9eb1fdc206e8f04c3c0e234591560","kind":"tag","published_at":"2013-01-07T18:49:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.3","html_url":"https://github.com/rack/rack/releases/tag/1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.3/manifests"},{"name":"1.3.8","sha":"231d1a9d482695c8e93ed043c39473228fb4406d","kind":"tag","published_at":"2013-01-07T18:48:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.8","html_url":"https://github.com/rack/rack/releases/tag/1.3.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.8/manifests"},{"name":"1.4.2","sha":"15c0365365a1719eb70c45a2a5a92b4afb610d5a","kind":"tag","published_at":"2013-01-07T02:42:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.2","html_url":"https://github.com/rack/rack/releases/tag/1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.2/manifests"},{"name":"1.3.7","sha":"d711ed8e997884be06d3e64372c04df2402ca469","kind":"tag","published_at":"2013-01-07T02:41:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.7","html_url":"https://github.com/rack/rack/releases/tag/1.3.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.7/manifests"},{"name":"1.2.6","sha":"14c61738615efab12804b693891088aa72b10616","kind":"tag","published_at":"2013-01-07T02:38:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.6","html_url":"https://github.com/rack/rack/releases/tag/1.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.6/manifests"},{"name":"1.1.4","sha":"87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4","kind":"tag","published_at":"2013-01-07T02:21:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.4","html_url":"https://github.com/rack/rack/releases/tag/1.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.4/manifests"},{"name":"test","sha":"87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4","kind":"tag","published_at":"2013-01-07T02:13:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/test","html_url":"https://github.com/rack/rack/releases/tag/test","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@test","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/test","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/test/manifests"},{"name":"1.4.1","sha":"7d3c3fda71b2e5ad1f7d36c3c65b8413a2f3075b","kind":"tag","published_at":"2012-01-23T06:51:24.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.1","html_url":"https://github.com/rack/rack/releases/tag/1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.1/manifests"},{"name":"1.4.0","sha":"e932c585dd1c97e504697c41ce9a4d638275ae02","kind":"tag","published_at":"2011-12-28T02:56:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.0","html_url":"https://github.com/rack/rack/releases/tag/1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.0/manifests"},{"name":"1.3.6","sha":"341426fe1f1635f627fe6e18a09d09158351cb4a","kind":"tag","published_at":"2011-12-28T02:52:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.6","html_url":"https://github.com/rack/rack/releases/tag/1.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.6/manifests"},{"name":"1.2.5","sha":"e646792deb634132ceb9cd046df6b1b257ced099","kind":"tag","published_at":"2011-12-28T02:48:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.5","html_url":"https://github.com/rack/rack/releases/tag/1.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.5/manifests"},{"name":"1.1.3","sha":"44cbb9a570f0b31ad6b0d6ee6e0e405843b65385","kind":"tag","published_at":"2011-12-28T02:36:14.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.3","html_url":"https://github.com/rack/rack/releases/tag/1.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.3/manifests"},{"name":"1.3.5","sha":"d4f1d3583ea6938310b9215a60a1749ec4c88374","kind":"tag","published_at":"2011-10-18T05:33:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.5","html_url":"https://github.com/rack/rack/releases/tag/1.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.5/manifests"},{"name":"1.3.4","sha":"af62b15bb6649c392506f08721d177ffcd154ecc","kind":"tag","published_at":"2011-10-01T20:48:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.4","html_url":"https://github.com/rack/rack/releases/tag/1.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.4/manifests"},{"name":"1.3.3","sha":"698ec56418945e541d68af2cc81f56f35979859c","kind":"tag","published_at":"2011-09-17T00:03:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.3","html_url":"https://github.com/rack/rack/releases/tag/1.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.3/manifests"},{"name":"1.2.4","sha":"fccbe7ce4bb9409fdbb16e2e56828d9096695266","kind":"tag","published_at":"2011-09-17T00:02:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.4","html_url":"https://github.com/rack/rack/releases/tag/1.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.4/manifests"},{"name":"1.3.2","sha":"e804f5c5ae76626d6905010c8cad65e8847f220b","kind":"commit","published_at":"2011-07-16T21:45:19.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.2","html_url":"https://github.com/rack/rack/releases/tag/1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.2/manifests"},{"name":"1.3.1","sha":"f1d5fc34c54aeb9c936d5cb4951f6e47a496d735","kind":"commit","published_at":"2011-07-13T23:13:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.1","html_url":"https://github.com/rack/rack/releases/tag/1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.1/manifests"},{"name":"1.2.3","sha":"d2bc128f588942a5c2a724d815f180a05274d17e","kind":"tag","published_at":"2011-05-23T07:42:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.3","html_url":"https://github.com/rack/rack/releases/tag/1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.3/manifests"},{"name":"1.3.0","sha":"a50dda57c1426b6b38ed06fa08cab154285c8057","kind":"tag","published_at":"2011-05-23T06:07:38.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0","html_url":"https://github.com/rack/rack/releases/tag/1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0/manifests"},{"name":"1.3.0.beta2","sha":"1e99b9bcc7e9519d32e028fb1f24d6ef3b34b597","kind":"commit","published_at":"2011-05-19T17:10:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0.beta2","html_url":"https://github.com/rack/rack/releases/tag/1.3.0.beta2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.0.beta2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta2/manifests"},{"name":"1.3.0.beta","sha":"18040b59dad3f2efe96d5b70b2260764fcda4784","kind":"commit","published_at":"2011-05-03T10:38:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0.beta","html_url":"https://github.com/rack/rack/releases/tag/1.3.0.beta","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.0.beta","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta/manifests"},{"name":"1.1.2","sha":"470fdfd7f4f7c2f06a011423046cdca6983f71d7","kind":"tag","published_at":"2011-03-13T14:02:17.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.2","html_url":"https://github.com/rack/rack/releases/tag/1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.2/manifests"},{"name":"1.2.2","sha":"e226cc65aa493cf9826034002dae864306d52724","kind":"tag","published_at":"2011-03-13T13:34:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.2","html_url":"https://github.com/rack/rack/releases/tag/1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.2/manifests"},{"name":"1.2.1","sha":"dc6b54edca2b69a5653eed98c14a8d4d71b3f45c","kind":"tag","published_at":"2010-06-15T09:53:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.1","html_url":"https://github.com/rack/rack/releases/tag/1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.1/manifests"},{"name":"1.2","sha":"2ed515786322059f568c8a9df77a6e4b70f09225","kind":"tag","published_at":"2010-06-13T17:55:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2","html_url":"https://github.com/rack/rack/releases/tag/1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2/manifests"},{"name":"1.1","sha":"e6ebd831978adc3172ad487be18affab940f3d4d","kind":"tag","published_at":"2010-01-03T23:28:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1","html_url":"https://github.com/rack/rack/releases/tag/1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1/manifests"},{"name":"1.0.1","sha":"d0a2084e64f394068a80ea073e1910d7c3ffa44b","kind":"tag","published_at":"2009-10-18T19:45:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.0.1","html_url":"https://github.com/rack/rack/releases/tag/1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0.1/manifests"},{"name":"1.0","sha":"d221938a6401d956ac6cfdc892f9b1c11b1fa31a","kind":"tag","published_at":"2009-04-25T13:22:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.0","html_url":"https://github.com/rack/rack/releases/tag/1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0/manifests"},{"name":"0.9.1","sha":"488d67988ddfb7e13ad2f58272ee04809612cafe","kind":"tag","published_at":"2009-01-09T16:37:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.9.1","html_url":"https://github.com/rack/rack/releases/tag/0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9.1/manifests"},{"name":"0.9","sha":"a7229fd1bf2d4c5f77887a0d4925534163e842ec","kind":"tag","published_at":"2009-01-06T12:00:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.9","html_url":"https://github.com/rack/rack/releases/tag/0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9/manifests"},{"name":"0.4","sha":"e33cc65a013952935c6bb70e24f359023c075e84","kind":"tag","published_at":"2008-08-21T10:27:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.4","html_url":"https://github.com/rack/rack/releases/tag/0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.4/manifests"},{"name":"0.3","sha":"dcb6081279c0728e13658773d38c842c4de785aa","kind":"tag","published_at":"2008-02-26T12:29:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.3","html_url":"https://github.com/rack/rack/releases/tag/0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.3/manifests"},{"name":"0.2","sha":"046be71448cb048a295a5221c8636d57b3c148f3","kind":"commit","published_at":"2007-05-16T15:01:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.2","html_url":"https://github.com/rack/rack/releases/tag/0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.2/manifests"},{"name":"0.1","sha":"bee7489d36600eb87a9da0a1bb899088feea78c9","kind":"commit","published_at":"2007-03-03T12:40:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.1","html_url":"https://github.com/rack/rack/releases/tag/0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.1/manifests"}]},"repo_metadata_updated_at":"2026-02-28T19:00:13.286Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":10.801592556016239,"dependent_packages_count":9.575730298247606,"stargazers_count":0.9769692208096749,"forks_count":0.5782246798719688,"docker_downloads_count":null,"average":5.483129188736372},"purl":"pkg:golang/github.com/rack/rack","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/rack/rack","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/rack/rack","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/rack/rack/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2026-02-27T11:01:11.220Z","issues_count":146,"pull_requests_count":426,"avg_time_to_close_issue":10290863.112068966,"avg_time_to_close_pull_request":2702378.511749347,"issues_closed_count":116,"pull_requests_closed_count":383,"pull_request_authors_count":100,"issue_authors_count":108,"avg_comments_per_issue":5.335616438356165,"avg_comments_per_pull_request":2.847417840375587,"merged_pull_requests_count":323,"bot_issues_count":0,"bot_pull_requests_count":5,"past_year_issues_count":43,"past_year_pull_requests_count":94,"past_year_avg_time_to_close_issue":1151494.8695652173,"past_year_avg_time_to_close_pull_request":415735.38028169016,"past_year_issues_closed_count":23,"past_year_pull_requests_closed_count":71,"past_year_pull_request_authors_count":31,"past_year_issue_authors_count":29,"past_year_avg_comments_per_issue":2.3488372093023258,"past_year_avg_comments_per_pull_request":2.3936170212765955,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":1,"past_year_merged_pull_requests_count":63,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/issues","maintainers":[{"login":"ioquatix","count":152,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ioquatix"},{"login":"tenderlove","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tenderlove"},{"login":"jhawthorn","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhawthorn"},{"login":"raggi","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/raggi"}],"active_maintainers":[{"login":"ioquatix","count":32,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ioquatix"},{"login":"jhawthorn","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhawthorn"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Frack%2Frack/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Frack%2Frack/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Frack%2Frack/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Frack%2Frack/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Frack%2Frack/codemeta","maintainers":[],"registry":{"name":"proxy.golang.org","url":"https://proxy.golang.org","ecosystem":"go","default":true,"packages_count":2119755,"maintainers_count":0,"namespaces_count":782439,"keywords_count":112823,"github":"golang","metadata":{"funded_packages_count":53495},"icon_url":"https://github.com/golang.png","created_at":"2022-04-04T15:19:22.939Z","updated_at":"2026-04-19T05:14:45.920Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/namespaces"}},{"id":13950218,"name":"ruby-rack","ecosystem":"guix","description":"Unified web application interface for Ruby","homepage":"https://github.com/rack/rack","licenses":null,"normalized_licenses":[],"repository_url":"https://github.com/rack/rack","keywords_array":[],"namespace":null,"versions_count":4,"first_release_published_at":"2026-03-02T18:52:57.376Z","latest_release_published_at":"2026-04-02T23:20:16.196Z","latest_release_number":"3.2.5","last_synced_at":"2026-04-27T16:17:30.626Z","created_at":"2026-03-02T18:52:57.197Z","updated_at":"2026-04-27T16:17:31.962Z","registry_url":"https://packages.guix.gnu.org/packages/ruby-rack/2.2.7/","install_command":"guix install ruby-rack","documentation_url":"https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/ruby-xyz.scm#n8284","metadata":{"location":"gnu/packages/ruby-xyz.scm:8284","variable_name":"ruby-rack-next"},"repo_metadata":{},"repo_metadata_updated_at":"2026-04-27T16:17:31.929Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":100},"purl":"pkg:guix/ruby-rack","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/guix/ruby-rack","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/guix/ruby-rack","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/guix/ruby-rack/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/ruby-rack/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/ruby-rack/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/ruby-rack/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/ruby-rack/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages/ruby-rack/codemeta","maintainers":[],"registry":{"name":"guix","url":"https://guix.gnu.org","ecosystem":"guix","default":true,"packages_count":31189,"maintainers_count":0,"namespaces_count":0,"keywords_count":0,"github":"guix-mirror","metadata":{"funded_packages_count":286},"icon_url":"https://github.com/guix-mirror.png","created_at":"2026-03-02T16:23:46.981Z","updated_at":"2026-04-03T06:23:21.396Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/guix/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/guix/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/guix/namespaces"}},{"id":12235310,"name":"rack","ecosystem":"rubygems","description":"Rack provides a minimal, modular and adaptable interface for developing\nweb applications in Ruby. By wrapping HTTP requests and responses in\nthe simplest way possible, it unifies and distills the API for web\nservers, web frameworks, and software in between (the so-called\nmiddleware) into a single method call.\n","homepage":"https://github.com/rack/rack","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/rack/rack","keywords_array":[],"namespace":null,"versions_count":178,"first_release_published_at":"2009-07-25T18:02:13.000Z","latest_release_published_at":"2026-04-01T06:36:49.542Z","latest_release_number":"3.2.6","last_synced_at":"2026-04-30T16:31:17.404Z","created_at":"2025-10-07T03:06:32.200Z","updated_at":"2026-04-30T16:34:46.580Z","registry_url":"https://gem.coop/gems/rack","install_command":"gem install rack -s https://gem.coop","documentation_url":"http://www.rubydoc.info/gems/rack/","metadata":{"funding":null},"repo_metadata":{"id":471102,"uuid":"96071","full_name":"rack/rack","owner":"rack","description":"A modular Ruby web server interface.","archived":false,"fork":false,"pushed_at":"2026-04-23T18:00:47.000Z","size":10731,"stargazers_count":5104,"open_issues_count":22,"forks_count":1671,"subscribers_count":152,"default_branch":"main","last_synced_at":"2026-04-24T17:21:59.391Z","etag":null,"topics":["rack","ruby","web"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2008-12-24T03:03:12.000Z","updated_at":"2026-04-24T11:15:31.000Z","dependencies_parsed_at":"2023-07-05T14:56:26.099Z","dependency_job_id":"6440b9dc-988a-4040-ae84-aebeb15e21c8","html_url":"https://github.com/rack/rack","commit_stats":{"total_commits":2694,"total_committers":544,"mean_commits":4.952205882352941,"dds":0.902746844840386,"last_synced_commit":"49d4ed033f9c6d0bdba7b2a181437589049dbf7f"},"previous_names":[],"tags_count":175,"template":false,"template_full_name":null,"purl":"pkg:github/rack/rack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","download_url":"https://codeload.github.com/rack/rack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/sbom","scorecard":{"id":748637,"data":{"date":"2025-08-11","repo":{"name":"github.com/rack/rack","commit":"ee7ac5a1db5bc5c65e4b83342b8f4df88ef3c075"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.6,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/depsreview.yaml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/documentation.yaml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/test-external.yaml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yaml:6","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":10,"reason":"27 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 15/29 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depsreview.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/depsreview.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depsreview.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/depsreview.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/documentation.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-external.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test-external.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-external.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test-external.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test.yaml/main?enable=pin","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: MIT-LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 504 Gateway Timeout body: \"{\\\"message\\\": \\\"We couldn't respond to your request in time. Sorry about that. Please try resubmitting your request and contact us if the problem persists.\\\"}\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T19:37:06.182Z","repository_id":471102,"created_at":"2025-08-22T19:37:06.182Z","updated_at":"2025-08-22T19:37:06.182Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32243803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T13:21:15.438Z","status":"ssl_error","status_checked_at":"2026-04-24T13:21:15.005Z","response_time":64,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"rack","name":"Official Rack repositories","uuid":"42379","kind":"organization","description":null,"email":null,"website":"http://rack.github.com","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/42379?v=4","repositories_count":10,"last_synced_at":"2024-03-25T19:32:49.958Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/rack","funding_links":[],"total_stars":12549,"followers":47,"following":0,"created_at":"2022-11-02T16:17:24.220Z","updated_at":"2024-03-25T19:32:56.784Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack/repositories"},"tags":[{"name":"v3.2.6","sha":"e1f22fdbe99afd2126b6fbf05bb12399359574b7","kind":"tag","published_at":"2026-04-01T06:36:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.6","html_url":"https://github.com/rack/rack/releases/tag/v3.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.6/manifests"},{"name":"v3.1.21","sha":"ae8431120e66e92d1885ab8ec0a553d9cad5ec13","kind":"tag","published_at":"2026-04-01T06:35:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.21","html_url":"https://github.com/rack/rack/releases/tag/v3.1.21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.21/manifests"},{"name":"v2.2.23","sha":"f2af0c8f869193fa7bb7d20b619b3003418e1055","kind":"tag","published_at":"2026-04-01T06:34:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.23","html_url":"https://github.com/rack/rack/releases/tag/v2.2.23","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.23","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.23","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.23/manifests"},{"name":"v3.2.5","sha":"bb5f3555bd12b9065112353e829298b3b5623ceb","kind":"tag","published_at":"2026-02-16T03:41:47.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.5","html_url":"https://github.com/rack/rack/releases/tag/v3.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.5/manifests"},{"name":"v3.1.20","sha":"65044344e4780d80b409f9ba27df41b6307b5ff5","kind":"tag","published_at":"2026-02-16T03:40:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.20","html_url":"https://github.com/rack/rack/releases/tag/v3.1.20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.20/manifests"},{"name":"v2.2.22","sha":"0cc2e00b22dffc33955ef912569f01e515a406e1","kind":"tag","published_at":"2026-02-16T03:37:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.22","html_url":"https://github.com/rack/rack/releases/tag/v2.2.22","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.22","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.22","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.22/manifests"},{"name":"v3.2.4","sha":"4c24539777db8833d78f881680cd245878cfba31","kind":"tag","published_at":"2025-11-02T12:41:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.4","html_url":"https://github.com/rack/rack/releases/tag/v3.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.4/manifests"},{"name":"v3.1.19","sha":"b29df3156208326916cf60482eaec42574b65ff0","kind":"tag","published_at":"2025-11-02T12:28:58.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.19","html_url":"https://github.com/rack/rack/releases/tag/v3.1.19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.19/manifests"},{"name":"v2.2.21","sha":"851dc02672eca361a48e5a097818aa3cec1d3206","kind":"tag","published_at":"2025-11-02T12:18:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.21","html_url":"https://github.com/rack/rack/releases/tag/v2.2.21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.21/manifests"},{"name":"v3.2.3","sha":"32bf8887d00bd86494f0ce08c46cda59a65d332f","kind":"tag","published_at":"2025-10-10T00:40:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.3","html_url":"https://github.com/rack/rack/releases/tag/v3.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.3/manifests"},{"name":"v3.1.18","sha":"96cf07879a084e4488d705ed093395e86bb554f5","kind":"tag","published_at":"2025-10-10T00:39:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.18","html_url":"https://github.com/rack/rack/releases/tag/v3.1.18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.18/manifests"},{"name":"v2.2.20","sha":"6ef591522bb44f80654ad1a80654ba46cafdc7c1","kind":"tag","published_at":"2025-10-10T00:36:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.20","html_url":"https://github.com/rack/rack/releases/tag/v2.2.20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.20/manifests"},{"name":"v3.2.2","sha":"bce149b11154e851c437b5ece1c026c943f4b571","kind":"tag","published_at":"2025-10-07T01:55:07.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.2","html_url":"https://github.com/rack/rack/releases/tag/v3.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.2/manifests"},{"name":"v3.1.17","sha":"8d141b301dd1eeda363d87d61499fe21dd90f4a5","kind":"tag","published_at":"2025-10-07T01:52:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.17","html_url":"https://github.com/rack/rack/releases/tag/v3.1.17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.17/manifests"},{"name":"v2.2.19","sha":"4c4ea296fdfd115377912aa7dbcb55b83bf2888e","kind":"tag","published_at":"2025-10-07T01:50:11.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.19","html_url":"https://github.com/rack/rack/releases/tag/v2.2.19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.19/manifests"},{"name":"v2.2.18","sha":"0f76d43c0d5624bd0d325df4f0a63f5e1faa7254","kind":"tag","published_at":"2025-09-25T09:01:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.18","html_url":"https://github.com/rack/rack/releases/tag/v2.2.18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.18/manifests"},{"name":"v3.2.1","sha":"14c8731436785d7e79a4db0f3304769a26083182","kind":"tag","published_at":"2025-09-02T02:53:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.1","html_url":"https://github.com/rack/rack/releases/tag/v3.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.1/manifests"},{"name":"v3.2.0","sha":"b68251c03788ff39d4a4b25424df7360426e4afd","kind":"tag","published_at":"2025-07-30T22:28:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.0","html_url":"https://github.com/rack/rack/releases/tag/v3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.0/manifests"},{"name":"v3.1.16","sha":"df2f3f2804373acafc429ed9f0770847a9c6b226","kind":"tag","published_at":"2025-06-04T22:28:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.16","html_url":"https://github.com/rack/rack/releases/tag/v3.1.16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.16/manifests"},{"name":"v2.2.17","sha":"9163ac3f5fac795179f9935e2ba6533a0ca1cf82","kind":"tag","published_at":"2025-06-03T01:57:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.17","html_url":"https://github.com/rack/rack/releases/tag/v2.2.17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.17/manifests"},{"name":"v3.0.18","sha":"e95f187b11c5f342d2de00a38ce10bc7ad435409","kind":"tag","published_at":"2025-05-22T06:06:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.18","html_url":"https://github.com/rack/rack/releases/tag/v3.0.18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.18/manifests"},{"name":"v2.2.16","sha":"2a32ecaaa8460a9af9963ee46ba04afbd1b47220","kind":"tag","published_at":"2025-05-22T05:33:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.16","html_url":"https://github.com/rack/rack/releases/tag/v2.2.16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.16/manifests"},{"name":"v3.1.15","sha":"835e15bf9e51846471e3da63ce474f6836ebd203","kind":"tag","published_at":"2025-05-18T02:39:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.15","html_url":"https://github.com/rack/rack/releases/tag/v3.1.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.15/manifests"},{"name":"v3.0.17","sha":"29094bd481b7849b1dd44423ac9ff22b225f52bf","kind":"tag","published_at":"2025-05-18T02:38:35.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.17","html_url":"https://github.com/rack/rack/releases/tag/v3.0.17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.17/manifests"},{"name":"v2.2.15","sha":"d2b6af2062a4687f928491f801984b948a63ecbb","kind":"tag","published_at":"2025-05-18T02:37:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.15","html_url":"https://github.com/rack/rack/releases/tag/v2.2.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.15/manifests"},{"name":"v3.1.14","sha":"5440b2c8b006f1c2ef202c2bd60dd70924c9b1c1","kind":"tag","published_at":"2025-05-06T21:35:14.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.14","html_url":"https://github.com/rack/rack/releases/tag/v3.1.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.14/manifests"},{"name":"v3.0.16","sha":"5a1591960cbe28ed87e7fe5e00cbb7d6524f593b","kind":"tag","published_at":"2025-05-06T21:34:09.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.16","html_url":"https://github.com/rack/rack/releases/tag/v3.0.16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.16/manifests"},{"name":"v2.2.14","sha":"d0dcf75706d72d7e874ee31934a97881c1a439ce","kind":"tag","published_at":"2025-05-06T21:33:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.14","html_url":"https://github.com/rack/rack/releases/tag/v2.2.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.14/manifests"},{"name":"v3.1.13","sha":"037953789da9cd49c4a3453ade6ede13619276e0","kind":"tag","published_at":"2025-04-13T12:27:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.13","html_url":"https://github.com/rack/rack/releases/tag/v3.1.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.13/manifests"},{"name":"v3.0.15","sha":"9413a87c2a88203ad06955aea29ede2d1f39526a","kind":"tag","published_at":"2025-04-13T12:19:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.15","html_url":"https://github.com/rack/rack/releases/tag/v3.0.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.15/manifests"},{"name":"v3.1.12","sha":"e8f47608668d507e0f231a932fa37c9ca551c0a5","kind":"tag","published_at":"2025-03-10T21:22:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.12","html_url":"https://github.com/rack/rack/releases/tag/v3.1.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.12/manifests"},{"name":"v3.0.14","sha":"340cd1f11f9d6c16c0c50bba2be0062aa661baf0","kind":"tag","published_at":"2025-03-10T21:20:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.14","html_url":"https://github.com/rack/rack/releases/tag/v3.0.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.14/manifests"},{"name":"v2.2.13","sha":"df6c47357f6c6bec2d585f45f417285d813d9b3a","kind":"tag","published_at":"2025-03-10T21:18:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.13","html_url":"https://github.com/rack/rack/releases/tag/v2.2.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.13/manifests"},{"name":"v2.2.12","sha":"78296637d7b35dcd357a64e8c76bd7f664c1cdbf","kind":"tag","published_at":"2025-03-04T05:45:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.12","html_url":"https://github.com/rack/rack/releases/tag/v2.2.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.12/manifests"},{"name":"v3.0.13","sha":"ef96f4aa2f6f670233eca3e9bc780809914dd93b","kind":"tag","published_at":"2025-03-04T05:37:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.13","html_url":"https://github.com/rack/rack/releases/tag/v3.0.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.13/manifests"},{"name":"v3.1.11","sha":"c827c3324827f3aefe73f0800d1a717c0c15537b","kind":"tag","published_at":"2025-03-04T05:36:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.11","html_url":"https://github.com/rack/rack/releases/tag/v3.1.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.11/manifests"},{"name":"v2.2.11","sha":"aa5a0f532aac7a57e4bc7e857eca1c38229f7b30","kind":"tag","published_at":"2025-02-12T03:54:10.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.11","html_url":"https://github.com/rack/rack/releases/tag/v2.2.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.11/manifests"},{"name":"v3.0.12","sha":"545951332eb66efb8e61ed51cb16c95443d85dc6","kind":"tag","published_at":"2025-02-12T03:32:58.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.12","html_url":"https://github.com/rack/rack/releases/tag/v3.0.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.12/manifests"},{"name":"v3.1.10","sha":"03494889c72513eee24a3fc715eb34869a7d4c88","kind":"tag","published_at":"2025-02-12T03:29:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.10","html_url":"https://github.com/rack/rack/releases/tag/v3.1.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.10/manifests"},{"name":"v3.1.9","sha":"e217a399eb116362710aac7c5b8dc691ea2189b3","kind":"tag","published_at":"2025-01-30T22:38:55.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.9","html_url":"https://github.com/rack/rack/releases/tag/v3.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.9/manifests"},{"name":"v3.1.8","sha":"0eabeb73b3fb590e187dacfd9a890fbb7ffb9477","kind":"tag","published_at":"2024-10-14T01:51:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.8","html_url":"https://github.com/rack/rack/releases/tag/v3.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.8/manifests"},{"name":"v2.2.10","sha":"14c9dec60bb4a1c5b848d829d5a0a6572b63293b","kind":"tag","published_at":"2024-10-14T01:47:19.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.10","html_url":"https://github.com/rack/rack/releases/tag/v2.2.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.10/manifests"},{"name":"v3.1.7","sha":"4bb2f723fa103de1351acd6a53d1889fd5578848","kind":"tag","published_at":"2024-07-11T01:45:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.7","html_url":"https://github.com/rack/rack/releases/tag/v3.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.7/manifests"},{"name":"v3.1.6","sha":"98aa9474180a09d722e7e1d8e75eb683be787b3c","kind":"tag","published_at":"2024-07-02T15:30:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.6","html_url":"https://github.com/rack/rack/releases/tag/v3.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.6/manifests"},{"name":"v3.1.5","sha":"3620bb1d140da996a95d941c64eda5dd7b54ed47","kind":"tag","published_at":"2024-07-02T06:41:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.5","html_url":"https://github.com/rack/rack/releases/tag/v3.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.5/manifests"},{"name":"v3.1.4","sha":"c108f08f23e9df8b2f741390a847cddb038e5f9a","kind":"tag","published_at":"2024-06-22T10:00:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.4","html_url":"https://github.com/rack/rack/releases/tag/v3.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.4/manifests"},{"name":"v3.1.3","sha":"e2020c155201e48dfcd87cd1d9cfa1b439fb66be","kind":"tag","published_at":"2024-06-12T07:24:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.3","html_url":"https://github.com/rack/rack/releases/tag/v3.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.3/manifests"},{"name":"v3.1.2","sha":"d43ab86513818c04dc27e89c6e426c12dfb05835","kind":"commit","published_at":"2024-06-11T20:38:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.2","html_url":"https://github.com/rack/rack/releases/tag/v3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.2/manifests"},{"name":"v3.1.1","sha":"899a415498c591ece9dc28bcb78cd9e2b3ab776d","kind":"tag","published_at":"2024-06-11T20:02:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.1","html_url":"https://github.com/rack/rack/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"606365ba1353cbffdf94422c20166dc2e6d6286d","kind":"tag","published_at":"2024-06-11T05:49:54.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.0","html_url":"https://github.com/rack/rack/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.0/manifests"},{"name":"v2.2.9","sha":"b1deebdc0a4f61cc141cece5a911917ff1e4b901","kind":"tag","published_at":"2024-03-21T01:18:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.9","html_url":"https://github.com/rack/rack/releases/tag/v2.2.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.9/manifests"},{"name":"v3.0.10","sha":"d3c545e69d58e588622bcf9b1ab9f971b8a02112","kind":"tag","published_at":"2024-03-20T21:56:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.10","html_url":"https://github.com/rack/rack/releases/tag/v3.0.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.10/manifests"},{"name":"v3.0.9.1","sha":"a4bc5e0f41c750135969ceece8772ab112dc8f17","kind":"tag","published_at":"2024-02-21T19:23:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.9.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9.1/manifests"},{"name":"v2.2.8.1","sha":"e83001100ad9dd24e1744b13669dcb2736a13ebd","kind":"tag","published_at":"2024-02-21T19:22:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.8.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.8.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8.1/manifests"},{"name":"v2.1.4.4","sha":"c465c6389cc56ffdfa30718e490f31bcc2efbfc9","kind":"tag","published_at":"2024-02-21T19:21:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.4","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.1.4.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.4/manifests"},{"name":"v2.0.9.4","sha":"8eb8bc6c7c4d3dd912d169c850fe2695d1728555","kind":"tag","published_at":"2024-02-21T19:20:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.4","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.0.9.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.4/manifests"},{"name":"v3.0.9","sha":"0b3f997e7bb14c1dc42130e1eb50e62797d8c039","kind":"tag","published_at":"2024-01-31T07:51:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.9","html_url":"https://github.com/rack/rack/releases/tag/v3.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9/manifests"},{"name":"v2.2.8","sha":"f169ff75b0a0b84c031960ffc5fcd0414eb64a2e","kind":"tag","published_at":"2023-07-31T02:43:28.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.8","html_url":"https://github.com/rack/rack/releases/tag/v2.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8/manifests"},{"name":"v3.0.8","sha":"d28c464bcb55a9e26b9a9656e4ba484d327515ed","kind":"tag","published_at":"2023-06-14T02:01:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.8","html_url":"https://github.com/rack/rack/releases/tag/v3.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.8/manifests"},{"name":"v2.2.7","sha":"983b6e3b29a2048a86518c008fc46f4c86105683","kind":"tag","published_at":"2023-04-24T23:22:06.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.7","html_url":"https://github.com/rack/rack/releases/tag/v2.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.7/manifests"},{"name":"v3.0.7","sha":"2429b7ba38e402fc2e29405cab69395134020aed","kind":"tag","published_at":"2023-03-16T02:22:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.7","html_url":"https://github.com/rack/rack/releases/tag/v3.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.7/manifests"},{"name":"v2.2.6.4","sha":"27addc7f1ae290b6b84c1c351e5b6d75a05bb40b","kind":"tag","published_at":"2023-03-13T18:08:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.4","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.4/manifests"},{"name":"v3.0.6.1","sha":"098d8e12c1553411ee198d7890c1fd9f1e8cf979","kind":"tag","published_at":"2023-03-13T18:07:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.6.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6.1/manifests"},{"name":"v3.0.6","sha":"e9e9ae663d83f142d7666aee49622287828fa06f","kind":"tag","published_at":"2023-03-13T05:59:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.6","html_url":"https://github.com/rack/rack/releases/tag/v3.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6/manifests"},{"name":"v3.0.5","sha":"9f8ba5e1fdf860338af7a65519278b32de00f516","kind":"tag","published_at":"2023-03-12T06:27:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.5","html_url":"https://github.com/rack/rack/releases/tag/v3.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.5/manifests"},{"name":"v3.0.4.2","sha":"5c18f306ef0d26917d490aa1f686dd68de738384","kind":"tag","published_at":"2023-03-02T22:56:37.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4.2","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.2/manifests"},{"name":"v2.2.6.3","sha":"d6b5b2bab88f458fb048133604faebea952d8133","kind":"tag","published_at":"2023-03-02T22:56:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.3","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.3/manifests"},{"name":"v2.1.4.3","sha":"7bdc55dd21ec76811ad74c1ae14c1588d2f2ca49","kind":"tag","published_at":"2023-03-02T22:55:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.3","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.1.4.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.3/manifests"},{"name":"v2.0.9.3","sha":"9996d403584fb7609708f582f7647868b4444949","kind":"tag","published_at":"2023-03-02T22:54:34.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.3","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.0.9.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.3/manifests"},{"name":"v3.0.4.1","sha":"d1b4c2d82ac5444228d30e66f38156f7046b4296","kind":"tag","published_at":"2023-01-17T21:27:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.1/manifests"},{"name":"v2.1.4.2","sha":"8b8efd9591876cb6d40b3120388a8b9a0e083777","kind":"tag","published_at":"2023-01-17T21:26:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.2","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.1.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.2/manifests"},{"name":"v2.0.9.2","sha":"d573159067d8dc64db97beff67621654754e86f2","kind":"tag","published_at":"2023-01-17T21:26:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.2","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.0.9.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.2/manifests"},{"name":"v2.2.6.2","sha":"2606ac5d5d180c00a8cbcaa4d634276bab06500e","kind":"tag","published_at":"2023-01-17T21:22:10.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.2","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.2/manifests"},{"name":"v2.2.6.1","sha":"20bc90c2431d7fabcd1873410543cf3d72f65004","kind":"tag","published_at":"2023-01-17T21:21:54.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.1/manifests"},{"name":"v3.0.4","sha":"9a2f06e7c20ca89b9e12b305bbd21901bd106d1e","kind":"tag","published_at":"2023-01-16T22:40:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4/manifests"},{"name":"v2.2.6","sha":"ea39e49442e0008bfce4ad628ce52a4be2a20b5b","kind":"tag","published_at":"2023-01-16T21:04:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6/manifests"},{"name":"v3.0.3","sha":"081ae02a1e3fbd925c1dc85d6c4d91d09ca29514","kind":"tag","published_at":"2022-12-26T20:20:01.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.3","html_url":"https://github.com/rack/rack/releases/tag/v3.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.3/manifests"},{"name":"v2.2.5","sha":"8312a2fd6aee0950d7b2deb548aaf600cb871d80","kind":"tag","published_at":"2022-12-26T20:19:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.5","html_url":"https://github.com/rack/rack/releases/tag/v2.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.5/manifests"},{"name":"v3.0.2","sha":"dcbda319d807baab594820da58cf7bbf44702d1b","kind":"tag","published_at":"2022-12-05T05:12:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.2","html_url":"https://github.com/rack/rack/releases/tag/v3.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.2/manifests"},{"name":"v3.0.1","sha":"87984bf621be18c028a96f416bb222c68c8ae14c","kind":"tag","published_at":"2022-11-18T20:59:17.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.1/manifests"},{"name":"3.0.0","sha":"52901caf09ebcda879512a8605059963a49df55d","kind":"tag","published_at":"2022-09-06T16:28:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0","html_url":"https://github.com/rack/rack/releases/tag/3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@3.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0/manifests"},{"name":"3.0.0.rc1","sha":"12742a0610806acb769be67fd6c27fdc6c0ee593","kind":"tag","published_at":"2022-09-04T23:51:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0.rc1","html_url":"https://github.com/rack/rack/releases/tag/3.0.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@3.0.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.rc1/manifests"},{"name":"3.0.0.beta1","sha":"572a42a705b423ce98ef4e81435d4f60fb0ae53d","kind":"tag","published_at":"2022-08-08T20:34:36.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0.beta1","html_url":"https://github.com/rack/rack/releases/tag/3.0.0.beta1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@3.0.0.beta1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.beta1/manifests"},{"name":"2.2.4","sha":"abca7d59c566320f1b60d1f5224beac9d201fa3b","kind":"tag","published_at":"2022-06-30T22:19:37.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.4","html_url":"https://github.com/rack/rack/releases/tag/2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.4/manifests"},{"name":"2.2.3.1","sha":"925a4a6599ab26b4f3455b525393fe155d443655","kind":"tag","published_at":"2022-05-27T15:30:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.3.1","html_url":"https://github.com/rack/rack/releases/tag/2.2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3.1/manifests"},{"name":"2.1.4.1","sha":"374f89aaa9ee5dc1de0802bfecce988cabfa3ead","kind":"tag","published_at":"2022-05-27T15:29:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.4.1","html_url":"https://github.com/rack/rack/releases/tag/2.1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4.1/manifests"},{"name":"2.0.9.1","sha":"f9cc7c2ae161820e36635734cff6e932d99e6aa8","kind":"tag","published_at":"2022-05-27T15:29:26.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.9.1","html_url":"https://github.com/rack/rack/releases/tag/2.0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9.1/manifests"},{"name":"2.1.4","sha":"52808700e0ade4225625c6729529e13a6b31cc2f","kind":"tag","published_at":"2020-06-15T22:23:25.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.4","html_url":"https://github.com/rack/rack/releases/tag/2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4/manifests"},{"name":"2.2.3","sha":"1741c580d71cfca8e541e96cc372305c8892ee74","kind":"tag","published_at":"2020-06-15T22:23:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.3","html_url":"https://github.com/rack/rack/releases/tag/2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3/manifests"},{"name":"2.1.3","sha":"b9b8652334e833e32b5fb8627463632867b5d6a8","kind":"tag","published_at":"2020-05-12T21:43:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.3","html_url":"https://github.com/rack/rack/releases/tag/2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.3/manifests"},{"name":"v2.2.2","sha":"a5e80f01947954af76b14c1d1fdd8e79dd8337f3","kind":"tag","published_at":"2020-02-10T22:24:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.2","html_url":"https://github.com/rack/rack/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.2/manifests"},{"name":"v2.2.1","sha":"961d9761bcb2bee17c80bba8b7bc9e285086d6c4","kind":"tag","published_at":"2020-02-09T06:19:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.1/manifests"},{"name":"2.2.0","sha":"39d501a28c1fe51284addfe6dacffafb69d49849","kind":"tag","published_at":"2020-02-08T18:25:48.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.0","html_url":"https://github.com/rack/rack/releases/tag/2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.0/manifests"},{"name":"2.0.9","sha":"85684323f8f58409e717af91e446d257d496f8b8","kind":"tag","published_at":"2020-02-08T18:21:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.9","html_url":"https://github.com/rack/rack/releases/tag/2.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9/manifests"},{"name":"1.6.13","sha":"47a1fd73fc77f094573f4215b0fc884f4ac1c03c","kind":"tag","published_at":"2020-02-08T18:19:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.13","html_url":"https://github.com/rack/rack/releases/tag/1.6.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.13/manifests"},{"name":"2.1.2","sha":"16a51d8e0b64964323c3719b8154106af5cc0feb","kind":"tag","published_at":"2020-01-27T22:42:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.2","html_url":"https://github.com/rack/rack/releases/tag/2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.2/manifests"},{"name":"2.1.1","sha":"799a520a015de5938bc01faa8e90b76589c6e7d3","kind":"tag","published_at":"2020-01-11T22:18:02.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.1","html_url":"https://github.com/rack/rack/releases/tag/2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.1/manifests"},{"name":"2.1.0","sha":"879ae7163a399a9ed36d876668f4ecae4ae8b9e4","kind":"tag","published_at":"2020-01-10T17:48:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.0","html_url":"https://github.com/rack/rack/releases/tag/2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.0/manifests"},{"name":"1.6.12","sha":"de902e48d1c971fe145002039121afb69e10af5a","kind":"tag","published_at":"2019-12-18T18:05:59.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.12","html_url":"https://github.com/rack/rack/releases/tag/1.6.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.12/manifests"},{"name":"2.0.8","sha":"e7ee459546d217f32afc83e0b168c5eb9f95d784","kind":"tag","published_at":"2019-12-18T18:05:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.8","html_url":"https://github.com/rack/rack/releases/tag/2.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.8/manifests"},{"name":"2.0.7","sha":"7fb95dbec28dc70f3cfbba0a684db0735d8ab2ca","kind":"tag","published_at":"2019-04-02T16:53:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.7","html_url":"https://github.com/rack/rack/releases/tag/2.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.7/manifests"},{"name":"1.6.11","sha":"2bef132505cb2f80c432e3f4526dfef969cd2e25","kind":"tag","published_at":"2018-11-05T19:57:47.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.11","html_url":"https://github.com/rack/rack/releases/tag/1.6.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.11/manifests"},{"name":"2.0.6","sha":"8376dd11e6526a53432ee59b7a5d092bda9fc901","kind":"tag","published_at":"2018-11-05T19:29:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.6","html_url":"https://github.com/rack/rack/releases/tag/2.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.6/manifests"},{"name":"1.6.10","sha":"fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77","kind":"commit","published_at":"2018-04-23T17:50:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.10","html_url":"https://github.com/rack/rack/releases/tag/1.6.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.10/manifests"},{"name":"2.0.5","sha":"decd97682ec4c6345fe359b6a1d3c51e5fbdce5b","kind":"commit","published_at":"2018-04-23T17:44:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.5","html_url":"https://github.com/rack/rack/releases/tag/2.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.5/manifests"},{"name":"1.6.9","sha":"617aac0fb89f25603afc2b6497fdc3333354aee5","kind":"tag","published_at":"2018-02-28T18:51:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.9","html_url":"https://github.com/rack/rack/releases/tag/1.6.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.9/manifests"},{"name":"2.0.4","sha":"0a95875745ec65e91a57460a41373ae4d3a94934","kind":"commit","published_at":"2018-01-31T18:16:21.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.4","html_url":"https://github.com/rack/rack/releases/tag/2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.4/manifests"},{"name":"1.6.8","sha":"90afdf309b4c0665f542579a21fbd1c285d05083","kind":"tag","published_at":"2017-05-16T21:28:21.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.8","html_url":"https://github.com/rack/rack/releases/tag/1.6.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.8/manifests"},{"name":"2.0.3","sha":"6a5f356cc12e5801843fbd95ecc603416c901cf3","kind":"commit","published_at":"2017-05-15T16:49:24.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.3","html_url":"https://github.com/rack/rack/releases/tag/2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.3/manifests"},{"name":"1.6.7","sha":"51e8891e4807495d972fcba9832c4fdb30d37b50","kind":"commit","published_at":"2017-05-15T16:45:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.7","html_url":"https://github.com/rack/rack/releases/tag/1.6.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.7/manifests"},{"name":"2.0.2","sha":"620766d061975a67f80fa5dc3887563c1563a64d","kind":"commit","published_at":"2017-05-08T17:03:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.2","html_url":"https://github.com/rack/rack/releases/tag/2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.2/manifests"},{"name":"1.6.6","sha":"2ed117a11a8ed0455260b10f6696d4d3919f7dc5","kind":"commit","published_at":"2017-05-08T17:02:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.6","html_url":"https://github.com/rack/rack/releases/tag/1.6.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.6/manifests"},{"name":"1.6.5","sha":"1886a60e9b96c2a4106fd89eb41dc817696c6369","kind":"commit","published_at":"2016-11-10T21:51:57.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.5","html_url":"https://github.com/rack/rack/releases/tag/1.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.5/manifests"},{"name":"2.0.1","sha":"25a549883b85fb33970b4a1530a365c0c9e51f95","kind":"tag","published_at":"2016-06-30T17:34:34.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.1","html_url":"https://github.com/rack/rack/releases/tag/2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.1/manifests"},{"name":"2.0.0","sha":"1a408687493175250408fe87c5046bf1adfa6386","kind":"tag","published_at":"2016-06-30T15:39:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0","html_url":"https://github.com/rack/rack/releases/tag/2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0/manifests"},{"name":"2.0.0.rc1","sha":"9073125f71afd615091f575d74ec468a0b1b79bf","kind":"commit","published_at":"2016-05-06T20:51:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0.rc1","html_url":"https://github.com/rack/rack/releases/tag/2.0.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.rc1/manifests"},{"name":"2.0.0.alpha","sha":"f4562619c3c669404e39d9b09924bed5a6b71c14","kind":"commit","published_at":"2015-12-17T21:28:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0.alpha","html_url":"https://github.com/rack/rack/releases/tag/2.0.0.alpha","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.0.alpha","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.alpha","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.alpha/manifests"},{"name":"1.6.4","sha":"ee18520bd9894e68a5d2b26c82835c2e67a43a8b","kind":"commit","published_at":"2015-06-18T21:51:01.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.4","html_url":"https://github.com/rack/rack/releases/tag/1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.4/manifests"},{"name":"1.4.7","sha":"f5c09684fb93dbe76d7b9d0a0411d32ba5d66d04","kind":"commit","published_at":"2015-06-18T21:11:28.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.7","html_url":"https://github.com/rack/rack/releases/tag/1.4.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.7/manifests"},{"name":"1.5.5","sha":"e7e064611e1004ec62b593ec993a06d967d6c72e","kind":"commit","published_at":"2015-06-18T18:45:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.5","html_url":"https://github.com/rack/rack/releases/tag/1.5.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.5/manifests"},{"name":"1.6.3","sha":"134d6218d0881d87ae6a522e88eafbddb6cd1bb7","kind":"commit","published_at":"2015-06-18T18:40:38.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.3","html_url":"https://github.com/rack/rack/releases/tag/1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.3/manifests"},{"name":"1.4.6","sha":"e4f4df517b73ee4e7d365891f4ac2fb6a09a026c","kind":"commit","published_at":"2015-06-16T20:46:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.6","html_url":"https://github.com/rack/rack/releases/tag/1.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.6/manifests"},{"name":"1.5.4","sha":"90e627ab60d4df281206621a34271a9867a84fc7","kind":"commit","published_at":"2015-06-16T14:56:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.4","html_url":"https://github.com/rack/rack/releases/tag/1.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.4/manifests"},{"name":"1.6.2","sha":"90d7d2a8f7ab50cb80adcc05a7fcdd1dfa60f2ad","kind":"commit","published_at":"2015-06-12T18:40:36.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.2","html_url":"https://github.com/rack/rack/releases/tag/1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.2/manifests"},{"name":"1.5.3","sha":"14e139c4a87c2e1a94dd3e305d6f485a19719855","kind":"commit","published_at":"2015-05-06T18:42:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.3","html_url":"https://github.com/rack/rack/releases/tag/1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.3/manifests"},{"name":"1.6.1","sha":"08e62f29164505e50f3b3acc09e4c67a843e0172","kind":"commit","published_at":"2015-05-06T18:36:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.1","html_url":"https://github.com/rack/rack/releases/tag/1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.1/manifests"},{"name":"1.6.0","sha":"65a7104b6b3e9ecd8f33c63a478ab9a33a103507","kind":"tag","published_at":"2014-12-18T22:44:42.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0","html_url":"https://github.com/rack/rack/releases/tag/1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0/manifests"},{"name":"1.6.0.beta2","sha":"8cb9b65b4e7c7157aba0f5421e59c70411c919cf","kind":"tag","published_at":"2014-11-27T18:51:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0.beta2","html_url":"https://github.com/rack/rack/releases/tag/1.6.0.beta2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.0.beta2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta2/manifests"},{"name":"1.6.0.beta","sha":"e4e4c397e89c026f9c23500cf7fc14ccdb756010","kind":"tag","published_at":"2014-08-18T18:28:57.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0.beta","html_url":"https://github.com/rack/rack/releases/tag/1.6.0.beta","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.0.beta","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta/manifests"},{"name":"1.5.2","sha":"ac590d055c936bb9a618e955a690dc836c625211","kind":"tag","published_at":"2013-02-08T03:13:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.2","html_url":"https://github.com/rack/rack/releases/tag/1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.2/manifests"},{"name":"1.4.5","sha":"9939d40a5e23dcb058751d1029b794aa2f551900","kind":"tag","published_at":"2013-02-08T03:12:48.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.5","html_url":"https://github.com/rack/rack/releases/tag/1.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.5/manifests"},{"name":"1.3.10","sha":"a176b537d9e083033819efbafac3271bbbde23fb","kind":"tag","published_at":"2013-02-08T03:10:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.10","html_url":"https://github.com/rack/rack/releases/tag/1.3.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.10/manifests"},{"name":"1.2.8","sha":"ba8c6c2b3a5d03675ce7efc0e2308225809a74b8","kind":"tag","published_at":"2013-02-08T03:09:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.8","html_url":"https://github.com/rack/rack/releases/tag/1.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.8/manifests"},{"name":"1.1.6","sha":"0232e227b1cf3e67fbb82b2198311fa8ca618fbd","kind":"tag","published_at":"2013-02-08T03:08:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.6","html_url":"https://github.com/rack/rack/releases/tag/1.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.6/manifests"},{"name":"1.5.1","sha":"42b11a7fb918127143ca570af9930b2e7ef7222c","kind":"tag","published_at":"2013-01-28T22:51:59.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.1","html_url":"https://github.com/rack/rack/releases/tag/1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.1/manifests"},{"name":"1.5.0","sha":"0cba6a4d5aeb1ac8768b6ca36320731487fb596b","kind":"tag","published_at":"2013-01-22T07:36:55.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.0","html_url":"https://github.com/rack/rack/releases/tag/1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.0/manifests"},{"name":"1.4.4","sha":"ffbdb982a731df7c5b166354a09a3d239f7b18c8","kind":"tag","published_at":"2013-01-13T22:07:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.4","html_url":"https://github.com/rack/rack/releases/tag/1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.4/manifests"},{"name":"1.3.9","sha":"8ded2f72dce26a4f3e45ce810b8670e455c5ae9a","kind":"tag","published_at":"2013-01-13T22:06:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.9","html_url":"https://github.com/rack/rack/releases/tag/1.3.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.9/manifests"},{"name":"1.2.7","sha":"22ef9e18198eaa4cb7c6c38df296a2fa7c5d8581","kind":"tag","published_at":"2013-01-13T22:04:42.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.7","html_url":"https://github.com/rack/rack/releases/tag/1.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.7/manifests"},{"name":"1.1.5","sha":"966df947b0e826610409c63cdbff7ee325875393","kind":"tag","published_at":"2013-01-13T22:03:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.5","html_url":"https://github.com/rack/rack/releases/tag/1.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.5/manifests"},{"name":"1.4.3","sha":"55ea327306f9eb1fdc206e8f04c3c0e234591560","kind":"tag","published_at":"2013-01-07T18:49:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.3","html_url":"https://github.com/rack/rack/releases/tag/1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.3/manifests"},{"name":"1.3.8","sha":"231d1a9d482695c8e93ed043c39473228fb4406d","kind":"tag","published_at":"2013-01-07T18:48:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.8","html_url":"https://github.com/rack/rack/releases/tag/1.3.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.8/manifests"},{"name":"1.4.2","sha":"15c0365365a1719eb70c45a2a5a92b4afb610d5a","kind":"tag","published_at":"2013-01-07T02:42:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.2","html_url":"https://github.com/rack/rack/releases/tag/1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.2/manifests"},{"name":"1.3.7","sha":"d711ed8e997884be06d3e64372c04df2402ca469","kind":"tag","published_at":"2013-01-07T02:41:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.7","html_url":"https://github.com/rack/rack/releases/tag/1.3.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.7/manifests"},{"name":"1.2.6","sha":"14c61738615efab12804b693891088aa72b10616","kind":"tag","published_at":"2013-01-07T02:38:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.6","html_url":"https://github.com/rack/rack/releases/tag/1.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.6/manifests"},{"name":"1.1.4","sha":"87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4","kind":"tag","published_at":"2013-01-07T02:21:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.4","html_url":"https://github.com/rack/rack/releases/tag/1.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.4/manifests"},{"name":"test","sha":"87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4","kind":"tag","published_at":"2013-01-07T02:13:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/test","html_url":"https://github.com/rack/rack/releases/tag/test","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@test","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/test","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/test/manifests"},{"name":"1.4.1","sha":"7d3c3fda71b2e5ad1f7d36c3c65b8413a2f3075b","kind":"tag","published_at":"2012-01-23T06:51:24.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.1","html_url":"https://github.com/rack/rack/releases/tag/1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.1/manifests"},{"name":"1.4.0","sha":"e932c585dd1c97e504697c41ce9a4d638275ae02","kind":"tag","published_at":"2011-12-28T02:56:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.0","html_url":"https://github.com/rack/rack/releases/tag/1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.0/manifests"},{"name":"1.3.6","sha":"341426fe1f1635f627fe6e18a09d09158351cb4a","kind":"tag","published_at":"2011-12-28T02:52:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.6","html_url":"https://github.com/rack/rack/releases/tag/1.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.6/manifests"},{"name":"1.2.5","sha":"e646792deb634132ceb9cd046df6b1b257ced099","kind":"tag","published_at":"2011-12-28T02:48:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.5","html_url":"https://github.com/rack/rack/releases/tag/1.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.5/manifests"},{"name":"1.1.3","sha":"44cbb9a570f0b31ad6b0d6ee6e0e405843b65385","kind":"tag","published_at":"2011-12-28T02:36:14.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.3","html_url":"https://github.com/rack/rack/releases/tag/1.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.3/manifests"},{"name":"1.3.5","sha":"d4f1d3583ea6938310b9215a60a1749ec4c88374","kind":"tag","published_at":"2011-10-18T05:33:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.5","html_url":"https://github.com/rack/rack/releases/tag/1.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.5/manifests"},{"name":"1.3.4","sha":"af62b15bb6649c392506f08721d177ffcd154ecc","kind":"tag","published_at":"2011-10-01T20:48:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.4","html_url":"https://github.com/rack/rack/releases/tag/1.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.4/manifests"},{"name":"1.3.3","sha":"698ec56418945e541d68af2cc81f56f35979859c","kind":"tag","published_at":"2011-09-17T00:03:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.3","html_url":"https://github.com/rack/rack/releases/tag/1.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.3/manifests"},{"name":"1.2.4","sha":"fccbe7ce4bb9409fdbb16e2e56828d9096695266","kind":"tag","published_at":"2011-09-17T00:02:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.4","html_url":"https://github.com/rack/rack/releases/tag/1.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.4/manifests"},{"name":"1.3.2","sha":"e804f5c5ae76626d6905010c8cad65e8847f220b","kind":"commit","published_at":"2011-07-16T21:45:19.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.2","html_url":"https://github.com/rack/rack/releases/tag/1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.2/manifests"},{"name":"1.3.1","sha":"f1d5fc34c54aeb9c936d5cb4951f6e47a496d735","kind":"commit","published_at":"2011-07-13T23:13:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.1","html_url":"https://github.com/rack/rack/releases/tag/1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.1/manifests"},{"name":"1.2.3","sha":"d2bc128f588942a5c2a724d815f180a05274d17e","kind":"tag","published_at":"2011-05-23T07:42:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.3","html_url":"https://github.com/rack/rack/releases/tag/1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.3/manifests"},{"name":"1.3.0","sha":"a50dda57c1426b6b38ed06fa08cab154285c8057","kind":"tag","published_at":"2011-05-23T06:07:38.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0","html_url":"https://github.com/rack/rack/releases/tag/1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0/manifests"},{"name":"1.3.0.beta2","sha":"1e99b9bcc7e9519d32e028fb1f24d6ef3b34b597","kind":"commit","published_at":"2011-05-19T17:10:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0.beta2","html_url":"https://github.com/rack/rack/releases/tag/1.3.0.beta2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.0.beta2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta2/manifests"},{"name":"1.3.0.beta","sha":"18040b59dad3f2efe96d5b70b2260764fcda4784","kind":"commit","published_at":"2011-05-03T10:38:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0.beta","html_url":"https://github.com/rack/rack/releases/tag/1.3.0.beta","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.0.beta","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta/manifests"},{"name":"1.1.2","sha":"470fdfd7f4f7c2f06a011423046cdca6983f71d7","kind":"tag","published_at":"2011-03-13T14:02:17.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.2","html_url":"https://github.com/rack/rack/releases/tag/1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.2/manifests"},{"name":"1.2.2","sha":"e226cc65aa493cf9826034002dae864306d52724","kind":"tag","published_at":"2011-03-13T13:34:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.2","html_url":"https://github.com/rack/rack/releases/tag/1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.2/manifests"},{"name":"1.2.1","sha":"dc6b54edca2b69a5653eed98c14a8d4d71b3f45c","kind":"tag","published_at":"2010-06-15T09:53:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.1","html_url":"https://github.com/rack/rack/releases/tag/1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.1/manifests"},{"name":"1.2","sha":"2ed515786322059f568c8a9df77a6e4b70f09225","kind":"tag","published_at":"2010-06-13T17:55:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2","html_url":"https://github.com/rack/rack/releases/tag/1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2/manifests"},{"name":"1.1","sha":"e6ebd831978adc3172ad487be18affab940f3d4d","kind":"tag","published_at":"2010-01-03T23:28:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1","html_url":"https://github.com/rack/rack/releases/tag/1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1/manifests"},{"name":"1.0.1","sha":"d0a2084e64f394068a80ea073e1910d7c3ffa44b","kind":"tag","published_at":"2009-10-18T19:45:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.0.1","html_url":"https://github.com/rack/rack/releases/tag/1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0.1/manifests"},{"name":"1.0","sha":"d221938a6401d956ac6cfdc892f9b1c11b1fa31a","kind":"tag","published_at":"2009-04-25T13:22:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.0","html_url":"https://github.com/rack/rack/releases/tag/1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0/manifests"},{"name":"0.9.1","sha":"488d67988ddfb7e13ad2f58272ee04809612cafe","kind":"tag","published_at":"2009-01-09T16:37:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.9.1","html_url":"https://github.com/rack/rack/releases/tag/0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9.1/manifests"},{"name":"0.9","sha":"a7229fd1bf2d4c5f77887a0d4925534163e842ec","kind":"tag","published_at":"2009-01-06T12:00:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.9","html_url":"https://github.com/rack/rack/releases/tag/0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9/manifests"},{"name":"0.4","sha":"e33cc65a013952935c6bb70e24f359023c075e84","kind":"tag","published_at":"2008-08-21T10:27:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.4","html_url":"https://github.com/rack/rack/releases/tag/0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.4/manifests"},{"name":"0.3","sha":"dcb6081279c0728e13658773d38c842c4de785aa","kind":"tag","published_at":"2008-02-26T12:29:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.3","html_url":"https://github.com/rack/rack/releases/tag/0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.3/manifests"},{"name":"0.2","sha":"046be71448cb048a295a5221c8636d57b3c148f3","kind":"commit","published_at":"2007-05-16T15:01:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.2","html_url":"https://github.com/rack/rack/releases/tag/0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.2/manifests"},{"name":"0.1","sha":"bee7489d36600eb87a9da0a1bb899088feea78c9","kind":"commit","published_at":"2007-03-03T12:40:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.1","html_url":"https://github.com/rack/rack/releases/tag/0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.1/manifests"}]},"repo_metadata_updated_at":"2026-04-30T16:34:46.553Z","dependent_packages_count":0,"downloads":1267561653,"downloads_period":"total","dependent_repos_count":0,"rankings":{"downloads":0.004325376442918548,"dependent_repos_count":0.0,"dependent_packages_count":0.0,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":0.001441792147639516},"purl":"pkg:gem/rack?repository_url=https://gem.coop","advisories":[{"uuid":"GSA_kwCzR0hTQS1nMnBmLXh2NDktbTJoNc4ABUpH","url":"https://github.com/advisories/GHSA-g2pf-xv49-m2h5","title":"Rack::Request accepts invalid Host characters, enabling host allowlist bypass","description":"## Summary\n\n`Rack::Request` parses the `Host` header using an `AUTHORITY` regular expression that accepts characters not permitted in RFC-compliant hostnames, including `/`, `?`, `#`, and `@`. Because `req.host` returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be bypassed.\n\nFor example, a check such as `req.host.start_with?(\"myapp.com\")` can be bypassed with `Host: myapp.com@evil.com`, and a check such as `req.host.end_with?(\"myapp.com\")` can be bypassed with `Host: evil.com/myapp.com`.\n\nThis can lead to host header poisoning in applications that use `req.host`, `req.url`, or `req.base_url` for link generation, redirects, or origin validation.\n\n## Details\n\n`Rack::Request` parses the authority component using logic equivalent to:\n\n```ruby\nAUTHORITY = /\n  \\A\n  (?\u003chost\u003e\n    \\[(?\u003caddress\u003e#{ipv6})\\]\n    |\n    (?\u003caddress\u003e[[[:graph:]\u0026\u0026[^\\[\\]]]]*?)\n  )\n  (:(?\u003cport\u003e\\d+))?\n  \\z\n/x\n```\n\nThe character class used for non-IPv6 hosts accepts nearly all printable characters except `[` and `]`. This includes reserved URI delimiters such as `@`, `/`, `?`, and `#`, which are not valid hostname characters under RFC 3986 host syntax.\n\nAs a result, values such as the following are accepted and returned through `req.host`:\n\n```text\nmyapp.com@evil.com\nevil.com/myapp.com\nevil.com#myapp.com\n```\n\nApplications that attempt to allowlist hosts using string prefix or suffix checks may therefore treat attacker-controlled hosts as trusted. For example:\n\n```ruby\nreq.host.start_with?(\"myapp.com\")\n```\n\naccepts:\n\n```text\nmyapp.com@evil.com\n```\n\nand:\n\n```ruby\nreq.host.end_with?(\"myapp.com\")\n```\n\naccepts:\n\n```text\nevil.com/myapp.com\n```\n\nWhen those values are later used to build absolute URLs or enforce origin restrictions, the application may produce attacker-controlled results.\n\n## Impact\n\nApplications that rely on `req.host`, `req.url`, or `req.base_url` may be affected if they perform naive host validation or assume Rack only returns RFC-valid hostnames.\n\nIn affected deployments, an attacker may be able to bypass host allowlists and poison generated links, redirects, or origin-dependent security decisions. This can enable attacks such as password reset link poisoning or other host header injection issues.\n\nThe practical impact depends on application behavior. If the application or reverse proxy already enforces strict host validation, exploitability may be reduced or eliminated.\n\n## Mitigation\n\n* Update to a patched version of Rack that rejects invalid authority characters in `Host`.\n* Enforce strict `Host` header validation at the reverse proxy or load balancer.\n* Do not rely on prefix or suffix string checks such as `start_with?` or `end_with?` for host allowlisting.\n* Use exact host allowlists, or exact subdomain boundary checks, after validating that the host is syntactically valid.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:36:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5","https://nvd.nist.gov/vuln/detail/CVE-2026-34835","https://github.com/advisories/GHSA-g2pf-xv49-m2h5"],"source_kind":"github","identifiers":["GHSA-g2pf-xv49-m2h5","CVE-2026-34835"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.021Z","epss_percentage":0.00064,"epss_percentile":0.20158,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nMnBmLXh2NDktbTJoNc4ABUpH","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nMnBmLXh2NDktbTJoNc4ABUpH","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nMnBmLXh2NDktbTJoNc4ABUpH/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xMnd3LTUzNTcteDM4OM4ABUpG","url":"https://github.com/advisories/GHSA-q2ww-5357-x388","title":"Rack has Content-Length mismatch in Rack::Files error responses","description":"## Summary\n\n`Rack::Files#fail` sets the `Content-Length` response header using `String#size` instead of `String#bytesize`. When the response body contains multibyte UTF-8 characters, the declared `Content-Length` is smaller than the number of bytes actually sent on the wire.\n\nBecause `Rack::Files` reflects the requested path in 404 responses, an attacker can trigger this mismatch by requesting a non-existent path containing percent-encoded UTF-8 characters.\n\nThis results in incorrect HTTP response framing and may cause response desynchronization in deployments that rely on the incorrect `Content-Length` value.\n\n## Details\n\n`Rack::Files#fail` constructs error responses using logic equivalent to:\n\n```ruby\ndef fail(status, body, headers = {})\n  body += \"\\n\"\n  [\n    status,\n    {\n      \"content-type\" =\u003e \"text/plain\",\n      \"content-length\" =\u003e body.size.to_s,\n      \"x-cascade\" =\u003e \"pass\"\n    }.merge!(headers),\n    [body]\n  ]\nend\n```\n\nHere, `body.size` returns the number of characters, not the number of bytes. For multibyte UTF-8 strings, this produces an incorrect `Content-Length` value.\n\n`Rack::Files` includes the decoded request path in 404 responses. A request containing percent-encoded UTF-8 path components therefore causes the response body to contain multibyte characters, while the `Content-Length` header still reflects character count rather than byte count.\n\nAs a result, the server can send more bytes than declared in the response headers.\n\nThis violates HTTP message framing requirements, which define `Content-Length` as the number of octets in the message body.\n\n## Impact\n\nApplications using `Rack::Files` may emit incorrectly framed error responses when handling requests for non-existent paths containing multibyte characters.\n\nIn some deployment topologies, particularly with keep-alive connections and intermediaries that rely on `Content-Length`, this mismatch may lead to response parsing inconsistencies or response desynchronization. The practical exploitability depends on the behavior of downstream proxies, clients, and connection reuse.\n\nEven where no secondary exploitation is possible, the response is malformed and may trigger protocol errors in strict components.\n\n## Mitigation\n\n* Update to a patched version of Rack that computes `Content-Length` using `String#bytesize`.\n* Avoid exposing `Rack::Files` directly to untrusted traffic until a fix is available, if operationally feasible.\n* Where possible, place Rack behind a proxy or server that normalizes or rejects malformed backend responses.\n* Prefer closing backend connections on error paths if response framing anomalies are a concern.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:36:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388","https://nvd.nist.gov/vuln/detail/CVE-2026-34831","https://github.com/advisories/GHSA-q2ww-5357-x388"],"source_kind":"github","identifiers":["GHSA-q2ww-5357-x388","CVE-2026-34831"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.021Z","epss_percentage":0.00028,"epss_percentile":0.07773,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMnd3LTUzNTcteDM4OM4ABUpG","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xMnd3LTUzNTcteDM4OM4ABUpG","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMnd3LTUzNTcteDM4OM4ABUpG/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xdjdqLTQ4ODMtaHdoN84ABUpF","url":"https://github.com/advisories/GHSA-qv7j-4883-hwh7","title":"Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect","description":"## Summary\n\n`Rack::Sendfile#map_accel_path` interpolates the value of the `X-Accel-Mapping` request header directly into a regular expression when rewriting file paths for `X-Accel-Redirect`. Because the header value is not escaped, an attacker who can supply `X-Accel-Mapping` to the backend can inject regex metacharacters and control the generated `X-Accel-Redirect` response header.\n\nIn deployments using `Rack::Sendfile` with `x-accel-redirect`, this can allow an attacker to cause nginx to serve unintended files from configured internal locations.\n\n## Details\n\n`Rack::Sendfile#map_accel_path` processes header-supplied mappings using logic equivalent to:\n\n```ruby\nmapping.split(',').map(\u0026:strip).each do |m|\n  internal, external = m.split('=', 2).map(\u0026:strip)\n  new_path = path.sub(/\\A#{internal}/i, external)\n  return new_path unless path == new_path\nend\n```\n\nHere, `internal` comes from the `HTTP_X_ACCEL_MAPPING` request header and is inserted directly into a regular expression without escaping. This gives the header value regex semantics rather than treating it as a literal prefix.\n\nAs a result, an attacker can supply metacharacters such as `.*` or capture groups to alter how the path substitution is performed. For example, a mapping such as:\n\n```http\nX-Accel-Mapping: .*=/protected/secret.txt\n```\n\ncauses the entire source path to match and rewrites the redirect target to a clean attacker-chosen internal path.\n\nThis differs from the documented behavior of the header-based mapping path, which is described as a simple substitution. While application-supplied mappings may intentionally support regular expressions, header-supplied mappings should be treated as literal path prefixes.\n\nThe issue is only exploitable when untrusted `X-Accel-Mapping` headers can reach Rack. One realistic case is a reverse proxy configuration that intends to set `X-Accel-Mapping` itself, but fails to do so on some routes, allowing a client-supplied header to pass through unchanged.\n\n## Impact\n\nApplications using `Rack::Sendfile` with `x-accel-redirect` may be affected if the backend accepts attacker-controlled `X-Accel-Mapping` headers.\n\nIn affected deployments, an attacker may be able to control the `X-Accel-Redirect` response header and cause nginx to serve files from internal locations that were not intended to be reachable through the application. This can lead to unauthorized file disclosure.\n\nThe practical impact depends on deployment architecture. If the proxy always strips or overwrites `X-Accel-Mapping`, or if the application uses explicit configured mappings instead of the request header, exploitability may be eliminated.\n\n## Mitigation\n\n* Update to a patched version of Rack that treats header-supplied `X-Accel-Mapping` values as literal strings rather than regular expressions.\n* Strip or overwrite inbound `X-Accel-Mapping` headers at the reverse proxy so client-supplied values never reach Rack.\n* Prefer explicit application-configured sendfile mappings instead of relying on request-header mappings.\n* Review proxy sub-locations and inherited header settings to ensure `X-Accel-Mapping` is consistently set on all backend routes.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:35:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7","https://nvd.nist.gov/vuln/detail/CVE-2026-34830","https://github.com/advisories/GHSA-qv7j-4883-hwh7"],"source_kind":"github","identifiers":["GHSA-qv7j-4883-hwh7","CVE-2026-34830"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.021Z","epss_percentage":0.00031,"epss_percentile":0.08806,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xdjdqLTQ4ODMtaHdoN84ABUpF","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xdjdqLTQ4ODMtaHdoN84ABUpF","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xdjdqLTQ4ODMtaHdoN84ABUpF/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04dnFyLXFqd3gtODJtd84ABUpE","url":"https://github.com/advisories/GHSA-8vqr-qjwx-82mw","title":"Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads","description":"## Summary\n\n`Rack::Multipart::Parser` only wraps the request body in a `BoundedIO` when `CONTENT_LENGTH` is present. When a `multipart/form-data` request is sent without a `Content-Length` header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size limit.\n\nFor file parts, the uploaded body is written directly to a temporary file on disk rather than being constrained by the buffered in-memory upload limit. An unauthenticated attacker can therefore stream an arbitrarily large multipart file upload and consume unbounded disk space.\n\nThis results in a denial of service condition for Rack applications that accept multipart form data.\n\n## Details\n\n`Rack::Multipart::Parser.parse` applies `BoundedIO` only when `content_length` is not `nil`:\n\n```ruby\nio = BoundedIO.new(io, content_length) if content_length\n```\n\nWhen `CONTENT_LENGTH` is absent, the parser reads the multipart body until EOF without a global byte limit.\n\nAlthough Rack enforces `BUFFERED_UPLOAD_BYTESIZE_LIMIT` for retained non-file parts, file uploads are handled differently. When a multipart part includes a filename, the body is streamed to a `Tempfile`, and the retained-size accounting is not applied to that file content. As a result, file parts are not subject to the same upload size bound.\n\nAn attacker can exploit this by sending a chunked `multipart/form-data` request containing a file part and continuously streaming data without declaring a `Content-Length`. Rack will continue writing the uploaded data to disk until the client stops or the server exhausts available storage.\n\n## Impact\n\nAny Rack application that accepts `multipart/form-data` uploads may be affected if no upstream component enforces a request body size limit.\n\nAn unauthenticated attacker can send a large chunked file upload to consume disk space on the application host. This may cause request failures, application instability, or broader service disruption if the host runs out of available storage.\n\nThe practical impact depends on deployment architecture. Reverse proxies or application servers that enforce upload limits may reduce or eliminate exploitability, but Rack itself does not impose a total multipart upload limit in this code path when `CONTENT_LENGTH` is absent.\n\n## Mitigation\n\n* Update to a patched version of Rack that enforces a total multipart upload size limit even when `CONTENT_LENGTH` is absent.\n* Enforce request body size limits at the reverse proxy or application server.\n* Isolate temporary upload storage and monitor disk consumption for multipart endpoints.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-04-02T20:34:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw","https://nvd.nist.gov/vuln/detail/CVE-2026-34829","https://github.com/advisories/GHSA-8vqr-qjwx-82mw"],"source_kind":"github","identifiers":["GHSA-8vqr-qjwx-82mw","CVE-2026-34829"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.022Z","epss_percentage":0.00041,"epss_percentile":0.12627,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04dnFyLXFqd3gtODJtd84ABUpE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04dnFyLXFqd3gtODJtd84ABUpE","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04dnFyLXFqd3gtODJtd84ABUpE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03bXFxLTZjZjktdjJxcM4ABUpD","url":"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp","title":"Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory","description":"## Summary\n\n`Rack::Directory` interpolates the configured `root` path directly into a regular expression when deriving the displayed directory path. If `root` contains regex metacharacters such as `+`, `*`, or `.`, the prefix stripping can fail and the generated directory listing may expose the full filesystem path in the HTML output.\n\n## Details\n\n`Rack::Directory::DirectoryBody#each` computes the visible path using code equivalent to:\n\n```ruby\nshow_path = Utils.escape_html(path.sub(/\\A#{root}/, ''))\n```\n\nHere, `root` is a developer-configured filesystem path. It is normalized earlier with `File.expand_path(root)` and then inserted directly into a regular expression without escaping.\n\nBecause the value is treated as regex syntax rather than as a literal string, metacharacters in the configured path can change how the prefix match behaves. When that happens, the expected root prefix is not removed from `path`, and the absolute filesystem path is rendered into the HTML directory listing.\n\n## Impact\n\nIf `Rack::Directory` is configured to serve a directory whose absolute path contains regex metacharacters, the generated directory listing may disclose the full server filesystem path instead of only the request-relative path.\n\nThis can expose internal deployment details such as directory layout, usernames, mount points, or naming conventions that would otherwise not be visible to clients.\n\n## Mitigation\n\n* Update to a patched version of Rack in which the root prefix is removed using an escaped regular expression.\n* Avoid using `Rack::Directory` with a root path that contains regular expression metacharacters.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:32:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp","https://nvd.nist.gov/vuln/detail/CVE-2026-34763","https://github.com/advisories/GHSA-7mqq-6cf9-v2qp"],"source_kind":"github","identifiers":["GHSA-7mqq-6cf9-v2qp","CVE-2026-34763"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.022Z","epss_percentage":0.00028,"epss_percentile":0.07773,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03bXFxLTZjZjktdjJxcM4ABUpD","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03bXFxLTZjZjktdjJxcM4ABUpD","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03bXFxLTZjZjktdjJxcM4ABUpD/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12NTY5LWhwM2ctMzZ3cs4ABUpC","url":"https://github.com/advisories/GHSA-v569-hp3g-36wr","title":"Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header","description":"## Summary\n\n`Rack::Utils.select_best_encoding` processes `Accept-Encoding` values with quadratic time complexity when the header contains many wildcard (`*`) entries. Because this method is used by `Rack::Deflater` to choose a response encoding, an unauthenticated attacker can send a single request with a crafted `Accept-Encoding` header and cause disproportionate CPU consumption on the compression middleware path.\n\nThis results in a denial of service condition for applications using `Rack::Deflater`.\n\n## Details\n\n`Rack::Utils.select_best_encoding` expands parsed `Accept-Encoding` values into a list of candidate encodings. When an entry is `*`, the method computes the set of concrete encodings by subtracting the encodings already present in the request:\n\n```ruby\nif m == \"*\"\n  (available_encodings - accept_encoding.map(\u0026:first)).each do |m2|\n    expanded_accept_encoding \u003c\u003c [m2, q, preference]\n  end\nelse\n  expanded_accept_encoding \u003c\u003c [m, q, preference]\nend\n```\n\nBecause `accept_encoding.map(\u0026:first)` is evaluated inside the loop, it is recomputed for each wildcard entry. If the request contains `N` wildcard entries, this produces repeated scans over the full parsed header and causes quadratic behavior.\n\nAfter expansion, the method also performs additional work over `expanded_accept_encoding`, including per-entry deletion, which further increases the cost for large inputs.\n\n`Rack::Deflater` invokes this method for each request when the middleware is enabled:\n\n```ruby\nUtils.select_best_encoding(ENCODINGS, Utils.parse_encodings(accept_encoding))\n```\n\nAs a result, a client can trigger this expensive code path simply by sending a large `Accept-Encoding` header containing many repeated wildcard values.\n\nFor example, a request with an approximately 8 KB `Accept-Encoding` header containing about 1,000 `*;q=0.5` entries can cause roughly 170 ms of CPU time in a single request on the `Rack::Deflater` path, compared to a negligible baseline for a normal header.\n\nThis issue is distinct from CVE-2024-26146. That issue concerned regular expression denial of service during `Accept` header parsing, whereas this issue arises later during encoding selection after the header has already been parsed.\n\n## Impact\n\nAny Rack application using `Rack::Deflater` may be affected.\n\nAn unauthenticated attacker can send requests with crafted `Accept-Encoding` headers to trigger excessive CPU usage in the encoding selection logic. Repeated requests can consume worker time disproportionately and reduce application availability.\n\nThe attack does not require invalid HTTP syntax or large payload bodies. A single header-sized request is sufficient to reach the vulnerable code path.\n\n## Mitigation\n\n* Update to a patched version of Rack in which encoding selection does not repeatedly rescan the parsed header for wildcard entries.\n* Avoid enabling `Rack::Deflater` on untrusted traffic.\n* Apply request filtering or header size / format restrictions at the reverse proxy or application boundary to limit abusive `Accept-Encoding` values.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:32:19.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","references":["https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr","https://nvd.nist.gov/vuln/detail/CVE-2026-34230","https://github.com/advisories/GHSA-v569-hp3g-36wr"],"source_kind":"github","identifiers":["GHSA-v569-hp3g-36wr","CVE-2026-34230"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.023Z","epss_percentage":0.00039,"epss_percentile":0.11844,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NTY5LWhwM2ctMzZ3cs4ABUpC","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12NTY5LWhwM2ctMzZ3cs4ABUpC","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NTY5LWhwM2ctMzZ3cs4ABUpC/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xZmdyLWNycjktN3I0Oc4ABUpB","url":"https://github.com/advisories/GHSA-qfgr-crr9-7r49","title":"Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing","description":"## Summary\n\n`Rack::Utils.forwarded_values` parses the RFC 7239 `Forwarded` header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons, a header such as:\n\n```http\nForwarded: for=\"127.0.0.1;host=evil.com;proto=https\"\n```\n\ncan be interpreted by Rack as multiple `Forwarded` directives rather than as a single quoted `for` value.\n\nIn deployments where an upstream proxy, WAF, or intermediary validates or preserves quoted `Forwarded` values differently, this discrepancy can allow an attacker to smuggle `host`, `proto`, `for`, or `by` parameters through a single header value.\n\n## Details\n\n`Rack::Utils.forwarded_values` processes the header using logic equivalent to:\n\n```ruby\nforwarded_header.split(';').each_with_object({}) do |field, values|\n  field.split(',').each do |pair|\n    pair = pair.split('=').map(\u0026:strip).join('=')\n    return nil unless pair =~ /\\A(by|for|host|proto)=\"?([^\"]+)\"?\\Z/i\n    (values[$1.downcase.to_sym] ||= []) \u003c\u003c $2\n  end\nend\n```\n\nThe method splits on `;` before it parses individual `name=value` pairs. This is inconsistent with RFC 7239, which permits quoted-string values, and quoted strings may contain semicolons as literal content.\n\nAs a result, a header value such as:\n\n```http\nForwarded: for=\"127.0.0.1;host=evil.com;proto=https\"\n```\n\nis not treated as a single `for` value. Instead, Rack may interpret it as if the client had supplied separate `for`, `host`, and `proto` directives.\n\nThis creates an interpretation conflict when another component in front of Rack treats the quoted value as valid literal content, while Rack reparses it as multiple forwarding parameters.\n\n## Impact\n\nApplications that rely on `Forwarded` to derive request metadata may observe attacker-controlled values for `host`, `proto`, `for`, or related URL components.\n\nIn affected deployments, this can lead to host or scheme spoofing in derived values such as `req.host`, `req.scheme`, `req.base_url`, or `req.url`. Applications that use those values for password reset links, redirects, absolute URL generation, logging, IP-based decisions, or backend requests may be vulnerable to downstream security impact.\n\nThe practical security impact depends on deployment architecture. If clients can already supply arbitrary trusted `Forwarded` parameters directly, this bug may not add meaningful attacker capability. The issue is most relevant where an upstream component and Rack interpret the same `Forwarded` header differently.\n\n## Mitigation\n\n* Update to a patched version of Rack that parses `Forwarded` quoted-string values before splitting on parameter delimiters.\n* Avoid trusting client-supplied `Forwarded` headers unless they are normalized or regenerated by a trusted reverse proxy.\n* Prefer stripping inbound `Forwarded` headers at the edge and reconstructing them from trusted proxy metadata.\n* Avoid using `req.host`, `req.scheme`, `req.base_url`, or `req.url` for security-sensitive operations unless the forwarding chain is explicitly trusted and validated.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:31:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-qfgr-crr9-7r49","https://nvd.nist.gov/vuln/detail/CVE-2026-32762","https://github.com/advisories/GHSA-qfgr-crr9-7r49"],"source_kind":"github","identifiers":["GHSA-qfgr-crr9-7r49","CVE-2026-32762"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.023Z","epss_percentage":0.00028,"epss_percentile":0.07773,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZmdyLWNycjktN3I0Oc4ABUpB","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xZmdyLWNycjktN3I0Oc4ABUpB","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZmdyLWNycjktN3I0Oc4ABUpB/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yeDIyLWc5bXgtcXJods4ABUpA","url":"https://github.com/advisories/GHSA-rx22-g9mx-qrhv","title":"Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values","description":"## Summary\n\n`Rack::Multipart::Parser` unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as `filename` or `name` instead of removing the folded line break during unfolding.\n\nAs a result, applications that later reuse those parsed values in HTTP response headers may be vulnerable to downstream header injection or response splitting.\n\n## Details\n\n`Rack::Multipart::Parser` accepts folded multipart header values and unfolds them during parsing. However, the unfolding behavior does not fully remove the embedded line break sequence from the parsed value.\n\nThis means a multipart part header such as:\n\n```http\nContent-Disposition: form-data; name=\"file\"; filename=\"test\\r\\n foo.txt\"\n```\n\ncan result in a parsed parameter value that still contains CRLF characters.\n\nThe issue is not that Rack creates a second multipart header field. Rather, the problem is that CRLF remains embedded in the parsed metadata value after unfolding. If an application later uses that value in a security-sensitive context, such as constructing an HTTP response header, the preserved CRLF may alter downstream header parsing.\n\nAffected values may include multipart parameters such as `filename`, `name`, or similar parsed header attributes.\n\n## Impact\n\nApplications that accept multipart form uploads may be affected if they later reuse parsed multipart metadata in HTTP headers or other header-sensitive contexts.\n\nIn affected deployments, an attacker may be able to supply a multipart parameter value containing folded line breaks and cause downstream header injection, response splitting, cache poisoning, or related response parsing issues.\n\nThe practical impact depends on application behavior. If parsed multipart metadata is not reused in HTTP headers, the issue may be limited to incorrect parsing behavior rather than a direct exploit path.\n\n## Mitigation\n\n* Update to a patched version of Rack that removes CRLF correctly when unfolding folded multipart header values.\n* Avoid copying upload metadata such as `filename` directly into HTTP response headers without sanitization.\n* Sanitize or reject carriage return and line feed characters in multipart-derived values before reusing them in response headers, logs, or downstream protocol contexts.\n* Where feasible, normalize uploaded filenames before storing or reflecting them.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:31:01.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-rx22-g9mx-qrhv","https://nvd.nist.gov/vuln/detail/CVE-2026-26962","https://github.com/advisories/GHSA-rx22-g9mx-qrhv"],"source_kind":"github","identifiers":["GHSA-rx22-g9mx-qrhv","CVE-2026-26962"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.023Z","epss_percentage":0.00039,"epss_percentile":0.11782,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yeDIyLWc5bXgtcXJods4ABUpA","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yeDIyLWc5bXgtcXJods4ABUpA","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yeDIyLWc5bXgtcXJods4ABUpA/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12Z3B2LWY3NTktOXd4M84ABUo_","url":"https://github.com/advisories/GHSA-vgpv-f759-9wx3","title":"Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.","description":"## Summary\n\n`Rack::Multipart::Parser` extracts the `boundary` parameter from `multipart/form-data` using a greedy regular expression. When a `Content-Type` header contains multiple `boundary` parameters, Rack selects the last one rather than the first.\n\nIn deployments where an upstream proxy, WAF, or intermediary interprets the first `boundary` parameter, this mismatch can allow an attacker to smuggle multipart content past upstream inspection and have Rack parse a different body structure than the intermediary validated.\n\n## Details\n\nRack identifies the multipart boundary using logic equivalent to:\n\n```ruby\nMULTIPART = %r|\\Amultipart/.*boundary=\\\"?([^\\\";,]+)\\\"?|ni\n```\n\nBecause the expression is greedy, it matches the last `boundary=` parameter in a header such as:\n\n```http\nContent-Type: multipart/form-data; boundary=safe; boundary=malicious\n```\n\nAs a result, Rack parses the request body using `malicious`, while another component may interpret the same header using `safe`.\n\nThis creates an interpretation conflict. If an upstream WAF or proxy inspects multipart parts using the first boundary and Rack later parses the body using the last boundary, a client may be able to place malicious form fields or uploaded content in parts that Rack accepts but the upstream component did not inspect as intended.\n\nThis issue is most relevant in layered deployments where security decisions are made before the request reaches Rack.\n\n## Impact\n\nApplications that accept `multipart/form-data` uploads behind an inspecting proxy or WAF may be affected.\n\nIn such deployments, an attacker may be able to bypass upstream filtering of uploaded files or form fields by sending a request with multiple `boundary` parameters and relying on the intermediary and Rack to parse the request differently.\n\nThe practical impact depends on deployment architecture. If no upstream component relies on a different multipart interpretation, this behavior may not provide meaningful additional attacker capability.\n\n## Mitigation\n\n* Update to a patched version of Rack that rejects ambiguous multipart `Content-Type` headers or parses duplicate `boundary` parameters consistently.\n* Reject requests containing multiple `boundary` parameters.\n* Normalize or regenerate multipart metadata at the trusted edge before forwarding requests to Rack.\n* Avoid relying on upstream inspection of malformed multipart requests unless duplicate parameter handling is explicitly consistent across components.","origin":"UNSPECIFIED","severity":"LOW","published_at":"2026-04-02T20:30:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":3.7,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3","https://nvd.nist.gov/vuln/detail/CVE-2026-26961","https://github.com/advisories/GHSA-vgpv-f759-9wx3"],"source_kind":"github","identifiers":["GHSA-vgpv-f759-9wx3","CVE-2026-26961"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.024Z","epss_percentage":0.00029,"epss_percentile":0.08191,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Z3B2LWY3NTktOXd4M84ABUo_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12Z3B2LWY3NTktOXd4M84ABUo_","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Z3B2LWY3NTktOXd4M84ABUo_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12Nng1LWNnOHItdnY2eM4ABUo-","url":"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x","title":"Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters","description":"## Summary\n\n`Rack::Multipart::Parser#handle_mime_head` parses quoted multipart parameters such as `Content-Disposition: form-data; name=\"...\"` using repeated `String#index` searches combined with `String#slice!` prefix deletion. For escape-heavy quoted values, this causes super-linear processing.\n\nAn unauthenticated attacker can send a crafted `multipart/form-data` request containing many parts with long backslash-escaped parameter values to trigger excessive CPU usage during multipart parsing.\n\nThis results in a denial of service condition in Rack applications that accept multipart form data.\n\n## Details\n\n`Rack::Multipart::Parser#handle_mime_head` parses quoted parameter values by repeatedly:\n\n1. Searching for the next quote or backslash,\n2. Copying the preceding substring into a new buffer, and\n3. Removing the processed prefix from the original string with `slice!`.\n\nAn attacker can exploit this by sending a multipart request with many parts whose `name` parameters contain long escape-heavy values such as:\n\n```text\nname=\"a\\\\a\\\\a\\\\a\\\\a\\\\...\"\n```\n\nUnder default Rack limits, a request can contain up to 4095 parts. If many of those parts use long quoted values with dense escape characters, the parser performs disproportionately expensive CPU work while remaining within normal request size and part-count limits.\n\n## Impact\n\nAny Rack application that accepts `multipart/form-data` requests may be affected, including file upload endpoints and standard HTML form handlers.\n\nAn unauthenticated attacker can send crafted multipart requests that consume excessive CPU time during request parsing. Repeated requests can tie up application workers, reduce throughput, and degrade or deny service availability.\n\n## Mitigation\n\n* Update to a patched version of Rack that parses quoted multipart parameters without repeated rescanning and destructive prefix deletion.\n* Apply request throttling or rate limiting to multipart upload endpoints.\n* Where operationally feasible, restrict or isolate multipart parsing on untrusted high-volume endpoints.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-04-02T20:30:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x","https://nvd.nist.gov/vuln/detail/CVE-2026-34827","https://github.com/advisories/GHSA-v6x5-cg8r-vv6x"],"source_kind":"github","identifiers":["GHSA-v6x5-cg8r-vv6x","CVE-2026-34827"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-05T20:00:13.024Z","epss_percentage":0.00041,"epss_percentile":0.12627,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Nng1LWNnOHItdnY2eM4ABUo-","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12Nng1LWNnOHItdnY2eM4ABUo-","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Nng1LWNnOHItdnY2eM4ABUo-/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14OGNnLWZxOGctbXhmeM4ABUo9","url":"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx","title":"Rack's multipart byte range processing allows denial of service via excessive overlapping ranges","description":"## Summary\n\n`Rack::Utils.get_byte_ranges` parses the HTTP `Range` header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the file size, it does not restrict the count of ranges. An attacker can supply many small overlapping ranges such as `0-0,0-0,0-0,...` to trigger disproportionate CPU, memory, I/O, and bandwidth consumption per request.\n\nThis results in a denial of service condition in Rack file-serving paths that process multipart byte range responses.\n\n## Details\n\n`Rack::Utils.get_byte_ranges` accepts a comma-separated list of byte ranges and validates them based on their aggregate size, but does not impose a limit on how many individual ranges may be supplied.\n\nAs a result, a request such as:\n\n```http\nRange: bytes=0-0,0-0,0-0,0-0,...\n```\n\ncan contain thousands of overlapping one-byte ranges while still satisfying the total-size check added for CVE-2024-26141.\n\nWhen such a header is processed by Rack’s file-serving code, each range causes additional work, including multipart response generation, per-range iteration, file seek and read operations, and temporary string allocation for response size calculation and output. This allows a relatively small request header to trigger disproportionately expensive processing and a much larger multipart response.\n\nThe issue is distinct from CVE-2024-26141. That fix prevents range sets whose total byte coverage exceeds the file size, but does not prevent a large number of overlapping ranges whose summed size remains within that limit.\n\n## Impact\n\nApplications that expose file-serving paths with byte range support may be vulnerable to denial of service.\n\nAn unauthenticated attacker can send crafted `Range` headers containing many small overlapping ranges to consume excessive CPU time, memory, file I/O, and bandwidth. Repeated requests may reduce application availability and increase pressure on workers and garbage collection.\n\n## Mitigation\n\n* Update to a patched version of Rack that limits the number of accepted byte ranges.\n* Reject or normalize multipart byte range requests containing excessive range counts.\n* Consider disabling multipart range support where it is not required.\n* Apply request filtering or header restrictions at the reverse proxy or application boundary to limit abusive `Range` headers.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T19:07:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","references":["https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx","https://nvd.nist.gov/vuln/detail/CVE-2026-34826","https://github.com/advisories/GHSA-x8cg-fq8g-mxfx"],"source_kind":"github","identifiers":["GHSA-x8cg-fq8g-mxfx","CVE-2026-34826"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T20:00:10.704Z","updated_at":"2026-04-07T00:00:18.226Z","epss_percentage":0.00039,"epss_percentile":0.11748,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OGNnLWZxOGctbXhmeM4ABUo9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14OGNnLWZxOGctbXhmeM4ABUo9","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OGNnLWZxOGctbXhmeM4ABUo9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xNHFmLTlqODYtZjVtaM4ABUo8","url":"https://github.com/advisories/GHSA-q4qf-9j86-f5mh","title":"Rack:: Static header_rules bypass via URL-encoded paths","description":"## Summary\n\n`Rack::Static#applicable_rules` evaluates several `header_rules` types against the raw URL-encoded `PATH_INFO`, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers that `header_rules` were intended to apply.\n\nIn deployments that rely on `Rack::Static` to attach security-relevant response headers to static content, this can allow an attacker to bypass those headers by requesting an encoded form of the path.\n\n## Details\n\n`Rack::Static#applicable_rules` matches rule types such as `:fonts`, `Array`, and `Regexp` directly against the incoming `PATH_INFO`. For example:\n\n```ruby\nwhen :fonts\n  /\\.(?:ttf|otf|eot|woff2|woff|svg)\\z/.match?(path)\nwhen Array\n  /\\.(#{rule.join('|')})\\z/.match?(path)\nwhen Regexp\n  rule.match?(path)\n```\n\nThese checks operate on the raw request path. If the request contains encoded characters such as `%2E` in place of `.`, the rule may fail to match even though the file path is later decoded and served successfully by the static file server.\n\nFor example, both of the following requests may resolve to the same file on disk:\n\n```text\n/fonts/test.woff\n/fonts/test%2Ewoff\n```\n\nbut only the unencoded form may receive the headers configured through `header_rules`.\n\nThis creates a canonicalization mismatch between the path used for header policy decisions and the path ultimately used for file serving.\n\n## Impact\n\nApplications that rely on `Rack::Static` `header_rules` to apply security-relevant headers to static files may be affected.\n\nIn affected deployments, an attacker can request an encoded variant of a static file path and receive the same file without the intended headers. Depending on how `header_rules` are used, this may bypass protections such as clickjacking defenses, content restrictions, or other response policies applied to static content.\n\nThe practical impact depends on the configured rules and the types of files being served. If `header_rules` are only used for non-security purposes such as caching, the issue may have limited security significance.\n\n## Mitigation\n\n* Update to a patched version of Rack that applies `header_rules` to a decoded path consistently with static file resolution.\n* Do not rely solely on `Rack::Static` `header_rules` for security-critical headers where encoded path variants may reach the application.\n* Prefer setting security headers at the reverse proxy or web server layer so they apply consistently to both encoded and unencoded path forms.\n* Normalize or reject encoded path variants for static content at the edge, where feasible.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T18:44:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh","https://nvd.nist.gov/vuln/detail/CVE-2026-34786","https://github.com/advisories/GHSA-q4qf-9j86-f5mh"],"source_kind":"github","identifiers":["GHSA-q4qf-9j86-f5mh","CVE-2026-34786"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T19:00:09.384Z","updated_at":"2026-04-05T20:00:13.025Z","epss_percentage":0.00029,"epss_percentile":0.08191,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNHFmLTlqODYtZjVtaM4ABUo8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xNHFmLTlqODYtZjVtaM4ABUo8","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNHFmLTlqODYtZjVtaM4ABUo8/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1oMmpxLWc0Y3EtNXBwcc4ABUo7","url":"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq","title":"Rack::Static prefix matching can expose unintended files under the static root","description":"## Summary\n\n`Rack::Static` determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as `\"/css\"`, it matches any request path that begins with that string, including unrelated paths such as `\"/css-config.env\"` or `\"/css-backup.sql\"`.\n\nAs a result, files under the static root whose names merely share the configured prefix may be served unintentionally, leading to information disclosure.\n\n## Details\n\n`Rack::Static#route_file` performs static-route matching using logic equivalent to:\n\n```ruby\n@urls.any? { |url| path.index(url) == 0 }\n```\n\nThis checks only whether the request path starts with the configured prefix string. It does not require a path segment boundary after the prefix.\n\nFor example, with:\n\n```ruby\nuse Rack::Static, urls: [\"/css\", \"/js\"], root: \"public\"\n```\n\nthe following path is matched as intended:\n\n```text\n/css/style.css\n```\n\nbut these paths are also matched:\n\n```text\n/css-config.env\n/css-backup.sql\n/csssecrets.yml\n```\n\nIf such files exist under the configured static root, Rack forwards the request to the file server and serves them as static content.\n\nThis means a configuration intended to expose only directory trees such as `/css/...` and `/js/...` may also expose sibling files whose names begin with those same strings.\n\n## Impact\n\nAn attacker can request files under the configured static root whose names share a configured URL prefix and obtain their contents.\n\nIn affected deployments, this may expose configuration files, secrets, backups, environment files, or other unintended static content located under the same root directory.\n\n## Mitigation\n\n* Update to a patched version of Rack that enforces a path boundary when matching configured static URL prefixes.\n* Match only paths that are either exactly equal to the configured prefix or begin with `prefix + \"/\"`.\n* Avoid placing sensitive files under the `Rack::Static` root directory.\n* Prefer static URL mappings that cannot overlap with sensitive filenames.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-04-02T18:44:25.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq","https://nvd.nist.gov/vuln/detail/CVE-2026-34785","https://github.com/advisories/GHSA-h2jq-g4cq-5ppq"],"source_kind":"github","identifiers":["GHSA-h2jq-g4cq-5ppq","CVE-2026-34785"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T19:00:09.384Z","updated_at":"2026-04-05T20:00:13.026Z","epss_percentage":0.00031,"epss_percentile":0.08806,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMmpxLWc0Y3EtNXBwcc4ABUo7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oMmpxLWc0Y3EtNXBwcc4ABUo7","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMmpxLWc0Y3EtNXBwcc4ABUo7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13aHJqLTQ0NzYtd3ZtcM4ABSbc","url":"https://github.com/advisories/GHSA-whrj-4476-wvmp","title":"Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href","description":"## Summary\n\n`Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index includes an anchor whose `href` attribute is exactly `javascript:alert(1)`. Clicking this entry executes arbitrary JavaScript in the context of the hosting application.\n\nThis results in a client-side XSS condition in directory listings generated by `Rack::Directory`.\n\n## Details\n\n`Rack::Directory` renders directory entries using an HTML row template similar to:\n\n```html\n\u003ca href='%s'\u003e%s\u003c/a\u003e\n```\n\nThe `%s` placeholder is populated directly with the file’s basename. If the basename begins with `javascript:`, the resulting HTML contains an executable JavaScript URL:\n\n```html\n\u003ca href='javascript:alert(1)'\u003ejavascript:alert(1)\u003c/a\u003e\n```\n\nBecause the value is inserted directly into the `href` attribute without scheme validation or normalization, browsers interpret it as a JavaScript URI. When a user clicks the link, the JavaScript executes in the origin of the Rack application.\n\n## Impact\n\nIf `Rack::Directory` is used to expose filesystem contents over HTTP, an attacker who can create or upload files within that directory may introduce a malicious filename beginning with `javascript:`.\n\nWhen a user visits the directory listing and clicks the entry, arbitrary JavaScript executes in the application's origin. Exploitation requires user interaction (clicking the malicious entry).\n\n## Mitigation\n\n* Update to a patched version of Rack in which `Rack::Directory` prefixes generated anchors with a relative path indicator (e.g. `./filename`).\n* Avoid exposing user-controlled directories via `Rack::Directory`.\n* Apply a strict Content Security Policy (CSP) to reduce impact of potential client-side execution issues.\n* Where feasible, restrict or sanitize uploaded filenames to disallow dangerous URI scheme prefixes.\n\nHackerOne profile:\nhttps://hackerone.com/thesmartshadow\n\nGitHub account owner:\nAli Firas (@thesmartshadow)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-02-17T18:46:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp","https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff","https://nvd.nist.gov/vuln/detail/CVE-2026-25500","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml","https://github.com/advisories/GHSA-whrj-4476-wvmp"],"source_kind":"github","identifiers":["GHSA-whrj-4476-wvmp","CVE-2026-25500"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-02-17T19:00:08.542Z","updated_at":"2026-04-05T20:01:12.496Z","epss_percentage":0.00021,"epss_percentile":0.0566,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13aHJqLTQ0NzYtd3ZtcM4ABSbc","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13aHJqLTQ0NzYtd3ZtcM4ABSbc","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.5","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.5"},{"first_patched_version":"3.1.20","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.20"},{"first_patched_version":"2.2.22","vulnerable_version_range":"\u003c 2.2.22"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13aHJqLTQ0NzYtd3ZtcM4ABSbc/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1teHczLTNoaDIteDJtaM4ABSa7","url":"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh","title":"Rack has a Directory Traversal via Rack:Directory","description":"## Summary\n\n`Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root.\n\n## Details\n\nIn `directory.rb`, `File.expand_path(File.join(root, path_info)).start_with?(root)` does not enforce a path boundary. If the server root is `/var/www/root`, a path like `/var/www/root_backup` passes the check because it shares the same prefix, so `Rack::Directory` will list that directory also. \n\n## Impact\n\nInformation disclosure via directory listing outside the configured root when `Rack::Directory` is exposed to untrusted clients and a directory shares the root prefix (e.g., `public2`, `www_backup`).\n\n## Mitigation\n\n* Update to a patched version of Rack that correctly checks the root prefix.\n* Don't name directories with the same prefix as one which is exposed via `Rack::Directory`.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-02-17T16:14:11.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh","https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7","https://nvd.nist.gov/vuln/detail/CVE-2026-22860","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml","https://github.com/advisories/GHSA-mxw3-3hh2-x2mh"],"source_kind":"github","identifiers":["GHSA-mxw3-3hh2-x2mh","CVE-2026-22860"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-02-17T17:00:07.439Z","updated_at":"2026-04-05T20:01:12.518Z","epss_percentage":0.001,"epss_percentile":0.27813,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teHczLTNoaDIteDJtaM4ABSa7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1teHczLTNoaDIteDJtaM4ABSa7","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.5","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.5"},{"first_patched_version":"3.1.20","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.20"},{"first_patched_version":"2.2.22","vulnerable_version_range":"\u003c 2.2.22"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teHczLTNoaDIteDJtaM4ABSa7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02eHc0LTN2MzktNTJtbc4ABNQi","url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm","title":"Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing","description":"## Summary\n\n`Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion.\n\n## Details\n\nWhen handling non-multipart form submissions, Rack’s request parser performs:\n\n```ruby\nform_vars = get_header(RACK_INPUT).read\n```\n\nSince `read` is called with no argument, the entire request body is loaded into a Ruby `String`. This occurs before query parameter parsing or enforcement of any `params_limit`. As a result, Rack applications without an upstream body-size limit can experience unbounded memory allocation proportional to request size.\n\n## Impact\n\nAttackers can send large `application/x-www-form-urlencoded` bodies to consume process memory, causing slowdowns or termination by the operating system (OOM). The effect scales linearly with request size and concurrency. Even with parsing limits configured, the issue occurs *before* those limits are enforced.\n\n## Mitigation\n\n* Update to a patched version of Rack that enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies.\n* Enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-10T17:33:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm","https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881","https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db","https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f","https://nvd.nist.gov/vuln/detail/CVE-2025-61919","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml","https://github.com/advisories/GHSA-6xw4-3v39-52mm"],"source_kind":"github","identifiers":["GHSA-6xw4-3v39-52mm","CVE-2025-61919"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-10T18:00:07.553Z","updated_at":"2026-04-05T20:02:07.937Z","epss_percentage":0.00221,"epss_percentile":0.44504,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02eHc0LTN2MzktNTJtbc4ABNQi","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02eHc0LTN2MzktNTJtbc4ABNQi","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.3","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.3"},{"first_patched_version":"3.1.18","vulnerable_version_range":"\u003e= 3.0, \u003c 3.1.18"},{"first_patched_version":"2.2.20","vulnerable_version_range":"\u003c 2.2.20"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02eHc0LTN2MzktNTJtbc4ABNQi/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yNjU3LXJ4amMtajU1N84ABNQh","url":"https://github.com/advisories/GHSA-r657-rxjc-j557","title":"Rack has a Possible Information Disclosure Vulnerability","description":"## Summary\n\nA possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions.\n\n## Details\n\nWhen `Rack::Sendfile` received untrusted `x-sendfile-type` or `x-accel-mapping` headers from a client, it would interpret them as proxy configuration directives. This could cause the middleware to send a \"redirect\" response to the proxy, prompting it to reissue a new internal request that was **not subject to the proxy's access controls**.\n\nAn attacker could exploit this by:\n1. Setting a crafted `x-sendfile-type: x-accel-redirect` header.\n2. Setting a crafted `x-accel-mapping` header.\n3. Requesting a path that qualifies for proxy-based acceleration.\n\n## Impact\n\nAttackers could bypass proxy-enforced restrictions and access internal endpoints intended to be protected (such as administrative pages). The vulnerability did not allow arbitrary file reads but could expose sensitive application routes.\n\nThis issue only affected systems meeting all of the following conditions:\n\n* The application used `Rack::Sendfile` with a proxy that supports `x-accel-redirect` (e.g., Nginx).\n* The proxy did **not** always set or remove the `x-sendfile-type` and `x-accel-mapping` headers.\n* The application exposed an endpoint that returned a body responding to `.to_path`.\n\n## Mitigation\n\n* Upgrade to a fixed version of Rack which requires explicit configuration to enable `x-accel-redirect`:\n\n  ```ruby\n  use Rack::Sendfile, \"x-accel-redirect\"\n  ```\n\n* Alternatively, configure the proxy to always set or strip the headers (you should be doing this!):\n\n  ```nginx\n  proxy_set_header x-sendfile-type x-accel-redirect;\n  proxy_set_header x-accel-mapping /var/www/=/files/;\n  ```\n\n* Or in Rails applications, disable sendfile completely:\n\n  ```ruby\n  config.action_dispatch.x_sendfile_header = nil\n  ```","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-10-10T17:31:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557","https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784","https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a","https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85","https://nvd.nist.gov/vuln/detail/CVE-2025-61780","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml","https://github.com/advisories/GHSA-r657-rxjc-j557"],"source_kind":"github","identifiers":["GHSA-r657-rxjc-j557","CVE-2025-61780"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-10T18:00:08.395Z","updated_at":"2026-04-05T20:02:07.938Z","epss_percentage":0.00035,"epss_percentile":0.10005,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNjU3LXJ4amMtajU1N84ABNQh","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yNjU3LXJ4amMtajU1N84ABNQh","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.3","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.3"},{"first_patched_version":"3.1.18","vulnerable_version_range":"\u003e= 3.0, \u003c 3.1.18"},{"first_patched_version":"2.2.20","vulnerable_version_range":"\u003c 2.2.20"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNjU3LXJ4amMtajU1N84ABNQh/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13cHY1LTk3d20taHA5Y84ABNDU","url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c","title":"Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)","description":"## Summary\n\n`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).\n\n## Details\n\nWhile reading multipart headers, the parser waits for `CRLFCRLF` using:\n\n```ruby\n@sbuf.scan_until(/(.*?\\r\\n)\\r\\n/m)\n```\n\nIf the terminator never appears, it continues appending data (`@sbuf.concat(content)`) indefinitely. There is no limit on accumulated header bytes, so a single malformed part can consume memory proportional to the request body size.\n\n## Impact\n\nAttackers can send incomplete multipart headers to trigger high memory use, leading to process termination (OOM) or severe slowdown. The effect scales with request size limits and concurrency. All applications handling multipart uploads may be affected.\n\n## Mitigation\n\n* Upgrade to a patched Rack version that caps per-part header size (e.g., 64 KiB).\n* Until then, restrict maximum request sizes at the proxy or web server layer (e.g., Nginx `client_max_body_size`).","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-07T17:28:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c","https://nvd.nist.gov/vuln/detail/CVE-2025-61772","https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml","https://github.com/advisories/GHSA-wpv5-97wm-hp9c"],"source_kind":"github","identifiers":["GHSA-wpv5-97wm-hp9c","CVE-2025-61772"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-07T18:00:06.962Z","updated_at":"2026-04-05T20:02:07.961Z","epss_percentage":0.00193,"epss_percentile":0.41011,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cHY1LTk3d20taHA5Y84ABNDU","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13cHY1LTk3d20taHA5Y84ABNDU","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.2","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.2"},{"first_patched_version":"3.1.17","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.17"},{"first_patched_version":"2.2.19","vulnerable_version_range":"\u003c 2.2.19"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cHY1LTk3d20taHA5Y84ABNDU/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13OXBjLWZtZ2Mtdnh2d84ABNDT","url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw","title":"Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)","description":"## Summary\n\n`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS).\n\n## Details\n\nDuring multipart parsing, file parts are streamed to temporary files, but non-file parts are buffered into memory:\n\n```ruby\nbody = String.new  # non-file → in-RAM buffer\n@mime_parts[mime_index].body \u003c\u003c content\n```\n\nThere is no size limit on these in-memory buffers. As a result, any large text field—while technically valid—will be loaded fully into process memory before being added to `params`.\n\n## Impact\n\nAttackers can send large non-file fields to trigger excessive memory usage. Impact scales with request size and concurrency, potentially leading to worker crashes or severe garbage-collection overhead. All Rack applications processing multipart form submissions are affected.\n\n## Mitigation\n\n* **Upgrade:** Use a patched version of Rack that enforces a reasonable size cap for non-file fields (e.g., 2 MiB).\n* **Workarounds:**\n  * Restrict maximum request body size at the web-server or proxy layer (e.g., Nginx `client_max_body_size`).\n  * Validate and reject unusually large form fields at the application level.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-07T17:27:07.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw","https://nvd.nist.gov/vuln/detail/CVE-2025-61771","https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml","https://github.com/advisories/GHSA-w9pc-fmgc-vxvw"],"source_kind":"github","identifiers":["GHSA-w9pc-fmgc-vxvw","CVE-2025-61771"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-07T18:00:09.191Z","updated_at":"2026-04-06T23:01:50.401Z","epss_percentage":0.00098,"epss_percentile":0.26932,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OXBjLWZtZ2Mtdnh2d84ABNDT","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13OXBjLWZtZ2Mtdnh2d84ABNDT","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.2","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.2"},{"first_patched_version":"3.1.17","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.17"},{"first_patched_version":"2.2.19","vulnerable_version_range":"\u003c 2.2.19"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.0.beta","1.3.0.beta2","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.3.10","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.5.0.beta.1","1.5.0.beta.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.0.9.1","2.0.9.2","2.0.9.3","2.0.9.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.4.1","2.1.4.2","2.1.4.3","2.1.4.4","2.2.0","2.2.1","2.2.2","2.2.3","2.2.3.1","2.2.4","2.2.5","2.2.6","2.2.6.1","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.2.0","3.2.1"],"unaffected_versions":["2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.0","3.0.0.beta1","3.0.0.rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OXBjLWZtZ2Mtdnh2d84ABNDT/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wNTQzLXhwZm0tNTRjcM4ABNDS","url":"https://github.com/advisories/GHSA-p543-xpfm-54cp","title":"Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)","description":"## Summary\n\n`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions.\n\n## Details\n\nWhile searching for the first boundary, the parser appends incoming data into a shared buffer (`@sbuf.concat(content)`) and scans for the boundary pattern:\n\n```ruby\n@sbuf.scan_until(@body_regex)\n```\n\nIf the boundary is not yet found, the parser continues buffering data indefinitely. There is no trimming or size cap on the preamble, allowing attackers to send arbitrary amounts of data before the first boundary.\n\n## Impact\n\nRemote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection.\n\n## Mitigation\n\n* **Upgrade:** Use a patched version of Rack that enforces a preamble size limit (e.g., 16 KiB) or discards preamble data entirely per [RFC 2046 § 5.1.1](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.1).\n* **Workarounds:**\n  * Limit total request body size at the proxy or web server level.\n  * Monitor memory and set per-process limits to prevent OOM conditions.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-07T17:26:16.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp","https://nvd.nist.gov/vuln/detail/CVE-2025-61770","https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml","https://github.com/advisories/GHSA-p543-xpfm-54cp"],"source_kind":"github","identifiers":["GHSA-p543-xpfm-54cp","CVE-2025-61770"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-07T18:00:09.416Z","updated_at":"2026-04-05T20:02:07.962Z","epss_percentage":0.00158,"epss_percentile":0.36528,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNTQzLXhwZm0tNTRjcM4ABNDS","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wNTQzLXhwZm0tNTRjcM4ABNDS","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.2","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.2"},{"first_patched_version":"3.1.17","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.17"},{"first_patched_version":"2.2.19","vulnerable_version_range":"\u003c 2.2.19"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNTQzLXhwZm0tNTRjcM4ABNDS/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02MjVoLTk1cjgtOHhwbc4ABMpX","url":"https://github.com/advisories/GHSA-625h-95r8-8xpm","title":"Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters","description":"## Summary\n\n`Rack::QueryParser` in version `\u003c 2.2.18` enforces its `params_limit` only for parameters separated by `\u0026`, while still splitting on both `\u0026` and `;`. As a result, attackers could use `;` separators to bypass the parameter count limit and submit more parameters than intended.\n\n## Details\n\nThe issue arises because `Rack::QueryParser#check_query_string` counts only `\u0026` characters when determining the number of parameters, but the default separator regex `DEFAULT_SEP = /[\u0026;] */n` splits on both `\u0026` and `;`. This mismatch means that queries using `;` separators were not included in the parameter count, allowing `params_limit` to be bypassed.\n\nOther safeguards (`bytesize_limit` and `key_space_limit`) still applied, but did not prevent this particular bypass.\n\n## Impact\n\nApplications or middleware that directly invoke `Rack::QueryParser` with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector.\n\n`Rack::Request`, the primary entry point for typical Rack applications, uses `QueryParser` in a safe way and does not appear vulnerable by default. As such, the severity is considered **low**, with the impact limited to edge cases where `QueryParser` is used directly.\n\n## Mitigation\n\n* Upgrade to a patched version of Rack where both `\u0026` and `;` are counted consistently toward `params_limit`.\n* If upgrading is not immediately possible, configure `QueryParser` with an explicit delimiter (e.g., `\u0026`) to avoid the mismatch.\n* As a general precaution, enforce query string and request size limits at the web server or proxy layer (e.g., Nginx, Apache, or a CDN) to mitigate excessive parsing overhead.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-09-25T16:39:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm","https://nvd.nist.gov/vuln/detail/CVE-2025-59830","https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71","https://github.com/advisories/GHSA-625h-95r8-8xpm"],"source_kind":"github","identifiers":["GHSA-625h-95r8-8xpm","CVE-2025-59830"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-09-25T17:00:58.039Z","updated_at":"2026-04-05T20:02:12.409Z","epss_percentage":0.00069,"epss_percentile":0.20967,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02MjVoLTk1cjgtOHhwbc4ABMpX","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02MjVoLTk1cjgtOHhwbc4ABMpX","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.18","vulnerable_version_range":"\u003c 2.2.18"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02MjVoLTk1cjgtOHhwbc4ABMpX/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00N20yLTI2cnctajJqd84ABIp_","url":"https://github.com/advisories/GHSA-47m2-26rw-j2jw","title":"ReDoS Vulnerability in Rack::Multipart handle_mime_head","description":"### Summary\nThere is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571.\n\n### Details\n\nCarefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\n\n### Credits\n\nThanks to [scyoon](https://hackerone.com/scyoon) for reporting this to the Rails security team","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-06-05T05:21:34.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.6,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U","references":["https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw","https://nvd.nist.gov/vuln/detail/CVE-2025-49007","https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f","https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml","https://github.com/advisories/GHSA-47m2-26rw-j2jw"],"source_kind":"github","identifiers":["GHSA-47m2-26rw-j2jw","CVE-2025-49007"],"repository_url":"https://github.com/rack/rack","blast_radius":39.72230838522566,"created_at":"2025-06-05T06:08:07.219Z","updated_at":"2026-04-05T20:02:50.298Z","epss_percentage":0.00569,"epss_percentile":0.6851,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00N20yLTI2cnctajJqd84ABIp_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00N20yLTI2cnctajJqd84ABIp_","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.16","vulnerable_version_range":"\u003e= 3.1.0, \u003c 3.1.16"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00N20yLTI2cnctajJqd84ABIp_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1namg3LXAyZngtOTl2eM4ABHo_","url":"https://github.com/advisories/GHSA-gjh7-p2fx-99vx","title":"Rack has an Unbounded-Parameter DoS in Rack::QueryParser","description":"## Summary\n\n`Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters.\n\n## Details\n\nThe vulnerability arises because `Rack::QueryParser` iterates over each `\u0026`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing.\n\n## Impact\n\nAn attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted.\n\n## Mitigation\n\n- Update to a version of Rack that limits the number of parameters parsed, or\n- Use middleware to enforce a maximum query string size or parameter count, or\n- Employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies.\n\nLimiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-05-08T14:45:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx","https://nvd.nist.gov/vuln/detail/CVE-2025-46727","https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712","https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3","https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml","https://github.com/advisories/GHSA-gjh7-p2fx-99vx"],"source_kind":"github","identifiers":["GHSA-gjh7-p2fx-99vx","CVE-2025-46727"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-05-08T15:09:22.844Z","updated_at":"2026-04-05T20:02:58.635Z","epss_percentage":0.00808,"epss_percentile":0.73922,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1namg3LXAyZngtOTl2eM4ABHo_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1namg3LXAyZngtOTl2eM4ABHo_","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.14","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.14"},{"first_patched_version":"3.0.16","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.16"},{"first_patched_version":"2.2.14","vulnerable_version_range":"\u003c 2.2.14"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1namg3LXAyZngtOTl2eM4ABHo_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12cGZ3LTQ3aDcteGo0Z84ABHo9","url":"https://github.com/advisories/GHSA-vpfw-47h7-xj4g","title":"Rack session gets restored after deletion","description":"### Summary\n\nWhen using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.\n\n### Details\n\n[Rack session middleware](https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270) prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.\n\n### Impact\n\nWhen using the `Rack::Session::Pool` middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.\n\n## Mitigation\n\n- Update to the latest version of `rack`, or\n- Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a `logged_out` flag, instead of deleting them, and check this flag on every request to prevent reuse, or\n- Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.\n\n### Related\n\nAs this code was moved to `rack-session` in Rack 3+, see \u003chttps://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj\u003e for the equivalent advisory in `rack-session` (affecting Rack 3+ only).","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-05-08T14:45:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.2,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj","https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g","https://nvd.nist.gov/vuln/detail/CVE-2025-32441","https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d","https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml","https://github.com/advisories/GHSA-vpfw-47h7-xj4g"],"source_kind":"github","identifiers":["GHSA-vpfw-47h7-xj4g","CVE-2025-32441"],"repository_url":"https://github.com/rack/rack-session","blast_radius":0.0,"created_at":"2025-05-08T15:09:23.194Z","updated_at":"2026-04-05T20:02:58.638Z","epss_percentage":0.00096,"epss_percentile":0.26572,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cGZ3LTQ3aDcteGo0Z84ABHo9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12cGZ3LTQ3aDcteGo0Z84ABHo9","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.14","vulnerable_version_range":"\u003c= 2.2.13"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cGZ3LTQ3aDcteGo0Z84ABHo9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03d3FoLTc2N3gtcjY2ds4ABFQr","url":"https://github.com/advisories/GHSA-7wqh-767x-r66v","title":"Local File Inclusion in Rack::Static","description":"## Summary\n\n`Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly.\n\n## Details\n\nThe vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory.\n\n## Impact\n\nBy exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Static`, or\n- Ensure that `root:` points at a directory path which only contains files which should be accessed publicly.\n\nIt is likely that a CDN or similar static file server would also mitigate the issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-03-10T22:19:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v","https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583","https://nvd.nist.gov/vuln/detail/CVE-2025-27610","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml","https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","https://github.com/advisories/GHSA-7wqh-767x-r66v"],"source_kind":"github","identifiers":["GHSA-7wqh-767x-r66v","CVE-2025-27610"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-03-10T23:07:48.263Z","updated_at":"2026-04-05T20:03:21.601Z","epss_percentage":0.00415,"epss_percentile":0.61505,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03d3FoLTc2N3gtcjY2ds4ABFQr","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03d3FoLTc2N3gtcjY2ds4ABFQr","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.12","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.12"},{"first_patched_version":"3.0.14","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.14"},{"first_patched_version":"2.2.13","vulnerable_version_range":"\u003c 2.2.13"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03d3FoLTc2N3gtcjY2ds4ABFQr/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04Y2dxLTZtaDItN2o2ds4ABFEg","url":"https://github.com/advisories/GHSA-8cgq-6mh2-7j6v","title":"Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection","description":"## Summary\n\n`Rack::Sendfile` can be exploited by crafting input that includes newline characters to manipulate log entries.\n\n## Details\n\nThe `Rack::Sendfile` middleware logs unsanitized header values from the `X-Sendfile-Type` header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection.\n\n## Impact\n\nThis vulnerability can distort log files, obscure attack traces, and complicate security auditing.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Sendfile`.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-03-04T15:27:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","references":["https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v","https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53","https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b","https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3","https://nvd.nist.gov/vuln/detail/CVE-2025-27111","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml","https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","https://github.com/advisories/GHSA-8cgq-6mh2-7j6v"],"source_kind":"github","identifiers":["GHSA-8cgq-6mh2-7j6v","CVE-2025-27111"],"repository_url":"https://github.com/rack/rack","blast_radius":41.52786785728138,"created_at":"2025-03-04T16:08:16.349Z","updated_at":"2026-04-05T20:03:26.326Z","epss_percentage":0.00429,"epss_percentile":0.6194,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Y2dxLTZtaDItN2o2ds4ABFEg","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04Y2dxLTZtaDItN2o2ds4ABFEg","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.11","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.11"},{"first_patched_version":"3.0.13","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.13"},{"first_patched_version":"2.2.12","vulnerable_version_range":"\u003c 2.2.12"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Y2dxLTZtaDItN2o2ds4ABFEg/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03ZzJ2LWpqOXEtZzNyZ84ABEZ0","url":"https://github.com/advisories/GHSA-7g2v-jj9q-g3rg","title":"Possible Log Injection in Rack::CommonLogger","description":"## Summary\n\n`Rack::CommonLogger` can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs.\n\n## Details\n\nWhen a user provides the authorization credentials via `Rack::Auth::Basic`, if success, the username will be put in `env['REMOTE_USER']` and later be used by `Rack::CommonLogger` for logging purposes.\n\nThe issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile.\n\n## Impact\n\nAttackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files.\n\n## Mitigation\n\n- Update to the latest version of Rack.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-02-12T19:18:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P","references":["https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg","https://nvd.nist.gov/vuln/detail/CVE-2025-25184","https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml","https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","https://github.com/advisories/GHSA-7g2v-jj9q-g3rg"],"source_kind":"github","identifiers":["GHSA-7g2v-jj9q-g3rg","CVE-2025-25184"],"repository_url":"https://github.com/rack/rack","blast_radius":34.30562996905853,"created_at":"2025-02-12T20:07:39.192Z","updated_at":"2026-04-06T23:03:01.817Z","epss_percentage":0.01068,"epss_percentile":0.77609,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZzJ2LWpqOXEtZzNyZ84ABEZ0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03ZzJ2LWpqOXEtZzNyZ84ABEZ0","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.10","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.10"},{"first_patched_version":"3.0.12","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.12"},{"first_patched_version":"2.2.11","vulnerable_version_range":"\u003c 2.2.11"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.0.beta","1.3.0.beta2","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.3.10","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.5.0.beta.1","1.5.0.beta.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.0.9.1","2.0.9.2","2.0.9.3","2.0.9.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.4.1","2.1.4.2","2.1.4.3","2.1.4.4","2.2.0","2.2.1","2.2.2","2.2.3","2.2.3.1","2.2.4","2.2.5","2.2.6","2.2.6.1","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9"],"unaffected_versions":["2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.0.beta1","3.0.0.rc1","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZzJ2LWpqOXEtZzNyZ84ABEZ0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb","url":"https://github.com/advisories/GHSA-cj83-2ww7-mvq7","title":"Rack ReDoS Vulnerability in HTTP Accept Headers Parsing","description":"### Summary\n\nA Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS).\n\n### Details\n\nThe fix for https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-07-03T17:03:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7","https://nvd.nist.gov/vuln/detail/CVE-2024-39316","https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml","https://advisory.dw1.io/61","https://github.com/advisories/GHSA-cj83-2ww7-mvq7"],"source_kind":"github","identifiers":["GHSA-cj83-2ww7-mvq7","CVE-2024-39316"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2024-07-03T18:09:36.882Z","updated_at":"2026-04-05T20:04:48.407Z","epss_percentage":0.00833,"epss_percentile":0.74507,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.5","vulnerable_version_range":"\u003e= 3.1.0, \u003c 3.1.5"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE","url":"https://github.com/advisories/GHSA-22f2-v57c-j9cx","title":"Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)","description":"### Summary\n\n```ruby\nmodule Rack\n  class MediaType\n    SPLIT_PATTERN = %r{\\s*[;,]\\s*}\n```\nThe above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.\n\n### PoC\n\nA simple HTTP request with lots of blank characters in the content-type header:\n\n```ruby\nrequest[\"Content-Type\"] = (\" \" * 50_000) + \"a,\"\n```\n\n### Impact\n\nIt's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-02-28T22:57:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","references":["https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx","https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462","https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49","https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml","https://nvd.nist.gov/vuln/detail/CVE-2024-25126","https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html","https://security.netapp.com/advisory/ntap-20240510-0005","https://github.com/advisories/GHSA-22f2-v57c-j9cx"],"source_kind":"github","identifiers":["GHSA-22f2-v57c-j9cx","CVE-2024-25126"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2024-02-28T23:04:48.291Z","updated_at":"2026-04-05T20:06:05.254Z","epss_percentage":0.00463,"epss_percentile":0.64044,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.8.1","vulnerable_version_range":"\u003e= 0.4, \u003c 2.2.8.1"},{"first_patched_version":"3.0.9.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.9.1"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD","url":"https://github.com/advisories/GHSA-xj5v-6v4g-jfw6","title":"Rack has possible DoS Vulnerability with Range Header","description":"# Possible DoS Vulnerability with Range Header in Rack\n\nThere is a possible DoS vulnerability relating to the Range request header in\nRack.  This vulnerability has been assigned the CVE identifier CVE-2024-26141.\n\nVersions Affected:  \u003e= 1.3.0.\nNot affected:       \u003c 1.3.0\nFixed Versions:     3.0.9.1, 2.2.8.1\n\nImpact\n------\nCarefully crafted Range headers can cause a server to respond with an\nunexpectedly large response. Responding with such large responses could lead\nto a denial of service issue.\n\nVulnerable applications will use the `Rack::File` middleware or the\n`Rack::Utils.byte_ranges` methods (this includes Rails applications).\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-0-range.patch - Patch for 3.0 series\n* 2-2-range.patch - Patch for 2.2 series\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and\npatch","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-02-28T22:57:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6","https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9","https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b","https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml","https://nvd.nist.gov/vuln/detail/CVE-2024-26141","https://github.com/advisories/GHSA-xj5v-6v4g-jfw6"],"source_kind":"github","identifiers":["GHSA-xj5v-6v4g-jfw6","CVE-2024-26141"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2024-02-28T23:04:48.311Z","updated_at":"2026-04-05T20:06:05.255Z","epss_percentage":0.0041,"epss_percentile":0.61056,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.8.1","vulnerable_version_range":"\u003e= 1.3.0, \u003c 2.2.8.1"},{"first_patched_version":"3.0.9.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.9.1"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC","url":"https://github.com/advisories/GHSA-54rr-7fvw-6x8f","title":"Rack Header Parsing leads to Possible Denial of Service Vulnerability","description":"# Possible Denial of Service Vulnerability in Rack Header Parsing\n\nThere is a possible denial of service vulnerability in the header parsing\nroutines in Rack.  This vulnerability has been assigned the CVE identifier\nCVE-2024-26146.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1\n\nImpact\n------\nCarefully crafted headers can cause header parsing in Rack to take longer than\nexpected resulting in a possible denial of service issue. Accept and Forwarded\nheaders are impacted.\n\nRuby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2\nor newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 2-0-header-redos.patch - Patch for 2.0 series\n* 2-1-header-redos.patch - Patch for 2.1 series\n* 2-2-header-redos.patch - Patch for 2.2 series\n* 3-0-header-redos.patch - Patch for 3.0 series\n\nCredits\n-------\n\nThanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and\nproviding patches!","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-02-28T22:57:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716","https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582","https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f","https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd","https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml","https://nvd.nist.gov/vuln/detail/CVE-2024-26146","https://github.com/advisories/GHSA-54rr-7fvw-6x8f"],"source_kind":"github","identifiers":["GHSA-54rr-7fvw-6x8f","CVE-2024-26146"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2024-02-28T23:04:48.332Z","updated_at":"2026-04-05T20:06:05.256Z","epss_percentage":0.00699,"epss_percentile":0.71789,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.0.9.4","vulnerable_version_range":"\u003c 2.0.9.4"},{"first_patched_version":"2.1.4.4","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.4.4"},{"first_patched_version":"2.2.8.1","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.8.1"},{"first_patched_version":"3.0.9.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.9.1"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq","url":"https://github.com/advisories/GHSA-c6qg-cjj8-47qp","title":"Possible Denial of Service Vulnerability in Rack's header parsing","description":"There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539.\n\nVersions Affected: \u003e= 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1\n\n# Impact\nCarefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.\n\n# Workarounds\nSetting Regexp.timeout in Ruby 3.2 is a possible workaround.\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-03-15T21:36:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-27539","https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml","https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c","https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff","https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","https://security.netapp.com/advisory/ntap-20231208-0016","https://www.debian.org/security/2023/dsa-5530","https://github.com/advisories/GHSA-c6qg-cjj8-47qp"],"source_kind":"github","identifiers":["GHSA-c6qg-cjj8-47qp","CVE-2023-27539"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-03-15T22:03:00.281Z","updated_at":"2026-04-05T20:08:21.023Z","epss_percentage":0.00328,"epss_percentile":0.55517,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.6.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.6.1"},{"first_patched_version":"2.2.6.4","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.2.6.4"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE","url":"https://github.com/advisories/GHSA-3h57-hmj3-gj3p","title":"Rack has possible DoS Vulnerability in Multipart MIME parsing","description":"There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.\n\nVersions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3\n\n# Impact\nThe Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n# Workarounds\nA proxy can be configured to limit the POST body size which will mitigate this issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-08T17:20:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-27530","https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml","https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","https://www.debian.org/security/2023/dsa-5530","https://security.netapp.com/advisory/ntap-20231208-0015","https://github.com/advisories/GHSA-3h57-hmj3-gj3p"],"source_kind":"github","identifiers":["GHSA-3h57-hmj3-gj3p","CVE-2023-27530"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-03-08T18:03:17.449Z","updated_at":"2026-04-05T20:09:04.907Z","epss_percentage":0.0209,"epss_percentile":0.83946,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.4.2","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.4.2"},{"first_patched_version":"2.2.6.3","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.6.3"},{"first_patched_version":"2.1.4.3","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.4.3"},{"first_patched_version":"2.0.9.3","vulnerable_version_range":"\u003c 2.0.9.3"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0","url":"https://github.com/advisories/GHSA-93pm-5p5f-3ghx","title":"Denial of Service Vulnerability in Rack Content-Disposition parsing","description":"There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571.\n\nVersions Affected: \u003e= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1\nImpact\n\nCarefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.0 series\n    2-1-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.1 series\n    2-2-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.2 series\n    3-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 3.0 series\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-01-18T18:24:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/releases/tag/v3.0.4.1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml","https://nvd.nist.gov/vuln/detail/CVE-2022-44571","https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126","https://www.debian.org/security/2023/dsa-5530","https://github.com/advisories/GHSA-93pm-5p5f-3ghx"],"source_kind":"github","identifiers":["GHSA-93pm-5p5f-3ghx","CVE-2022-44571"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-01-18T19:03:22.042Z","updated_at":"2026-04-06T23:06:28.542Z","epss_percentage":0.03289,"epss_percentile":0.87085,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.4.1","vulnerable_version_range":"\u003e= 3.0.0.0, \u003c 3.0.4.1"},{"first_patched_version":"2.2.6.1","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.6.1"},{"first_patched_version":"2.1.4.2","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.4.2"},{"first_patched_version":"2.0.9.2","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.9.2"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9.1","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4.1","2.2.0","2.2.1","2.2.2","2.2.3","2.2.3.1","2.2.4","2.2.5","3.0.0","3.0.0.beta1","3.0.0.rc1","3.0.1","3.0.2","3.0.3"],"unaffected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.0.beta","1.3.0.beta2","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.3.10","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.5.0.beta.1","1.5.0.beta.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.9","2.0.9.2","2.0.9.3","2.0.9.4","2.1.4","2.1.4.2","2.1.4.3","2.1.4.4","2.2.6","2.2.6.1","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt","url":"https://github.com/advisories/GHSA-65f5-mfpf-vfhj","title":"Denial of service via header parsing in Rack","description":"There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570.\n\nVersions Affected: \u003e= 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.0.1\nImpact\n\nCarefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.0 series\n    2-1-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.1 series\n    2-2-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.2 series\n    3-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 3.0 series","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-01-18T18:19:33.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/releases/tag/v3.0.4.1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml","https://nvd.nist.gov/vuln/detail/CVE-2022-44570","https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125","https://www.debian.org/security/2023/dsa-5530","https://security.netapp.com/advisory/ntap-20231208-0010","https://github.com/advisories/GHSA-65f5-mfpf-vfhj"],"source_kind":"github","identifiers":["GHSA-65f5-mfpf-vfhj","CVE-2022-44570"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-01-18T19:03:22.116Z","updated_at":"2026-04-06T23:08:02.664Z","epss_percentage":0.03289,"epss_percentile":0.87085,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.4.1","vulnerable_version_range":"\u003e= 3.0.0.0, \u003c 3.0.4.1"},{"first_patched_version":"2.2.6.2","vulnerable_version_range":"\u003e= 2.2.0.0, \u003c 2.2.6.2"},{"first_patched_version":"2.1.4.2","vulnerable_version_range":"\u003e= 2.1.0.0, \u003c 2.1.4.2"},{"first_patched_version":"2.0.9.2","vulnerable_version_range":"\u003e= 1.5.0, \u003c 2.0.9.2"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9.1","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4.1","2.2.0","2.2.1","2.2.2","2.2.3","2.2.3.1","2.2.4","2.2.5","2.2.6.1","3.0.0","3.0.0.beta1","3.0.0.rc1","3.0.1","3.0.2","3.0.3"],"unaffected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.0.beta","1.3.0.beta2","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.3.10","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0.beta.1","1.5.0.beta.2","2.0.9","2.0.9.2","2.0.9.3","2.0.9.4","2.1.4","2.1.4.2","2.1.4.3","2.1.4.4","2.2.6","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs","url":"https://github.com/advisories/GHSA-rqv2-275x-2jq5","title":"Denial of service via multipart parsing in Rack","description":"There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572.\n\nVersions Affected: \u003e= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1\nImpact\n\nCarefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Forbid-control-characters-in-attributes.patch - Patch for 2.0 series\n    2-1-Forbid-control-characters-in-attributes.patch - Patch for 2.1 series\n    2-2-Forbid-control-characters-in-attributes.patch - Patch for 2.2 series\n    3-0-Forbid-control-characters-in-attributes.patch - Patch for 3.0 series\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-01-18T18:19:21.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/releases/tag/v3.0.4.1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml","https://nvd.nist.gov/vuln/detail/CVE-2022-44572","https://hackerone.com/reports/1639882","https://www.debian.org/security/2023/dsa-5530","https://github.com/advisories/GHSA-rqv2-275x-2jq5"],"source_kind":"github","identifiers":["GHSA-rqv2-275x-2jq5","CVE-2022-44572"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-01-18T19:03:22.126Z","updated_at":"2026-04-05T20:07:25.903Z","epss_percentage":0.00262,"epss_percentile":0.49513,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.4.1","vulnerable_version_range":"\u003e= 3.0.0.0, \u003c 3.0.4.1"},{"first_patched_version":"2.2.6.1","vulnerable_version_range":"\u003e= 2.2.0.0, \u003c 2.2.6.1"},{"first_patched_version":"2.1.4.2","vulnerable_version_range":"\u003e= 2.1.0.0, \u003c 2.1.4.2"},{"first_patched_version":"2.0.9.2","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.9.2"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW","url":"https://github.com/advisories/GHSA-hxqx-xwvh-44m2","title":"Denial of Service Vulnerability in Rack Multipart Parsing","description":"There is a possible denial of service vulnerability in the multipart parsing component of Rack.  This vulnerability has been assigned the CVE identifier CVE-2022-30122.\n\nVersions Affected:  \u003e= 1.2\nNot affected:       \u003c 1.2\nFixed Versions:     2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability.\n\nImpacted code will use Rack's multipart parser to parse multipart posts.  This includes directly using the multipart parser like this:\n\n```\nparams = Rack::Multipart.parse_multipart(env)\n```\n\nBut it also includes reading POST data from a Rack request object like this:\n\n```\np request.POST # read POST data\np request.params # reads both query params and POST data\n```\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\nThere are no feasible workarounds for this issue.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-27T16:36:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml","https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk","https://nvd.nist.gov/vuln/detail/CVE-2022-30122","https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729","https://www.debian.org/security/2023/dsa-5530","https://security.gentoo.org/glsa/202310-18","https://security.netapp.com/advisory/ntap-20231208-0012/","https://github.com/advisories/GHSA-hxqx-xwvh-44m2"],"source_kind":"github","identifiers":["GHSA-hxqx-xwvh-44m2","CVE-2022-30122"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:12:22.209Z","updated_at":"2026-04-06T23:07:08.761Z","epss_percentage":0.00893,"epss_percentile":0.7551,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.3.1","vulnerable_version_range":"\u003e= 2.2, \u003c= 2.2.3.0"},{"first_patched_version":"2.1.4.1","vulnerable_version_range":"\u003e= 2.1, \u003c= 2.1.4.0"},{"first_patched_version":"2.0.9.1","vulnerable_version_range":"\u003e= 1.2, \u003c= 2.0.9.0"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.0.beta","1.3.0.beta2","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.3.10","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.5.0.beta.1","1.5.0.beta.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.1.0","2.1.1","2.1.2","2.1.3","2.2.0","2.2.1","2.2.2"],"unaffected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","2.0.9","2.0.9.1","2.0.9.2","2.0.9.3","2.0.9.4","2.1.4","2.1.4.1","2.1.4.2","2.1.4.3","2.1.4.4","2.2.3","2.2.3.1","2.2.4","2.2.5","2.2.6","2.2.6.1","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.0","3.0.0.beta1","3.0.0.rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV","url":"https://github.com/advisories/GHSA-wq4h-7r42-5hrr","title":"Possible shell escape sequence injection vulnerability in Rack","description":"There is a possible shell escape sequence injection vulnerability in the Lint\nand CommonLogger components of Rack.  This vulnerability has been assigned the\nCVE identifier CVE-2022-30123.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted requests can cause shell escape sequences to be written to\nthe terminal via Rack's Lint middleware and CommonLogger middleware.  These\nescape sequences can be leveraged to possibly execute commands in the victim's\nterminal.\n\nImpacted applications will have either of these middleware installed, and\nvulnerable apps may have something like this:\n\n```\nuse Rack::Lint\n```\n\nOr\n\n```\nuse Rack::CommonLogger\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nRemove these middleware from your application\n","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-27T16:36:51.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":10.0,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml","https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8","https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88","https://nvd.nist.gov/vuln/detail/CVE-2022-30123","https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728","https://www.debian.org/security/2023/dsa-5530","https://security.gentoo.org/glsa/202310-18","https://security.netapp.com/advisory/ntap-20231208-0011/","https://github.com/advisories/GHSA-wq4h-7r42-5hrr"],"source_kind":"github","identifiers":["GHSA-wq4h-7r42-5hrr","CVE-2022-30123"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:12:22.219Z","updated_at":"2026-04-06T23:08:57.934Z","epss_percentage":0.02128,"epss_percentile":0.84016,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.3.1","vulnerable_version_range":"\u003e= 2.2, \u003c= 2.2.3.0"},{"first_patched_version":"2.1.4.1","vulnerable_version_range":"\u003e= 2.1, \u003c= 2.1.4.0"},{"first_patched_version":"2.0.9.1","vulnerable_version_range":"\u003c= 2.0.9.0"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.0.beta","1.3.0.beta2","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.3.10","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.5.0.beta.1","1.5.0.beta.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.1.0","2.1.1","2.1.2","2.1.3","2.2.0","2.2.1","2.2.2"],"unaffected_versions":["2.0.9","2.0.9.1","2.0.9.2","2.0.9.3","2.0.9.4","2.1.4","2.1.4.1","2.1.4.2","2.1.4.3","2.1.4.4","2.2.3","2.2.3.1","2.2.4","2.2.5","2.2.6","2.2.6.1","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.0","3.0.0.beta1","3.0.0.rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J","url":"https://github.com/advisories/GHSA-v6j3-7jrw-hq2p","title":"Rack Gem Subject to Denial of Service via Hash Collisions","description":"Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T04:59:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-5036","https://gist.github.com/52bbc6b9cc19ce330829","http://www.debian.org/security/2013/dsa-2783","http://www.kb.cert.org/vuls/id/903934","http://www.ocert.org/advisories/ocert-2011-003.html","https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml","https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html","http://www.nruns.com/_downloads/advisory28122011.pdf","https://github.com/advisories/GHSA-v6j3-7jrw-hq2p"],"source_kind":"github","identifiers":["GHSA-v6j3-7jrw-hq2p","CVE-2011-5036"],"repository_url":null,"blast_radius":1.0,"created_at":"2023-03-27T17:03:16.616Z","updated_at":"2026-04-05T20:08:18.424Z","epss_percentage":0.01278,"epss_percentile":0.79508,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J","packages":[{"ecosystem":"maven","package_name":"org.jruby:jruby-parent","versions":[{"first_patched_version":"1.6.5.1","vulnerable_version_range":"\u003c 1.6.5.1"}],"purl":null},{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.3.6","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.6"},{"first_patched_version":"1.2.5","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.5"},{"first_patched_version":"1.1.3","vulnerable_version_range":"\u003c 1.1.3"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14Yzg1LTMybWYteHB2OM3iYQ","url":"https://github.com/advisories/GHSA-xc85-32mf-xpv8","title":"Rack arbitrary code execution via timing attack","description":"Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-05T02:48:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0263","https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07","https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11","https://bugzilla.redhat.com/show_bug.cgi?id=909071","https://gist.github.com/codahale/f9f3781f7b54985bee94","https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J","https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ","https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ","https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","http://rhn.redhat.com/errata/RHSA-2013-0686.html","http://www.debian.org/security/2013/dsa-2783","https://github.com/advisories/GHSA-xc85-32mf-xpv8"],"source_kind":"github","identifiers":["GHSA-xc85-32mf-xpv8","CVE-2013-0263"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:12:18.658Z","updated_at":"2026-04-06T23:08:50.905Z","epss_percentage":0.08626,"epss_percentile":0.92383,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Yzg1LTMybWYteHB2OM3iYQ","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14Yzg1LTMybWYteHB2OM3iYQ","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.1.6","vulnerable_version_range":"\u003e= 1.1.0, \u003c 1.1.6"},{"first_patched_version":"1.2.8","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.8"},{"first_patched_version":"1.3.10","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.10"},{"first_patched_version":"1.4.5","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.5"},{"first_patched_version":"1.5.2","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.2"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.1.5","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.5.0","1.5.1"],"unaffected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.6","1.2.8","1.3.0.beta","1.3.0.beta2","1.3.10","1.4.5","1.4.6","1.4.7","1.5.0.beta.1","1.5.0.beta.2","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.0.9.1","2.0.9.2","2.0.9.3","2.0.9.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.4.1","2.1.4.2","2.1.4.3","2.1.4.4","2.2.0","2.2.1","2.2.2","2.2.3","2.2.3.1","2.2.4","2.2.5","2.2.6","2.2.6.1","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.0","3.0.0.beta1","3.0.0.rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Yzg1LTMybWYteHB2OM3iYQ/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw","url":"https://github.com/advisories/GHSA-v882-ccj6-jc48","title":"Rack vulnerable to Denial of Service","description":"Unspecified vulnerability in `Rack::Auth::AbstractRequest` in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-05T02:48:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0184","https://bugzilla.redhat.com/show_bug.cgi?id=895384","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","http://rhn.redhat.com/errata/RHSA-2013-0544.html","http://rhn.redhat.com/errata/RHSA-2013-0548.html","http://www.debian.org/security/2013/dsa-2783","https://access.redhat.com/errata/RHSA-2013:0544","https://access.redhat.com/errata/RHSA-2013:0548","https://access.redhat.com/security/cve/CVE-2013-0184","https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d","https://github.com/advisories/GHSA-v882-ccj6-jc48"],"source_kind":"github","identifiers":["GHSA-v882-ccj6-jc48","CVE-2013-0184"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-03-08T21:03:15.881Z","updated_at":"2026-04-06T23:07:52.117Z","epss_percentage":0.00677,"epss_percentile":0.70745,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.4","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.4"},{"first_patched_version":"1.3.9","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.9"},{"first_patched_version":"1.2.7","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.7"},{"first_patched_version":"1.1.5","vulnerable_version_range":"\u003e= 1.1.0, \u003c 1.1.5"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.4.0","1.4.1","1.4.2","1.4.3"],"unaffected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.5","1.1.6","1.2.7","1.2.8","1.3.0.beta","1.3.0.beta2","1.3.9","1.3.10","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.5.0.beta.1","1.5.0.beta.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.0.9.1","2.0.9.2","2.0.9.3","2.0.9.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.4.1","2.1.4.2","2.1.4.3","2.1.4.4","2.2.0","2.2.1","2.2.2","2.2.3","2.2.3.1","2.2.4","2.2.5","2.2.6","2.2.6.1","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.0","3.0.0.beta1","3.0.0.rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3","url":"https://github.com/advisories/GHSA-5f9h-9pjv-v6j7","title":"Directory traversal in Rack::Directory app bundled with Rack","description":"A directory traversal vulnerability exists in rack \u003c 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-07-06T21:31:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.6,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-8161","https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA","https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://usn.ubuntu.com/4561-1/","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://github.com/advisories/GHSA-5f9h-9pjv-v6j7"],"source_kind":"github","identifiers":["GHSA-5f9h-9pjv-v6j7","CVE-2020-8161"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:23.741Z","updated_at":"2026-04-05T20:08:16.783Z","epss_percentage":0.00907,"epss_percentile":0.755,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.1.3","vulnerable_version_range":"\u003c 2.1.3"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy","url":"https://github.com/advisories/GHSA-j6w9-fv6q-3q52","title":"Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names","description":"A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it possible for an attacker to forge a secure or host-only cookie prefix.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-06-24T17:15:00.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-8184","https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c","https://hackerone.com/reports/895727","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml","https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://usn.ubuntu.com/4561-1/","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://github.com/advisories/GHSA-j6w9-fv6q-3q52"],"source_kind":"github","identifiers":["GHSA-j6w9-fv6q-3q52","CVE-2020-8184"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:23.946Z","updated_at":"2026-04-05T20:08:16.784Z","epss_percentage":0.01162,"epss_percentile":0.78517,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.3","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.3"},{"first_patched_version":"2.1.4","vulnerable_version_range":"\u003c 2.1.4"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz","url":"https://github.com/advisories/GHSA-hrqr-hxpp-chr3","title":"Possible Information Leak / Session Hijack Vulnerability in Rack","description":"There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\nThe session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.\n\n### Impact\n\nThe session id stored in a cookie is the same id that is used when querying the backing session storage engine.  Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id.  By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.\n\n## Releases\n\nThe 1.6.12 and 2.0.8 releases are available at the normal locations.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### Patches\n\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 1-6-session-timing-attack.patch - Patch for 1.6 series\n* 2-0-session-timing-attack.patch - Patch for 2.6 series\n\n### Credits\n\nThanks Will Leinweber for reporting this!","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2019-12-18T19:01:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3","https://nvd.nist.gov/vuln/detail/CVE-2019-16782","https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38","http://www.openwall.com/lists/oss-security/2019/12/18/2","http://www.openwall.com/lists/oss-security/2019/12/18/3","http://www.openwall.com/lists/oss-security/2019/12/19/3","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html","http://www.openwall.com/lists/oss-security/2020/04/08/1","http://www.openwall.com/lists/oss-security/2020/04/09/2","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","https://github.com/advisories/GHSA-hrqr-hxpp-chr3"],"source_kind":"github","identifiers":["GHSA-hrqr-hxpp-chr3","CVE-2019-16782"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:26.790Z","updated_at":"2026-04-06T23:10:31.770Z","epss_percentage":0.01251,"epss_percentile":0.79254,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.0.8","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.8"},{"first_patched_version":"1.6.12","vulnerable_version_range":"\u003c 1.6.12"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.0.beta","1.3.0.beta2","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.3.10","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.5.0","1.5.0.beta.1","1.5.0.beta.2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.6.0","1.6.0.beta","1.6.0.beta2","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7"],"unaffected_versions":["1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.8","2.0.9","2.0.9.1","2.0.9.2","2.0.9.3","2.0.9.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.4.1","2.1.4.2","2.1.4.3","2.1.4.4","2.2.0","2.2.1","2.2.2","2.2.3","2.2.3.1","2.2.4","2.2.5","2.2.6","2.2.6.1","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.0","3.0.0.beta1","3.0.0.rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn","url":"https://github.com/advisories/GHSA-5r2p-j47h-mhpg","title":"Rack vulnerable to Cross-site Scripting","description":"There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-11-15T15:59:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-16471","https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag","https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html","https://usn.ubuntu.com/4089-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o","https://github.com/advisories/GHSA-5r2p-j47h-mhpg"],"source_kind":"github","identifiers":["GHSA-5r2p-j47h-mhpg","CVE-2018-16471"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:13:33.597Z","updated_at":"2026-04-05T20:08:16.782Z","epss_percentage":0.00299,"epss_percentile":0.53106,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.6.11","vulnerable_version_range":"\u003c 1.6.11"},{"first_patched_version":"2.0.6","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.6"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx","url":"https://github.com/advisories/GHSA-hg78-4f6x-99wq","title":"Rack vulnerable to Denial of Service","description":"There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-11-15T15:58:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-16470","https://access.redhat.com/errata/RHSA-2019:3172","https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk","https://github.com/advisories/GHSA-hg78-4f6x-99wq"],"source_kind":"github","identifiers":["GHSA-hg78-4f6x-99wq","CVE-2018-16470"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:13:33.588Z","updated_at":"2026-04-05T20:08:16.782Z","epss_percentage":0.00177,"epss_percentile":0.39006,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.0.6","vulnerable_version_range":"\u003e= 2.0.4, \u003c 2.0.6"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2YzItcDM0eC1qaHho","url":"https://github.com/advisories/GHSA-9vc2-p34x-jhxh","title":"Moderate severity vulnerability that affects rack","description":"Withdrawn, accidental duplicate publish.\r\n\r\nlib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-09-17T21:56:30.000Z","withdrawn_at":"2020-06-16T21:29:41.000Z","classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2015-3225","https://github.com/advisories/GHSA-9vc2-p34x-jhxh"],"source_kind":"github","identifiers":["GHSA-9vc2-p34x-jhxh"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:13:36.155Z","updated_at":"2026-04-06T23:10:41.335Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2YzItcDM0eC1qaHho","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2YzItcDM0eC1qaHho","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.6.2","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.2"},{"first_patched_version":"1.5.4","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.4"},{"first_patched_version":"1.4.6","vulnerable_version_range":"\u003c 1.4.6"}],"purl":"pkg:gem/rack","statistics":{"dependent_packages_count":3634,"dependent_repos_count":1043594,"downloads":1253001835,"downloads_period":"total"},"affected_versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.9.0","0.9.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.1.pre","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.0.beta","1.3.0.beta2","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.3.10","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.5.0","1.5.1","1.5.2","1.5.3","1.6.0","1.6.1"],"unaffected_versions":["1.4.6","1.4.7","1.5.0.beta.1","1.5.0.beta.2","1.5.4","1.5.5","1.6.0.beta","1.6.0.beta2","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.6.10","1.6.11","1.6.12","1.6.13","2.0.0.alpha","2.0.0.rc1","2.0.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.0.9.1","2.0.9.2","2.0.9.3","2.0.9.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.1.4.1","2.1.4.2","2.1.4.3","2.1.4.4","2.2.0","2.2.1","2.2.2","2.2.3","2.2.3.1","2.2.4","2.2.5","2.2.6","2.2.6.1","2.2.6.2","2.2.6.3","2.2.6.4","2.2.7","2.2.8","2.2.8.1","2.2.9","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.15","2.2.16","2.2.17","2.2.18","2.2.19","2.2.20","2.2.21","2.2.22","2.2.23","3.0.0","3.0.0.beta1","3.0.0.rc1","3.0.1","3.0.2","3.0.3","3.0.4","3.0.4.1","3.0.4.2","3.0.5","3.0.6","3.0.6.1","3.0.7","3.0.8","3.0.9","3.0.9.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.7","3.1.8","3.1.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.14","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.2.0","3.2.1","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2YzItcDM0eC1qaHho/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5","url":"https://github.com/advisories/GHSA-85r7-w5mv-c849","title":"Rack Vulnerable to Path Traversal","description":"`rack/file.rb` (`Rack::File`) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted `PATH_INFO` environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0262","https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30","https://bugzilla.redhat.com/show_bug.cgi?id=909071","https://bugzilla.redhat.com/show_bug.cgi?id=909072","https://gist.github.com/rentzsch/4736940","https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56","https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml","https://github.com/advisories/GHSA-85r7-w5mv-c849"],"source_kind":"github","identifiers":["GHSA-85r7-w5mv-c849","CVE-2013-0262"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:38.320Z","updated_at":"2026-04-05T20:08:16.799Z","epss_percentage":0.01256,"epss_percentile":0.79298,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.5","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.5"},{"first_patched_version":"1.5.2","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.2"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3","url":"https://github.com/advisories/GHSA-3pxh-h8hw-mj8w","title":"Rack rubygems receiving excessively long lines triggers out-of-memory error","description":"multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0183","https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff","https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18","https://bugzilla.redhat.com/show_bug.cgi?id=895282","https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI","https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","http://rack.github.com/","http://www.debian.org/security/2013/dsa-2783","https://access.redhat.com/errata/RHSA-2013:0544","https://access.redhat.com/security/cve/CVE-2013-0183","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml","https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI","https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs","http://rhn.redhat.com/errata/RHSA-2013-0544.html","http://rhn.redhat.com/errata/RHSA-2013-0548.html","https://github.com/advisories/GHSA-3pxh-h8hw-mj8w"],"source_kind":"github","identifiers":["GHSA-3pxh-h8hw-mj8w","CVE-2013-0183"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:38.291Z","updated_at":"2026-04-05T20:08:16.781Z","epss_percentage":0.01824,"epss_percentile":0.82508,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.3","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.3"},{"first_patched_version":"1.3.8","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.8"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo","url":"https://github.com/advisories/GHSA-h77x-m5q8-c29h","title":"Rack vulnerable to REDoS","description":"`lib/rack/multipart.rb` in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2012-6109","https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5","https://bugzilla.redhat.com/show_bug.cgi?id=895277","https://github.com/rack/rack/blob/master/README.rdoc","https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","https://access.redhat.com/errata/RHSA-2013:0544","https://access.redhat.com/security/cve/CVE-2012-6109","https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","https://rhn.redhat.com/errata/RHSA-2013-0544.html","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml","https://github.com/advisories/GHSA-h77x-m5q8-c29h"],"source_kind":"github","identifiers":["GHSA-h77x-m5q8-c29h","CVE-2012-6109"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:38.224Z","updated_at":"2026-04-05T20:08:16.800Z","epss_percentage":0.00828,"epss_percentile":0.73773,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.2","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.2"},{"first_patched_version":"1.3.7","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.7"},{"first_patched_version":"1.2.6","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.6"},{"first_patched_version":"1.1.4","vulnerable_version_range":"\u003c 1.1.4"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2","url":"https://github.com/advisories/GHSA-rgr4-9jh5-j4j6","title":"Rack vulnerable to Denial of Service via large parameter depth request","description":"lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2015-3225","https://github.com/rack/rack/blob/master/HISTORY.md","http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html","http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html","http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html","http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html","http://openwall.com/lists/oss-security/2015/06/16/14","http://rhn.redhat.com/errata/RHSA-2015-2290.html","http://www.debian.org/security/2015/dsa-3322","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc","https://github.com/advisories/GHSA-rgr4-9jh5-j4j6"],"source_kind":"github","identifiers":["GHSA-rgr4-9jh5-j4j6","CVE-2015-3225"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:39.106Z","updated_at":"2026-04-05T20:08:16.783Z","epss_percentage":0.10456,"epss_percentile":0.93196,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.6","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.6"},{"first_patched_version":"1.5.4","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.4"},{"first_patched_version":"1.6.2","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.2"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/rubygems/rack","docker_dependents_count":2618,"docker_downloads_count":1346686159,"usage_url":"https://repos.ecosyste.ms/usage/rubygems/rack","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/rubygems/rack/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2026-04-27T13:01:02.042Z","issues_count":153,"pull_requests_count":438,"avg_time_to_close_issue":10204153.094017094,"avg_time_to_close_pull_request":2705444.791773779,"issues_closed_count":117,"pull_requests_closed_count":389,"pull_request_authors_count":104,"issue_authors_count":115,"avg_comments_per_issue":5.209150326797386,"avg_comments_per_pull_request":2.8036529680365296,"merged_pull_requests_count":328,"bot_issues_count":0,"bot_pull_requests_count":7,"past_year_issues_count":37,"past_year_pull_requests_count":81,"past_year_avg_time_to_close_issue":649387.6666666666,"past_year_avg_time_to_close_pull_request":700159.1578947369,"past_year_issues_closed_count":21,"past_year_pull_requests_closed_count":57,"past_year_pull_request_authors_count":34,"past_year_issue_authors_count":33,"past_year_avg_comments_per_issue":2.972972972972973,"past_year_avg_comments_per_pull_request":2.2839506172839505,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":3,"past_year_merged_pull_requests_count":52,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/issues","maintainers":[{"login":"ioquatix","count":152,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ioquatix"},{"login":"tenderlove","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tenderlove"},{"login":"jhawthorn","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhawthorn"},{"login":"raggi","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/raggi"}],"active_maintainers":[{"login":"ioquatix","count":16,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ioquatix"},{"login":"jhawthorn","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhawthorn"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/packages/rack/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/packages/rack/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/packages/rack/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/packages/rack/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/packages/rack/codemeta","maintainers":[{"uuid":"207","login":"tenderlove","name":null,"email":null,"url":null,"packages_count":190,"html_url":"https://gem.coop/profiles/tenderlove","role":null,"created_at":"2025-10-07T18:37:41.132Z","updated_at":"2025-10-07T18:37:41.132Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/maintainers/tenderlove/packages"},{"uuid":"47349","login":"rafaelfranca","name":null,"email":null,"url":null,"packages_count":107,"html_url":"https://gem.coop/profiles/rafaelfranca","role":null,"created_at":"2025-10-07T18:37:41.224Z","updated_at":"2025-10-07T18:37:41.224Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/maintainers/rafaelfranca/packages"},{"uuid":"96878","login":"eileencodes","name":null,"email":null,"url":null,"packages_count":54,"html_url":"https://gem.coop/profiles/eileencodes","role":null,"created_at":"2025-10-07T18:37:41.173Z","updated_at":"2025-10-07T18:37:41.173Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/maintainers/eileencodes/packages"},{"uuid":"44200","login":"ioquatix","name":null,"email":null,"url":null,"packages_count":252,"html_url":"https://gem.coop/profiles/ioquatix","role":null,"created_at":"2025-10-07T18:37:41.270Z","updated_at":"2025-10-07T18:37:41.270Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/maintainers/ioquatix/packages"},{"uuid":"264","login":"raggi","name":null,"email":null,"url":null,"packages_count":25,"html_url":"https://gem.coop/profiles/raggi","role":null,"created_at":"2025-10-07T18:37:41.092Z","updated_at":"2025-10-07T18:37:41.092Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/maintainers/raggi/packages"},{"uuid":"31711","login":"chneukirchen","name":null,"email":null,"url":null,"packages_count":4,"html_url":"https://gem.coop/profiles/chneukirchen","role":null,"created_at":"2025-10-07T18:37:41.053Z","updated_at":"2025-10-07T18:37:41.053Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/maintainers/chneukirchen/packages"}],"registry":{"name":"gem.coop","url":"https://gem.coop","ecosystem":"rubygems","default":false,"packages_count":190420,"maintainers_count":67490,"namespaces_count":0,"keywords_count":0,"github":"gem-coop","metadata":{"funded_packages_count":6507},"icon_url":"https://github.com/gem-coop.png","created_at":"2025-10-06T17:24:20.932Z","updated_at":"2026-04-03T06:45:05.763Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/gem.coop/namespaces"}},{"id":279331,"name":"rack","ecosystem":"rubygems","description":"Rack provides a minimal, modular and adaptable interface for developing\nweb applications in Ruby. By wrapping HTTP requests and responses in\nthe simplest way possible, it unifies and distills the API for web\nservers, web frameworks, and software in between (the so-called\nmiddleware) into a single method call.\n","homepage":"https://github.com/rack/rack","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/rack/rack","keywords_array":[],"namespace":null,"versions_count":178,"first_release_published_at":"2009-07-25T18:02:13.000Z","latest_release_published_at":"2026-04-01T06:36:49.542Z","latest_release_number":"3.2.6","last_synced_at":"2026-04-30T21:11:36.922Z","created_at":"2022-04-06T07:59:21.301Z","updated_at":"2026-04-30T21:12:22.802Z","registry_url":"https://rubygems.org/gems/rack","install_command":"gem install rack -s https://rubygems.org","documentation_url":"http://www.rubydoc.info/gems/rack/","metadata":{"funding":null},"repo_metadata":{"id":471102,"uuid":"96071","full_name":"rack/rack","owner":"rack","description":"A modular Ruby web server interface.","archived":false,"fork":false,"pushed_at":"2026-04-23T18:00:47.000Z","size":10731,"stargazers_count":5104,"open_issues_count":22,"forks_count":1671,"subscribers_count":152,"default_branch":"main","last_synced_at":"2026-04-24T17:21:59.391Z","etag":null,"topics":["rack","ruby","web"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rack.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2008-12-24T03:03:12.000Z","updated_at":"2026-04-24T11:15:31.000Z","dependencies_parsed_at":"2023-07-05T14:56:26.099Z","dependency_job_id":"6440b9dc-988a-4040-ae84-aebeb15e21c8","html_url":"https://github.com/rack/rack","commit_stats":{"total_commits":2694,"total_committers":544,"mean_commits":4.952205882352941,"dds":0.902746844840386,"last_synced_commit":"49d4ed033f9c6d0bdba7b2a181437589049dbf7f"},"previous_names":[],"tags_count":175,"template":false,"template_full_name":null,"purl":"pkg:github/rack/rack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","download_url":"https://codeload.github.com/rack/rack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/sbom","scorecard":{"id":748637,"data":{"date":"2025-08-11","repo":{"name":"github.com/rack/rack","commit":"ee7ac5a1db5bc5c65e4b83342b8f4df88ef3c075"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":7.6,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/depsreview.yaml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/documentation.yaml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/test-external.yaml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yaml:6","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":10,"reason":"27 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 15/29 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depsreview.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/depsreview.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/depsreview.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/depsreview.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/documentation.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/documentation.yaml:92: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/documentation.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-external.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test-external.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-external.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test-external.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/rack/rack/test.yaml/main?enable=pin","Info:   0 out of   7 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: MIT-LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 504 Gateway Timeout body: \"{\\\"message\\\": \\\"We couldn't respond to your request in time. Sorry about that. Please try resubmitting your request and contact us if the problem persists.\\\"}\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T19:37:06.182Z","repository_id":471102,"created_at":"2025-08-22T19:37:06.182Z","updated_at":"2025-08-22T19:37:06.182Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32243803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T13:21:15.438Z","status":"ssl_error","status_checked_at":"2026-04-24T13:21:15.005Z","response_time":64,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"rack","name":"Official Rack repositories","uuid":"42379","kind":"organization","description":null,"email":null,"website":"http://rack.github.com","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/42379?v=4","repositories_count":10,"last_synced_at":"2024-03-25T19:32:49.958Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/rack","funding_links":[],"total_stars":12549,"followers":47,"following":0,"created_at":"2022-11-02T16:17:24.220Z","updated_at":"2024-03-25T19:32:56.784Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rack/repositories"},"tags":[{"name":"v3.2.6","sha":"e1f22fdbe99afd2126b6fbf05bb12399359574b7","kind":"tag","published_at":"2026-04-01T06:36:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.6","html_url":"https://github.com/rack/rack/releases/tag/v3.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.6/manifests"},{"name":"v3.1.21","sha":"ae8431120e66e92d1885ab8ec0a553d9cad5ec13","kind":"tag","published_at":"2026-04-01T06:35:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.21","html_url":"https://github.com/rack/rack/releases/tag/v3.1.21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.21/manifests"},{"name":"v2.2.23","sha":"f2af0c8f869193fa7bb7d20b619b3003418e1055","kind":"tag","published_at":"2026-04-01T06:34:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.23","html_url":"https://github.com/rack/rack/releases/tag/v2.2.23","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.23","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.23","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.23/manifests"},{"name":"v3.2.5","sha":"bb5f3555bd12b9065112353e829298b3b5623ceb","kind":"tag","published_at":"2026-02-16T03:41:47.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.5","html_url":"https://github.com/rack/rack/releases/tag/v3.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.5/manifests"},{"name":"v3.1.20","sha":"65044344e4780d80b409f9ba27df41b6307b5ff5","kind":"tag","published_at":"2026-02-16T03:40:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.20","html_url":"https://github.com/rack/rack/releases/tag/v3.1.20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.20/manifests"},{"name":"v2.2.22","sha":"0cc2e00b22dffc33955ef912569f01e515a406e1","kind":"tag","published_at":"2026-02-16T03:37:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.22","html_url":"https://github.com/rack/rack/releases/tag/v2.2.22","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.22","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.22","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.22/manifests"},{"name":"v3.2.4","sha":"4c24539777db8833d78f881680cd245878cfba31","kind":"tag","published_at":"2025-11-02T12:41:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.4","html_url":"https://github.com/rack/rack/releases/tag/v3.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.4/manifests"},{"name":"v3.1.19","sha":"b29df3156208326916cf60482eaec42574b65ff0","kind":"tag","published_at":"2025-11-02T12:28:58.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.19","html_url":"https://github.com/rack/rack/releases/tag/v3.1.19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.19/manifests"},{"name":"v2.2.21","sha":"851dc02672eca361a48e5a097818aa3cec1d3206","kind":"tag","published_at":"2025-11-02T12:18:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.21","html_url":"https://github.com/rack/rack/releases/tag/v2.2.21","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.21","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.21","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.21/manifests"},{"name":"v3.2.3","sha":"32bf8887d00bd86494f0ce08c46cda59a65d332f","kind":"tag","published_at":"2025-10-10T00:40:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.3","html_url":"https://github.com/rack/rack/releases/tag/v3.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.3/manifests"},{"name":"v3.1.18","sha":"96cf07879a084e4488d705ed093395e86bb554f5","kind":"tag","published_at":"2025-10-10T00:39:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.18","html_url":"https://github.com/rack/rack/releases/tag/v3.1.18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.18/manifests"},{"name":"v2.2.20","sha":"6ef591522bb44f80654ad1a80654ba46cafdc7c1","kind":"tag","published_at":"2025-10-10T00:36:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.20","html_url":"https://github.com/rack/rack/releases/tag/v2.2.20","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.20","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.20","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.20/manifests"},{"name":"v3.2.2","sha":"bce149b11154e851c437b5ece1c026c943f4b571","kind":"tag","published_at":"2025-10-07T01:55:07.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.2","html_url":"https://github.com/rack/rack/releases/tag/v3.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.2/manifests"},{"name":"v3.1.17","sha":"8d141b301dd1eeda363d87d61499fe21dd90f4a5","kind":"tag","published_at":"2025-10-07T01:52:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.17","html_url":"https://github.com/rack/rack/releases/tag/v3.1.17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.17/manifests"},{"name":"v2.2.19","sha":"4c4ea296fdfd115377912aa7dbcb55b83bf2888e","kind":"tag","published_at":"2025-10-07T01:50:11.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.19","html_url":"https://github.com/rack/rack/releases/tag/v2.2.19","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.19","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.19","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.19/manifests"},{"name":"v2.2.18","sha":"0f76d43c0d5624bd0d325df4f0a63f5e1faa7254","kind":"tag","published_at":"2025-09-25T09:01:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.18","html_url":"https://github.com/rack/rack/releases/tag/v2.2.18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.18/manifests"},{"name":"v3.2.1","sha":"14c8731436785d7e79a4db0f3304769a26083182","kind":"tag","published_at":"2025-09-02T02:53:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.1","html_url":"https://github.com/rack/rack/releases/tag/v3.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.1/manifests"},{"name":"v3.2.0","sha":"b68251c03788ff39d4a4b25424df7360426e4afd","kind":"tag","published_at":"2025-07-30T22:28:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.2.0","html_url":"https://github.com/rack/rack/releases/tag/v3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.2.0/manifests"},{"name":"v3.1.16","sha":"df2f3f2804373acafc429ed9f0770847a9c6b226","kind":"tag","published_at":"2025-06-04T22:28:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.16","html_url":"https://github.com/rack/rack/releases/tag/v3.1.16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.16/manifests"},{"name":"v2.2.17","sha":"9163ac3f5fac795179f9935e2ba6533a0ca1cf82","kind":"tag","published_at":"2025-06-03T01:57:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.17","html_url":"https://github.com/rack/rack/releases/tag/v2.2.17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.17/manifests"},{"name":"v3.0.18","sha":"e95f187b11c5f342d2de00a38ce10bc7ad435409","kind":"tag","published_at":"2025-05-22T06:06:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.18","html_url":"https://github.com/rack/rack/releases/tag/v3.0.18","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.18","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.18","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.18/manifests"},{"name":"v2.2.16","sha":"2a32ecaaa8460a9af9963ee46ba04afbd1b47220","kind":"tag","published_at":"2025-05-22T05:33:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.16","html_url":"https://github.com/rack/rack/releases/tag/v2.2.16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.16/manifests"},{"name":"v3.1.15","sha":"835e15bf9e51846471e3da63ce474f6836ebd203","kind":"tag","published_at":"2025-05-18T02:39:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.15","html_url":"https://github.com/rack/rack/releases/tag/v3.1.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.15/manifests"},{"name":"v3.0.17","sha":"29094bd481b7849b1dd44423ac9ff22b225f52bf","kind":"tag","published_at":"2025-05-18T02:38:35.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.17","html_url":"https://github.com/rack/rack/releases/tag/v3.0.17","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.17","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.17","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.17/manifests"},{"name":"v2.2.15","sha":"d2b6af2062a4687f928491f801984b948a63ecbb","kind":"tag","published_at":"2025-05-18T02:37:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.15","html_url":"https://github.com/rack/rack/releases/tag/v2.2.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.15/manifests"},{"name":"v3.1.14","sha":"5440b2c8b006f1c2ef202c2bd60dd70924c9b1c1","kind":"tag","published_at":"2025-05-06T21:35:14.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.14","html_url":"https://github.com/rack/rack/releases/tag/v3.1.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.14/manifests"},{"name":"v3.0.16","sha":"5a1591960cbe28ed87e7fe5e00cbb7d6524f593b","kind":"tag","published_at":"2025-05-06T21:34:09.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.16","html_url":"https://github.com/rack/rack/releases/tag/v3.0.16","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.16","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.16","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.16/manifests"},{"name":"v2.2.14","sha":"d0dcf75706d72d7e874ee31934a97881c1a439ce","kind":"tag","published_at":"2025-05-06T21:33:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.14","html_url":"https://github.com/rack/rack/releases/tag/v2.2.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.14/manifests"},{"name":"v3.1.13","sha":"037953789da9cd49c4a3453ade6ede13619276e0","kind":"tag","published_at":"2025-04-13T12:27:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.13","html_url":"https://github.com/rack/rack/releases/tag/v3.1.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.13/manifests"},{"name":"v3.0.15","sha":"9413a87c2a88203ad06955aea29ede2d1f39526a","kind":"tag","published_at":"2025-04-13T12:19:23.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.15","html_url":"https://github.com/rack/rack/releases/tag/v3.0.15","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.15","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.15","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.15/manifests"},{"name":"v3.1.12","sha":"e8f47608668d507e0f231a932fa37c9ca551c0a5","kind":"tag","published_at":"2025-03-10T21:22:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.12","html_url":"https://github.com/rack/rack/releases/tag/v3.1.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.12/manifests"},{"name":"v3.0.14","sha":"340cd1f11f9d6c16c0c50bba2be0062aa661baf0","kind":"tag","published_at":"2025-03-10T21:20:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.14","html_url":"https://github.com/rack/rack/releases/tag/v3.0.14","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.14","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.14","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.14/manifests"},{"name":"v2.2.13","sha":"df6c47357f6c6bec2d585f45f417285d813d9b3a","kind":"tag","published_at":"2025-03-10T21:18:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.13","html_url":"https://github.com/rack/rack/releases/tag/v2.2.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.13/manifests"},{"name":"v2.2.12","sha":"78296637d7b35dcd357a64e8c76bd7f664c1cdbf","kind":"tag","published_at":"2025-03-04T05:45:05.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.12","html_url":"https://github.com/rack/rack/releases/tag/v2.2.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.12/manifests"},{"name":"v3.0.13","sha":"ef96f4aa2f6f670233eca3e9bc780809914dd93b","kind":"tag","published_at":"2025-03-04T05:37:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.13","html_url":"https://github.com/rack/rack/releases/tag/v3.0.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.13/manifests"},{"name":"v3.1.11","sha":"c827c3324827f3aefe73f0800d1a717c0c15537b","kind":"tag","published_at":"2025-03-04T05:36:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.11","html_url":"https://github.com/rack/rack/releases/tag/v3.1.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.11/manifests"},{"name":"v2.2.11","sha":"aa5a0f532aac7a57e4bc7e857eca1c38229f7b30","kind":"tag","published_at":"2025-02-12T03:54:10.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.11","html_url":"https://github.com/rack/rack/releases/tag/v2.2.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.11/manifests"},{"name":"v3.0.12","sha":"545951332eb66efb8e61ed51cb16c95443d85dc6","kind":"tag","published_at":"2025-02-12T03:32:58.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.12","html_url":"https://github.com/rack/rack/releases/tag/v3.0.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.12/manifests"},{"name":"v3.1.10","sha":"03494889c72513eee24a3fc715eb34869a7d4c88","kind":"tag","published_at":"2025-02-12T03:29:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.10","html_url":"https://github.com/rack/rack/releases/tag/v3.1.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.10/manifests"},{"name":"v3.1.9","sha":"e217a399eb116362710aac7c5b8dc691ea2189b3","kind":"tag","published_at":"2025-01-30T22:38:55.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.9","html_url":"https://github.com/rack/rack/releases/tag/v3.1.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.9/manifests"},{"name":"v3.1.8","sha":"0eabeb73b3fb590e187dacfd9a890fbb7ffb9477","kind":"tag","published_at":"2024-10-14T01:51:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.8","html_url":"https://github.com/rack/rack/releases/tag/v3.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.8/manifests"},{"name":"v2.2.10","sha":"14c9dec60bb4a1c5b848d829d5a0a6572b63293b","kind":"tag","published_at":"2024-10-14T01:47:19.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.10","html_url":"https://github.com/rack/rack/releases/tag/v2.2.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.10/manifests"},{"name":"v3.1.7","sha":"4bb2f723fa103de1351acd6a53d1889fd5578848","kind":"tag","published_at":"2024-07-11T01:45:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.7","html_url":"https://github.com/rack/rack/releases/tag/v3.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.7/manifests"},{"name":"v3.1.6","sha":"98aa9474180a09d722e7e1d8e75eb683be787b3c","kind":"tag","published_at":"2024-07-02T15:30:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.6","html_url":"https://github.com/rack/rack/releases/tag/v3.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.6/manifests"},{"name":"v3.1.5","sha":"3620bb1d140da996a95d941c64eda5dd7b54ed47","kind":"tag","published_at":"2024-07-02T06:41:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.5","html_url":"https://github.com/rack/rack/releases/tag/v3.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.5/manifests"},{"name":"v3.1.4","sha":"c108f08f23e9df8b2f741390a847cddb038e5f9a","kind":"tag","published_at":"2024-06-22T10:00:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.4","html_url":"https://github.com/rack/rack/releases/tag/v3.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.4/manifests"},{"name":"v3.1.3","sha":"e2020c155201e48dfcd87cd1d9cfa1b439fb66be","kind":"tag","published_at":"2024-06-12T07:24:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.3","html_url":"https://github.com/rack/rack/releases/tag/v3.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.3/manifests"},{"name":"v3.1.2","sha":"d43ab86513818c04dc27e89c6e426c12dfb05835","kind":"commit","published_at":"2024-06-11T20:38:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.2","html_url":"https://github.com/rack/rack/releases/tag/v3.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.2/manifests"},{"name":"v3.1.1","sha":"899a415498c591ece9dc28bcb78cd9e2b3ab776d","kind":"tag","published_at":"2024-06-11T20:02:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.1","html_url":"https://github.com/rack/rack/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"606365ba1353cbffdf94422c20166dc2e6d6286d","kind":"tag","published_at":"2024-06-11T05:49:54.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.1.0","html_url":"https://github.com/rack/rack/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.1.0/manifests"},{"name":"v2.2.9","sha":"b1deebdc0a4f61cc141cece5a911917ff1e4b901","kind":"tag","published_at":"2024-03-21T01:18:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.9","html_url":"https://github.com/rack/rack/releases/tag/v2.2.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.9/manifests"},{"name":"v3.0.10","sha":"d3c545e69d58e588622bcf9b1ab9f971b8a02112","kind":"tag","published_at":"2024-03-20T21:56:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.10","html_url":"https://github.com/rack/rack/releases/tag/v3.0.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.10/manifests"},{"name":"v3.0.9.1","sha":"a4bc5e0f41c750135969ceece8772ab112dc8f17","kind":"tag","published_at":"2024-02-21T19:23:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.9.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9.1/manifests"},{"name":"v2.2.8.1","sha":"e83001100ad9dd24e1744b13669dcb2736a13ebd","kind":"tag","published_at":"2024-02-21T19:22:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.8.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.8.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8.1/manifests"},{"name":"v2.1.4.4","sha":"c465c6389cc56ffdfa30718e490f31bcc2efbfc9","kind":"tag","published_at":"2024-02-21T19:21:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.4","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.1.4.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.4/manifests"},{"name":"v2.0.9.4","sha":"8eb8bc6c7c4d3dd912d169c850fe2695d1728555","kind":"tag","published_at":"2024-02-21T19:20:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.4","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.0.9.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.4/manifests"},{"name":"v3.0.9","sha":"0b3f997e7bb14c1dc42130e1eb50e62797d8c039","kind":"tag","published_at":"2024-01-31T07:51:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.9","html_url":"https://github.com/rack/rack/releases/tag/v3.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.9/manifests"},{"name":"v2.2.8","sha":"f169ff75b0a0b84c031960ffc5fcd0414eb64a2e","kind":"tag","published_at":"2023-07-31T02:43:28.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.8","html_url":"https://github.com/rack/rack/releases/tag/v2.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.8/manifests"},{"name":"v3.0.8","sha":"d28c464bcb55a9e26b9a9656e4ba484d327515ed","kind":"tag","published_at":"2023-06-14T02:01:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.8","html_url":"https://github.com/rack/rack/releases/tag/v3.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.8/manifests"},{"name":"v2.2.7","sha":"983b6e3b29a2048a86518c008fc46f4c86105683","kind":"tag","published_at":"2023-04-24T23:22:06.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.7","html_url":"https://github.com/rack/rack/releases/tag/v2.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.7/manifests"},{"name":"v3.0.7","sha":"2429b7ba38e402fc2e29405cab69395134020aed","kind":"tag","published_at":"2023-03-16T02:22:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.7","html_url":"https://github.com/rack/rack/releases/tag/v3.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.7/manifests"},{"name":"v2.2.6.4","sha":"27addc7f1ae290b6b84c1c351e5b6d75a05bb40b","kind":"tag","published_at":"2023-03-13T18:08:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.4","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.4/manifests"},{"name":"v3.0.6.1","sha":"098d8e12c1553411ee198d7890c1fd9f1e8cf979","kind":"tag","published_at":"2023-03-13T18:07:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.6.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6.1/manifests"},{"name":"v3.0.6","sha":"e9e9ae663d83f142d7666aee49622287828fa06f","kind":"tag","published_at":"2023-03-13T05:59:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.6","html_url":"https://github.com/rack/rack/releases/tag/v3.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.6/manifests"},{"name":"v3.0.5","sha":"9f8ba5e1fdf860338af7a65519278b32de00f516","kind":"tag","published_at":"2023-03-12T06:27:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.5","html_url":"https://github.com/rack/rack/releases/tag/v3.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.5/manifests"},{"name":"v3.0.4.2","sha":"5c18f306ef0d26917d490aa1f686dd68de738384","kind":"tag","published_at":"2023-03-02T22:56:37.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4.2","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.2/manifests"},{"name":"v2.2.6.3","sha":"d6b5b2bab88f458fb048133604faebea952d8133","kind":"tag","published_at":"2023-03-02T22:56:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.3","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.3/manifests"},{"name":"v2.1.4.3","sha":"7bdc55dd21ec76811ad74c1ae14c1588d2f2ca49","kind":"tag","published_at":"2023-03-02T22:55:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.3","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.1.4.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.3/manifests"},{"name":"v2.0.9.3","sha":"9996d403584fb7609708f582f7647868b4444949","kind":"tag","published_at":"2023-03-02T22:54:34.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.3","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.0.9.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.3/manifests"},{"name":"v3.0.4.1","sha":"d1b4c2d82ac5444228d30e66f38156f7046b4296","kind":"tag","published_at":"2023-01-17T21:27:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4.1/manifests"},{"name":"v2.1.4.2","sha":"8b8efd9591876cb6d40b3120388a8b9a0e083777","kind":"tag","published_at":"2023-01-17T21:26:49.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.1.4.2","html_url":"https://github.com/rack/rack/releases/tag/v2.1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.1.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.1.4.2/manifests"},{"name":"v2.0.9.2","sha":"d573159067d8dc64db97beff67621654754e86f2","kind":"tag","published_at":"2023-01-17T21:26:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.0.9.2","html_url":"https://github.com/rack/rack/releases/tag/v2.0.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.0.9.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.0.9.2/manifests"},{"name":"v2.2.6.2","sha":"2606ac5d5d180c00a8cbcaa4d634276bab06500e","kind":"tag","published_at":"2023-01-17T21:22:10.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.2","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.2/manifests"},{"name":"v2.2.6.1","sha":"20bc90c2431d7fabcd1873410543cf3d72f65004","kind":"tag","published_at":"2023-01-17T21:21:54.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6.1/manifests"},{"name":"v3.0.4","sha":"9a2f06e7c20ca89b9e12b305bbd21901bd106d1e","kind":"tag","published_at":"2023-01-16T22:40:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.4","html_url":"https://github.com/rack/rack/releases/tag/v3.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.4/manifests"},{"name":"v2.2.6","sha":"ea39e49442e0008bfce4ad628ce52a4be2a20b5b","kind":"tag","published_at":"2023-01-16T21:04:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.6","html_url":"https://github.com/rack/rack/releases/tag/v2.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.6/manifests"},{"name":"v3.0.3","sha":"081ae02a1e3fbd925c1dc85d6c4d91d09ca29514","kind":"tag","published_at":"2022-12-26T20:20:01.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.3","html_url":"https://github.com/rack/rack/releases/tag/v3.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.3/manifests"},{"name":"v2.2.5","sha":"8312a2fd6aee0950d7b2deb548aaf600cb871d80","kind":"tag","published_at":"2022-12-26T20:19:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.5","html_url":"https://github.com/rack/rack/releases/tag/v2.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.5/manifests"},{"name":"v3.0.2","sha":"dcbda319d807baab594820da58cf7bbf44702d1b","kind":"tag","published_at":"2022-12-05T05:12:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.2","html_url":"https://github.com/rack/rack/releases/tag/v3.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.2/manifests"},{"name":"v3.0.1","sha":"87984bf621be18c028a96f416bb222c68c8ae14c","kind":"tag","published_at":"2022-11-18T20:59:17.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v3.0.1","html_url":"https://github.com/rack/rack/releases/tag/v3.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v3.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v3.0.1/manifests"},{"name":"3.0.0","sha":"52901caf09ebcda879512a8605059963a49df55d","kind":"tag","published_at":"2022-09-06T16:28:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0","html_url":"https://github.com/rack/rack/releases/tag/3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@3.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0/manifests"},{"name":"3.0.0.rc1","sha":"12742a0610806acb769be67fd6c27fdc6c0ee593","kind":"tag","published_at":"2022-09-04T23:51:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0.rc1","html_url":"https://github.com/rack/rack/releases/tag/3.0.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@3.0.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.rc1/manifests"},{"name":"3.0.0.beta1","sha":"572a42a705b423ce98ef4e81435d4f60fb0ae53d","kind":"tag","published_at":"2022-08-08T20:34:36.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/3.0.0.beta1","html_url":"https://github.com/rack/rack/releases/tag/3.0.0.beta1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@3.0.0.beta1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/3.0.0.beta1/manifests"},{"name":"2.2.4","sha":"abca7d59c566320f1b60d1f5224beac9d201fa3b","kind":"tag","published_at":"2022-06-30T22:19:37.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.4","html_url":"https://github.com/rack/rack/releases/tag/2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.4/manifests"},{"name":"2.2.3.1","sha":"925a4a6599ab26b4f3455b525393fe155d443655","kind":"tag","published_at":"2022-05-27T15:30:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.3.1","html_url":"https://github.com/rack/rack/releases/tag/2.2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3.1/manifests"},{"name":"2.1.4.1","sha":"374f89aaa9ee5dc1de0802bfecce988cabfa3ead","kind":"tag","published_at":"2022-05-27T15:29:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.4.1","html_url":"https://github.com/rack/rack/releases/tag/2.1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4.1/manifests"},{"name":"2.0.9.1","sha":"f9cc7c2ae161820e36635734cff6e932d99e6aa8","kind":"tag","published_at":"2022-05-27T15:29:26.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.9.1","html_url":"https://github.com/rack/rack/releases/tag/2.0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9.1/manifests"},{"name":"2.1.4","sha":"52808700e0ade4225625c6729529e13a6b31cc2f","kind":"tag","published_at":"2020-06-15T22:23:25.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.4","html_url":"https://github.com/rack/rack/releases/tag/2.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.4/manifests"},{"name":"2.2.3","sha":"1741c580d71cfca8e541e96cc372305c8892ee74","kind":"tag","published_at":"2020-06-15T22:23:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.3","html_url":"https://github.com/rack/rack/releases/tag/2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.3/manifests"},{"name":"2.1.3","sha":"b9b8652334e833e32b5fb8627463632867b5d6a8","kind":"tag","published_at":"2020-05-12T21:43:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.3","html_url":"https://github.com/rack/rack/releases/tag/2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.3/manifests"},{"name":"v2.2.2","sha":"a5e80f01947954af76b14c1d1fdd8e79dd8337f3","kind":"tag","published_at":"2020-02-10T22:24:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.2","html_url":"https://github.com/rack/rack/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.2/manifests"},{"name":"v2.2.1","sha":"961d9761bcb2bee17c80bba8b7bc9e285086d6c4","kind":"tag","published_at":"2020-02-09T06:19:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/v2.2.1","html_url":"https://github.com/rack/rack/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@v2.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/v2.2.1/manifests"},{"name":"2.2.0","sha":"39d501a28c1fe51284addfe6dacffafb69d49849","kind":"tag","published_at":"2020-02-08T18:25:48.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.2.0","html_url":"https://github.com/rack/rack/releases/tag/2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.2.0/manifests"},{"name":"2.0.9","sha":"85684323f8f58409e717af91e446d257d496f8b8","kind":"tag","published_at":"2020-02-08T18:21:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.9","html_url":"https://github.com/rack/rack/releases/tag/2.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.9/manifests"},{"name":"1.6.13","sha":"47a1fd73fc77f094573f4215b0fc884f4ac1c03c","kind":"tag","published_at":"2020-02-08T18:19:31.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.13","html_url":"https://github.com/rack/rack/releases/tag/1.6.13","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.13","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.13","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.13/manifests"},{"name":"2.1.2","sha":"16a51d8e0b64964323c3719b8154106af5cc0feb","kind":"tag","published_at":"2020-01-27T22:42:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.2","html_url":"https://github.com/rack/rack/releases/tag/2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.2/manifests"},{"name":"2.1.1","sha":"799a520a015de5938bc01faa8e90b76589c6e7d3","kind":"tag","published_at":"2020-01-11T22:18:02.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.1","html_url":"https://github.com/rack/rack/releases/tag/2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.1/manifests"},{"name":"2.1.0","sha":"879ae7163a399a9ed36d876668f4ecae4ae8b9e4","kind":"tag","published_at":"2020-01-10T17:48:27.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.1.0","html_url":"https://github.com/rack/rack/releases/tag/2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.1.0/manifests"},{"name":"1.6.12","sha":"de902e48d1c971fe145002039121afb69e10af5a","kind":"tag","published_at":"2019-12-18T18:05:59.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.12","html_url":"https://github.com/rack/rack/releases/tag/1.6.12","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.12","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.12","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.12/manifests"},{"name":"2.0.8","sha":"e7ee459546d217f32afc83e0b168c5eb9f95d784","kind":"tag","published_at":"2019-12-18T18:05:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.8","html_url":"https://github.com/rack/rack/releases/tag/2.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.8/manifests"},{"name":"2.0.7","sha":"7fb95dbec28dc70f3cfbba0a684db0735d8ab2ca","kind":"tag","published_at":"2019-04-02T16:53:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.7","html_url":"https://github.com/rack/rack/releases/tag/2.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.7/manifests"},{"name":"1.6.11","sha":"2bef132505cb2f80c432e3f4526dfef969cd2e25","kind":"tag","published_at":"2018-11-05T19:57:47.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.11","html_url":"https://github.com/rack/rack/releases/tag/1.6.11","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.11","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.11/manifests"},{"name":"2.0.6","sha":"8376dd11e6526a53432ee59b7a5d092bda9fc901","kind":"tag","published_at":"2018-11-05T19:29:45.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.6","html_url":"https://github.com/rack/rack/releases/tag/2.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.6/manifests"},{"name":"1.6.10","sha":"fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77","kind":"commit","published_at":"2018-04-23T17:50:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.10","html_url":"https://github.com/rack/rack/releases/tag/1.6.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.10/manifests"},{"name":"2.0.5","sha":"decd97682ec4c6345fe359b6a1d3c51e5fbdce5b","kind":"commit","published_at":"2018-04-23T17:44:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.5","html_url":"https://github.com/rack/rack/releases/tag/2.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.5/manifests"},{"name":"1.6.9","sha":"617aac0fb89f25603afc2b6497fdc3333354aee5","kind":"tag","published_at":"2018-02-28T18:51:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.9","html_url":"https://github.com/rack/rack/releases/tag/1.6.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.9/manifests"},{"name":"2.0.4","sha":"0a95875745ec65e91a57460a41373ae4d3a94934","kind":"commit","published_at":"2018-01-31T18:16:21.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.4","html_url":"https://github.com/rack/rack/releases/tag/2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.4/manifests"},{"name":"1.6.8","sha":"90afdf309b4c0665f542579a21fbd1c285d05083","kind":"tag","published_at":"2017-05-16T21:28:21.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.8","html_url":"https://github.com/rack/rack/releases/tag/1.6.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.8/manifests"},{"name":"2.0.3","sha":"6a5f356cc12e5801843fbd95ecc603416c901cf3","kind":"commit","published_at":"2017-05-15T16:49:24.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.3","html_url":"https://github.com/rack/rack/releases/tag/2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.3/manifests"},{"name":"1.6.7","sha":"51e8891e4807495d972fcba9832c4fdb30d37b50","kind":"commit","published_at":"2017-05-15T16:45:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.7","html_url":"https://github.com/rack/rack/releases/tag/1.6.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.7/manifests"},{"name":"2.0.2","sha":"620766d061975a67f80fa5dc3887563c1563a64d","kind":"commit","published_at":"2017-05-08T17:03:56.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.2","html_url":"https://github.com/rack/rack/releases/tag/2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.2/manifests"},{"name":"1.6.6","sha":"2ed117a11a8ed0455260b10f6696d4d3919f7dc5","kind":"commit","published_at":"2017-05-08T17:02:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.6","html_url":"https://github.com/rack/rack/releases/tag/1.6.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.6/manifests"},{"name":"1.6.5","sha":"1886a60e9b96c2a4106fd89eb41dc817696c6369","kind":"commit","published_at":"2016-11-10T21:51:57.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.5","html_url":"https://github.com/rack/rack/releases/tag/1.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.5/manifests"},{"name":"2.0.1","sha":"25a549883b85fb33970b4a1530a365c0c9e51f95","kind":"tag","published_at":"2016-06-30T17:34:34.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.1","html_url":"https://github.com/rack/rack/releases/tag/2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.1/manifests"},{"name":"2.0.0","sha":"1a408687493175250408fe87c5046bf1adfa6386","kind":"tag","published_at":"2016-06-30T15:39:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0","html_url":"https://github.com/rack/rack/releases/tag/2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0/manifests"},{"name":"2.0.0.rc1","sha":"9073125f71afd615091f575d74ec468a0b1b79bf","kind":"commit","published_at":"2016-05-06T20:51:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0.rc1","html_url":"https://github.com/rack/rack/releases/tag/2.0.0.rc1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.0.rc1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.rc1/manifests"},{"name":"2.0.0.alpha","sha":"f4562619c3c669404e39d9b09924bed5a6b71c14","kind":"commit","published_at":"2015-12-17T21:28:44.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/2.0.0.alpha","html_url":"https://github.com/rack/rack/releases/tag/2.0.0.alpha","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@2.0.0.alpha","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.alpha","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/2.0.0.alpha/manifests"},{"name":"1.6.4","sha":"ee18520bd9894e68a5d2b26c82835c2e67a43a8b","kind":"commit","published_at":"2015-06-18T21:51:01.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.4","html_url":"https://github.com/rack/rack/releases/tag/1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.4/manifests"},{"name":"1.4.7","sha":"f5c09684fb93dbe76d7b9d0a0411d32ba5d66d04","kind":"commit","published_at":"2015-06-18T21:11:28.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.7","html_url":"https://github.com/rack/rack/releases/tag/1.4.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.7/manifests"},{"name":"1.5.5","sha":"e7e064611e1004ec62b593ec993a06d967d6c72e","kind":"commit","published_at":"2015-06-18T18:45:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.5","html_url":"https://github.com/rack/rack/releases/tag/1.5.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.5/manifests"},{"name":"1.6.3","sha":"134d6218d0881d87ae6a522e88eafbddb6cd1bb7","kind":"commit","published_at":"2015-06-18T18:40:38.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.3","html_url":"https://github.com/rack/rack/releases/tag/1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.3/manifests"},{"name":"1.4.6","sha":"e4f4df517b73ee4e7d365891f4ac2fb6a09a026c","kind":"commit","published_at":"2015-06-16T20:46:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.6","html_url":"https://github.com/rack/rack/releases/tag/1.4.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.6/manifests"},{"name":"1.5.4","sha":"90e627ab60d4df281206621a34271a9867a84fc7","kind":"commit","published_at":"2015-06-16T14:56:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.4","html_url":"https://github.com/rack/rack/releases/tag/1.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.4/manifests"},{"name":"1.6.2","sha":"90d7d2a8f7ab50cb80adcc05a7fcdd1dfa60f2ad","kind":"commit","published_at":"2015-06-12T18:40:36.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.2","html_url":"https://github.com/rack/rack/releases/tag/1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.2/manifests"},{"name":"1.5.3","sha":"14e139c4a87c2e1a94dd3e305d6f485a19719855","kind":"commit","published_at":"2015-05-06T18:42:46.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.3","html_url":"https://github.com/rack/rack/releases/tag/1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.3/manifests"},{"name":"1.6.1","sha":"08e62f29164505e50f3b3acc09e4c67a843e0172","kind":"commit","published_at":"2015-05-06T18:36:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.1","html_url":"https://github.com/rack/rack/releases/tag/1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.1/manifests"},{"name":"1.6.0","sha":"65a7104b6b3e9ecd8f33c63a478ab9a33a103507","kind":"tag","published_at":"2014-12-18T22:44:42.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0","html_url":"https://github.com/rack/rack/releases/tag/1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0/manifests"},{"name":"1.6.0.beta2","sha":"8cb9b65b4e7c7157aba0f5421e59c70411c919cf","kind":"tag","published_at":"2014-11-27T18:51:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0.beta2","html_url":"https://github.com/rack/rack/releases/tag/1.6.0.beta2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.0.beta2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta2/manifests"},{"name":"1.6.0.beta","sha":"e4e4c397e89c026f9c23500cf7fc14ccdb756010","kind":"tag","published_at":"2014-08-18T18:28:57.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.6.0.beta","html_url":"https://github.com/rack/rack/releases/tag/1.6.0.beta","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.6.0.beta","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.6.0.beta/manifests"},{"name":"1.5.2","sha":"ac590d055c936bb9a618e955a690dc836c625211","kind":"tag","published_at":"2013-02-08T03:13:52.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.2","html_url":"https://github.com/rack/rack/releases/tag/1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.2/manifests"},{"name":"1.4.5","sha":"9939d40a5e23dcb058751d1029b794aa2f551900","kind":"tag","published_at":"2013-02-08T03:12:48.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.5","html_url":"https://github.com/rack/rack/releases/tag/1.4.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.5/manifests"},{"name":"1.3.10","sha":"a176b537d9e083033819efbafac3271bbbde23fb","kind":"tag","published_at":"2013-02-08T03:10:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.10","html_url":"https://github.com/rack/rack/releases/tag/1.3.10","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.10","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.10/manifests"},{"name":"1.2.8","sha":"ba8c6c2b3a5d03675ce7efc0e2308225809a74b8","kind":"tag","published_at":"2013-02-08T03:09:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.8","html_url":"https://github.com/rack/rack/releases/tag/1.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.8/manifests"},{"name":"1.1.6","sha":"0232e227b1cf3e67fbb82b2198311fa8ca618fbd","kind":"tag","published_at":"2013-02-08T03:08:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.6","html_url":"https://github.com/rack/rack/releases/tag/1.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.6/manifests"},{"name":"1.5.1","sha":"42b11a7fb918127143ca570af9930b2e7ef7222c","kind":"tag","published_at":"2013-01-28T22:51:59.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.1","html_url":"https://github.com/rack/rack/releases/tag/1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.1/manifests"},{"name":"1.5.0","sha":"0cba6a4d5aeb1ac8768b6ca36320731487fb596b","kind":"tag","published_at":"2013-01-22T07:36:55.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.5.0","html_url":"https://github.com/rack/rack/releases/tag/1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.5.0/manifests"},{"name":"1.4.4","sha":"ffbdb982a731df7c5b166354a09a3d239f7b18c8","kind":"tag","published_at":"2013-01-13T22:07:32.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.4","html_url":"https://github.com/rack/rack/releases/tag/1.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.4/manifests"},{"name":"1.3.9","sha":"8ded2f72dce26a4f3e45ce810b8670e455c5ae9a","kind":"tag","published_at":"2013-01-13T22:06:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.9","html_url":"https://github.com/rack/rack/releases/tag/1.3.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.9/manifests"},{"name":"1.2.7","sha":"22ef9e18198eaa4cb7c6c38df296a2fa7c5d8581","kind":"tag","published_at":"2013-01-13T22:04:42.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.7","html_url":"https://github.com/rack/rack/releases/tag/1.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.7/manifests"},{"name":"1.1.5","sha":"966df947b0e826610409c63cdbff7ee325875393","kind":"tag","published_at":"2013-01-13T22:03:18.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.5","html_url":"https://github.com/rack/rack/releases/tag/1.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.5/manifests"},{"name":"1.4.3","sha":"55ea327306f9eb1fdc206e8f04c3c0e234591560","kind":"tag","published_at":"2013-01-07T18:49:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.3","html_url":"https://github.com/rack/rack/releases/tag/1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.3/manifests"},{"name":"1.3.8","sha":"231d1a9d482695c8e93ed043c39473228fb4406d","kind":"tag","published_at":"2013-01-07T18:48:30.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.8","html_url":"https://github.com/rack/rack/releases/tag/1.3.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.8/manifests"},{"name":"1.4.2","sha":"15c0365365a1719eb70c45a2a5a92b4afb610d5a","kind":"tag","published_at":"2013-01-07T02:42:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.2","html_url":"https://github.com/rack/rack/releases/tag/1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.2/manifests"},{"name":"1.3.7","sha":"d711ed8e997884be06d3e64372c04df2402ca469","kind":"tag","published_at":"2013-01-07T02:41:22.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.7","html_url":"https://github.com/rack/rack/releases/tag/1.3.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.7/manifests"},{"name":"1.2.6","sha":"14c61738615efab12804b693891088aa72b10616","kind":"tag","published_at":"2013-01-07T02:38:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.6","html_url":"https://github.com/rack/rack/releases/tag/1.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.6/manifests"},{"name":"1.1.4","sha":"87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4","kind":"tag","published_at":"2013-01-07T02:21:12.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.4","html_url":"https://github.com/rack/rack/releases/tag/1.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.4/manifests"},{"name":"test","sha":"87e39bae4fdd43bf3b98ea820c13fe8c451b1cc4","kind":"tag","published_at":"2013-01-07T02:13:13.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/test","html_url":"https://github.com/rack/rack/releases/tag/test","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@test","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/test","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/test/manifests"},{"name":"1.4.1","sha":"7d3c3fda71b2e5ad1f7d36c3c65b8413a2f3075b","kind":"tag","published_at":"2012-01-23T06:51:24.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.1","html_url":"https://github.com/rack/rack/releases/tag/1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.1/manifests"},{"name":"1.4.0","sha":"e932c585dd1c97e504697c41ce9a4d638275ae02","kind":"tag","published_at":"2011-12-28T02:56:20.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.4.0","html_url":"https://github.com/rack/rack/releases/tag/1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.4.0/manifests"},{"name":"1.3.6","sha":"341426fe1f1635f627fe6e18a09d09158351cb4a","kind":"tag","published_at":"2011-12-28T02:52:08.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.6","html_url":"https://github.com/rack/rack/releases/tag/1.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.6/manifests"},{"name":"1.2.5","sha":"e646792deb634132ceb9cd046df6b1b257ced099","kind":"tag","published_at":"2011-12-28T02:48:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.5","html_url":"https://github.com/rack/rack/releases/tag/1.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.5/manifests"},{"name":"1.1.3","sha":"44cbb9a570f0b31ad6b0d6ee6e0e405843b65385","kind":"tag","published_at":"2011-12-28T02:36:14.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.3","html_url":"https://github.com/rack/rack/releases/tag/1.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.3/manifests"},{"name":"1.3.5","sha":"d4f1d3583ea6938310b9215a60a1749ec4c88374","kind":"tag","published_at":"2011-10-18T05:33:43.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.5","html_url":"https://github.com/rack/rack/releases/tag/1.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.5/manifests"},{"name":"1.3.4","sha":"af62b15bb6649c392506f08721d177ffcd154ecc","kind":"tag","published_at":"2011-10-01T20:48:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.4","html_url":"https://github.com/rack/rack/releases/tag/1.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.4/manifests"},{"name":"1.3.3","sha":"698ec56418945e541d68af2cc81f56f35979859c","kind":"tag","published_at":"2011-09-17T00:03:03.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.3","html_url":"https://github.com/rack/rack/releases/tag/1.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.3/manifests"},{"name":"1.2.4","sha":"fccbe7ce4bb9409fdbb16e2e56828d9096695266","kind":"tag","published_at":"2011-09-17T00:02:39.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.4","html_url":"https://github.com/rack/rack/releases/tag/1.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.4/manifests"},{"name":"1.3.2","sha":"e804f5c5ae76626d6905010c8cad65e8847f220b","kind":"commit","published_at":"2011-07-16T21:45:19.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.2","html_url":"https://github.com/rack/rack/releases/tag/1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.2/manifests"},{"name":"1.3.1","sha":"f1d5fc34c54aeb9c936d5cb4951f6e47a496d735","kind":"commit","published_at":"2011-07-13T23:13:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.1","html_url":"https://github.com/rack/rack/releases/tag/1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.1/manifests"},{"name":"1.2.3","sha":"d2bc128f588942a5c2a724d815f180a05274d17e","kind":"tag","published_at":"2011-05-23T07:42:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.3","html_url":"https://github.com/rack/rack/releases/tag/1.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.3/manifests"},{"name":"1.3.0","sha":"a50dda57c1426b6b38ed06fa08cab154285c8057","kind":"tag","published_at":"2011-05-23T06:07:38.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0","html_url":"https://github.com/rack/rack/releases/tag/1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0/manifests"},{"name":"1.3.0.beta2","sha":"1e99b9bcc7e9519d32e028fb1f24d6ef3b34b597","kind":"commit","published_at":"2011-05-19T17:10:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0.beta2","html_url":"https://github.com/rack/rack/releases/tag/1.3.0.beta2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.0.beta2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta2/manifests"},{"name":"1.3.0.beta","sha":"18040b59dad3f2efe96d5b70b2260764fcda4784","kind":"commit","published_at":"2011-05-03T10:38:40.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.3.0.beta","html_url":"https://github.com/rack/rack/releases/tag/1.3.0.beta","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.3.0.beta","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.3.0.beta/manifests"},{"name":"1.1.2","sha":"470fdfd7f4f7c2f06a011423046cdca6983f71d7","kind":"tag","published_at":"2011-03-13T14:02:17.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1.2","html_url":"https://github.com/rack/rack/releases/tag/1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1.2/manifests"},{"name":"1.2.2","sha":"e226cc65aa493cf9826034002dae864306d52724","kind":"tag","published_at":"2011-03-13T13:34:16.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.2","html_url":"https://github.com/rack/rack/releases/tag/1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.2/manifests"},{"name":"1.2.1","sha":"dc6b54edca2b69a5653eed98c14a8d4d71b3f45c","kind":"tag","published_at":"2010-06-15T09:53:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2.1","html_url":"https://github.com/rack/rack/releases/tag/1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2.1/manifests"},{"name":"1.2","sha":"2ed515786322059f568c8a9df77a6e4b70f09225","kind":"tag","published_at":"2010-06-13T17:55:51.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.2","html_url":"https://github.com/rack/rack/releases/tag/1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.2/manifests"},{"name":"1.1","sha":"e6ebd831978adc3172ad487be18affab940f3d4d","kind":"tag","published_at":"2010-01-03T23:28:15.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.1","html_url":"https://github.com/rack/rack/releases/tag/1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.1/manifests"},{"name":"1.0.1","sha":"d0a2084e64f394068a80ea073e1910d7c3ffa44b","kind":"tag","published_at":"2009-10-18T19:45:33.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.0.1","html_url":"https://github.com/rack/rack/releases/tag/1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0.1/manifests"},{"name":"1.0","sha":"d221938a6401d956ac6cfdc892f9b1c11b1fa31a","kind":"tag","published_at":"2009-04-25T13:22:41.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/1.0","html_url":"https://github.com/rack/rack/releases/tag/1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/1.0/manifests"},{"name":"0.9.1","sha":"488d67988ddfb7e13ad2f58272ee04809612cafe","kind":"tag","published_at":"2009-01-09T16:37:50.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.9.1","html_url":"https://github.com/rack/rack/releases/tag/0.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9.1/manifests"},{"name":"0.9","sha":"a7229fd1bf2d4c5f77887a0d4925534163e842ec","kind":"tag","published_at":"2009-01-06T12:00:53.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.9","html_url":"https://github.com/rack/rack/releases/tag/0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.9/manifests"},{"name":"0.4","sha":"e33cc65a013952935c6bb70e24f359023c075e84","kind":"tag","published_at":"2008-08-21T10:27:04.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.4","html_url":"https://github.com/rack/rack/releases/tag/0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.4/manifests"},{"name":"0.3","sha":"dcb6081279c0728e13658773d38c842c4de785aa","kind":"tag","published_at":"2008-02-26T12:29:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.3","html_url":"https://github.com/rack/rack/releases/tag/0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.3/manifests"},{"name":"0.2","sha":"046be71448cb048a295a5221c8636d57b3c148f3","kind":"commit","published_at":"2007-05-16T15:01:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.2","html_url":"https://github.com/rack/rack/releases/tag/0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.2/manifests"},{"name":"0.1","sha":"bee7489d36600eb87a9da0a1bb899088feea78c9","kind":"commit","published_at":"2007-03-03T12:40:00.000Z","download_url":"https://codeload.github.com/rack/rack/tar.gz/0.1","html_url":"https://github.com/rack/rack/releases/tag/0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/rack/rack@0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/tags/0.1/manifests"}]},"repo_metadata_updated_at":"2026-04-30T21:12:22.802Z","dependent_packages_count":3634,"downloads":1267699285,"downloads_period":"total","dependent_repos_count":1043594,"rankings":{"downloads":0.006690380348122791,"dependent_repos_count":0.004460253565415194,"dependent_packages_count":0.01393829239192248,"stargazers_count":0.2754206576643882,"forks_count":0.1460733042673476,"docker_downloads_count":0.09812557843913426,"average":0.0907847444460551},"purl":"pkg:gem/rack","advisories":[{"uuid":"GSA_kwCzR0hTQS1nMnBmLXh2NDktbTJoNc4ABUpH","url":"https://github.com/advisories/GHSA-g2pf-xv49-m2h5","title":"Rack::Request accepts invalid Host characters, enabling host allowlist bypass","description":"## Summary\n\n`Rack::Request` parses the `Host` header using an `AUTHORITY` regular expression that accepts characters not permitted in RFC-compliant hostnames, including `/`, `?`, `#`, and `@`. Because `req.host` returns the full parsed value, applications that validate hosts using naive prefix or suffix checks can be bypassed.\n\nFor example, a check such as `req.host.start_with?(\"myapp.com\")` can be bypassed with `Host: myapp.com@evil.com`, and a check such as `req.host.end_with?(\"myapp.com\")` can be bypassed with `Host: evil.com/myapp.com`.\n\nThis can lead to host header poisoning in applications that use `req.host`, `req.url`, or `req.base_url` for link generation, redirects, or origin validation.\n\n## Details\n\n`Rack::Request` parses the authority component using logic equivalent to:\n\n```ruby\nAUTHORITY = /\n  \\A\n  (?\u003chost\u003e\n    \\[(?\u003caddress\u003e#{ipv6})\\]\n    |\n    (?\u003caddress\u003e[[[:graph:]\u0026\u0026[^\\[\\]]]]*?)\n  )\n  (:(?\u003cport\u003e\\d+))?\n  \\z\n/x\n```\n\nThe character class used for non-IPv6 hosts accepts nearly all printable characters except `[` and `]`. This includes reserved URI delimiters such as `@`, `/`, `?`, and `#`, which are not valid hostname characters under RFC 3986 host syntax.\n\nAs a result, values such as the following are accepted and returned through `req.host`:\n\n```text\nmyapp.com@evil.com\nevil.com/myapp.com\nevil.com#myapp.com\n```\n\nApplications that attempt to allowlist hosts using string prefix or suffix checks may therefore treat attacker-controlled hosts as trusted. For example:\n\n```ruby\nreq.host.start_with?(\"myapp.com\")\n```\n\naccepts:\n\n```text\nmyapp.com@evil.com\n```\n\nand:\n\n```ruby\nreq.host.end_with?(\"myapp.com\")\n```\n\naccepts:\n\n```text\nevil.com/myapp.com\n```\n\nWhen those values are later used to build absolute URLs or enforce origin restrictions, the application may produce attacker-controlled results.\n\n## Impact\n\nApplications that rely on `req.host`, `req.url`, or `req.base_url` may be affected if they perform naive host validation or assume Rack only returns RFC-valid hostnames.\n\nIn affected deployments, an attacker may be able to bypass host allowlists and poison generated links, redirects, or origin-dependent security decisions. This can enable attacks such as password reset link poisoning or other host header injection issues.\n\nThe practical impact depends on application behavior. If the application or reverse proxy already enforces strict host validation, exploitability may be reduced or eliminated.\n\n## Mitigation\n\n* Update to a patched version of Rack that rejects invalid authority characters in `Host`.\n* Enforce strict `Host` header validation at the reverse proxy or load balancer.\n* Do not rely on prefix or suffix string checks such as `start_with?` or `end_with?` for host allowlisting.\n* Use exact host allowlists, or exact subdomain boundary checks, after validating that the host is syntactically valid.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:36:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-g2pf-xv49-m2h5","https://nvd.nist.gov/vuln/detail/CVE-2026-34835","https://github.com/advisories/GHSA-g2pf-xv49-m2h5"],"source_kind":"github","identifiers":["GHSA-g2pf-xv49-m2h5","CVE-2026-34835"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-25T06:00:34.524Z","epss_percentage":0.00103,"epss_percentile":0.28163,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nMnBmLXh2NDktbTJoNc4ABUpH","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1nMnBmLXh2NDktbTJoNc4ABUpH","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nMnBmLXh2NDktbTJoNc4ABUpH/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xMnd3LTUzNTcteDM4OM4ABUpG","url":"https://github.com/advisories/GHSA-q2ww-5357-x388","title":"Rack has Content-Length mismatch in Rack::Files error responses","description":"## Summary\n\n`Rack::Files#fail` sets the `Content-Length` response header using `String#size` instead of `String#bytesize`. When the response body contains multibyte UTF-8 characters, the declared `Content-Length` is smaller than the number of bytes actually sent on the wire.\n\nBecause `Rack::Files` reflects the requested path in 404 responses, an attacker can trigger this mismatch by requesting a non-existent path containing percent-encoded UTF-8 characters.\n\nThis results in incorrect HTTP response framing and may cause response desynchronization in deployments that rely on the incorrect `Content-Length` value.\n\n## Details\n\n`Rack::Files#fail` constructs error responses using logic equivalent to:\n\n```ruby\ndef fail(status, body, headers = {})\n  body += \"\\n\"\n  [\n    status,\n    {\n      \"content-type\" =\u003e \"text/plain\",\n      \"content-length\" =\u003e body.size.to_s,\n      \"x-cascade\" =\u003e \"pass\"\n    }.merge!(headers),\n    [body]\n  ]\nend\n```\n\nHere, `body.size` returns the number of characters, not the number of bytes. For multibyte UTF-8 strings, this produces an incorrect `Content-Length` value.\n\n`Rack::Files` includes the decoded request path in 404 responses. A request containing percent-encoded UTF-8 path components therefore causes the response body to contain multibyte characters, while the `Content-Length` header still reflects character count rather than byte count.\n\nAs a result, the server can send more bytes than declared in the response headers.\n\nThis violates HTTP message framing requirements, which define `Content-Length` as the number of octets in the message body.\n\n## Impact\n\nApplications using `Rack::Files` may emit incorrectly framed error responses when handling requests for non-existent paths containing multibyte characters.\n\nIn some deployment topologies, particularly with keep-alive connections and intermediaries that rely on `Content-Length`, this mismatch may lead to response parsing inconsistencies or response desynchronization. The practical exploitability depends on the behavior of downstream proxies, clients, and connection reuse.\n\nEven where no secondary exploitation is possible, the response is malformed and may trigger protocol errors in strict components.\n\n## Mitigation\n\n* Update to a patched version of Rack that computes `Content-Length` using `String#bytesize`.\n* Avoid exposing `Rack::Files` directly to untrusted traffic until a fix is available, if operationally feasible.\n* Where possible, place Rack behind a proxy or server that normalizes or rejects malformed backend responses.\n* Prefer closing backend connections on error paths if response framing anomalies are a concern.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:36:10.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-q2ww-5357-x388","https://nvd.nist.gov/vuln/detail/CVE-2026-34831","https://github.com/advisories/GHSA-q2ww-5357-x388"],"source_kind":"github","identifiers":["GHSA-q2ww-5357-x388","CVE-2026-34831"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-25T06:00:34.525Z","epss_percentage":0.00038,"epss_percentile":0.11388,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMnd3LTUzNTcteDM4OM4ABUpG","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xMnd3LTUzNTcteDM4OM4ABUpG","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xMnd3LTUzNTcteDM4OM4ABUpG/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xdjdqLTQ4ODMtaHdoN84ABUpF","url":"https://github.com/advisories/GHSA-qv7j-4883-hwh7","title":"Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect","description":"## Summary\n\n`Rack::Sendfile#map_accel_path` interpolates the value of the `X-Accel-Mapping` request header directly into a regular expression when rewriting file paths for `X-Accel-Redirect`. Because the header value is not escaped, an attacker who can supply `X-Accel-Mapping` to the backend can inject regex metacharacters and control the generated `X-Accel-Redirect` response header.\n\nIn deployments using `Rack::Sendfile` with `x-accel-redirect`, this can allow an attacker to cause nginx to serve unintended files from configured internal locations.\n\n## Details\n\n`Rack::Sendfile#map_accel_path` processes header-supplied mappings using logic equivalent to:\n\n```ruby\nmapping.split(',').map(\u0026:strip).each do |m|\n  internal, external = m.split('=', 2).map(\u0026:strip)\n  new_path = path.sub(/\\A#{internal}/i, external)\n  return new_path unless path == new_path\nend\n```\n\nHere, `internal` comes from the `HTTP_X_ACCEL_MAPPING` request header and is inserted directly into a regular expression without escaping. This gives the header value regex semantics rather than treating it as a literal prefix.\n\nAs a result, an attacker can supply metacharacters such as `.*` or capture groups to alter how the path substitution is performed. For example, a mapping such as:\n\n```http\nX-Accel-Mapping: .*=/protected/secret.txt\n```\n\ncauses the entire source path to match and rewrites the redirect target to a clean attacker-chosen internal path.\n\nThis differs from the documented behavior of the header-based mapping path, which is described as a simple substitution. While application-supplied mappings may intentionally support regular expressions, header-supplied mappings should be treated as literal path prefixes.\n\nThe issue is only exploitable when untrusted `X-Accel-Mapping` headers can reach Rack. One realistic case is a reverse proxy configuration that intends to set `X-Accel-Mapping` itself, but fails to do so on some routes, allowing a client-supplied header to pass through unchanged.\n\n## Impact\n\nApplications using `Rack::Sendfile` with `x-accel-redirect` may be affected if the backend accepts attacker-controlled `X-Accel-Mapping` headers.\n\nIn affected deployments, an attacker may be able to control the `X-Accel-Redirect` response header and cause nginx to serve files from internal locations that were not intended to be reachable through the application. This can lead to unauthorized file disclosure.\n\nThe practical impact depends on deployment architecture. If the proxy always strips or overwrites `X-Accel-Mapping`, or if the application uses explicit configured mappings instead of the request header, exploitability may be eliminated.\n\n## Mitigation\n\n* Update to a patched version of Rack that treats header-supplied `X-Accel-Mapping` values as literal strings rather than regular expressions.\n* Strip or overwrite inbound `X-Accel-Mapping` headers at the reverse proxy so client-supplied values never reach Rack.\n* Prefer explicit application-configured sendfile mappings instead of relying on request-header mappings.\n* Review proxy sub-locations and inherited header settings to ensure `X-Accel-Mapping` is consistently set on all backend routes.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:35:23.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.9,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-qv7j-4883-hwh7","https://nvd.nist.gov/vuln/detail/CVE-2026-34830","https://github.com/advisories/GHSA-qv7j-4883-hwh7"],"source_kind":"github","identifiers":["GHSA-qv7j-4883-hwh7","CVE-2026-34830"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-23T09:00:37.802Z","epss_percentage":0.00043,"epss_percentile":0.12916,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xdjdqLTQ4ODMtaHdoN84ABUpF","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xdjdqLTQ4ODMtaHdoN84ABUpF","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xdjdqLTQ4ODMtaHdoN84ABUpF/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04dnFyLXFqd3gtODJtd84ABUpE","url":"https://github.com/advisories/GHSA-8vqr-qjwx-82mw","title":"Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads","description":"## Summary\n\n`Rack::Multipart::Parser` only wraps the request body in a `BoundedIO` when `CONTENT_LENGTH` is present. When a `multipart/form-data` request is sent without a `Content-Length` header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size limit.\n\nFor file parts, the uploaded body is written directly to a temporary file on disk rather than being constrained by the buffered in-memory upload limit. An unauthenticated attacker can therefore stream an arbitrarily large multipart file upload and consume unbounded disk space.\n\nThis results in a denial of service condition for Rack applications that accept multipart form data.\n\n## Details\n\n`Rack::Multipart::Parser.parse` applies `BoundedIO` only when `content_length` is not `nil`:\n\n```ruby\nio = BoundedIO.new(io, content_length) if content_length\n```\n\nWhen `CONTENT_LENGTH` is absent, the parser reads the multipart body until EOF without a global byte limit.\n\nAlthough Rack enforces `BUFFERED_UPLOAD_BYTESIZE_LIMIT` for retained non-file parts, file uploads are handled differently. When a multipart part includes a filename, the body is streamed to a `Tempfile`, and the retained-size accounting is not applied to that file content. As a result, file parts are not subject to the same upload size bound.\n\nAn attacker can exploit this by sending a chunked `multipart/form-data` request containing a file part and continuously streaming data without declaring a `Content-Length`. Rack will continue writing the uploaded data to disk until the client stops or the server exhausts available storage.\n\n## Impact\n\nAny Rack application that accepts `multipart/form-data` uploads may be affected if no upstream component enforces a request body size limit.\n\nAn unauthenticated attacker can send a large chunked file upload to consume disk space on the application host. This may cause request failures, application instability, or broader service disruption if the host runs out of available storage.\n\nThe practical impact depends on deployment architecture. Reverse proxies or application servers that enforce upload limits may reduce or eliminate exploitability, but Rack itself does not impose a total multipart upload limit in this code path when `CONTENT_LENGTH` is absent.\n\n## Mitigation\n\n* Update to a patched version of Rack that enforces a total multipart upload size limit even when `CONTENT_LENGTH` is absent.\n* Enforce request body size limits at the reverse proxy or application server.\n* Isolate temporary upload storage and monitor disk consumption for multipart endpoints.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-04-02T20:34:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-8vqr-qjwx-82mw","https://nvd.nist.gov/vuln/detail/CVE-2026-34829","https://github.com/advisories/GHSA-8vqr-qjwx-82mw"],"source_kind":"github","identifiers":["GHSA-8vqr-qjwx-82mw","CVE-2026-34829"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-29T16:00:38.872Z","epss_percentage":0.0006,"epss_percentile":0.18467,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04dnFyLXFqd3gtODJtd84ABUpE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04dnFyLXFqd3gtODJtd84ABUpE","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04dnFyLXFqd3gtODJtd84ABUpE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03bXFxLTZjZjktdjJxcM4ABUpD","url":"https://github.com/advisories/GHSA-7mqq-6cf9-v2qp","title":"Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory","description":"## Summary\n\n`Rack::Directory` interpolates the configured `root` path directly into a regular expression when deriving the displayed directory path. If `root` contains regex metacharacters such as `+`, `*`, or `.`, the prefix stripping can fail and the generated directory listing may expose the full filesystem path in the HTML output.\n\n## Details\n\n`Rack::Directory::DirectoryBody#each` computes the visible path using code equivalent to:\n\n```ruby\nshow_path = Utils.escape_html(path.sub(/\\A#{root}/, ''))\n```\n\nHere, `root` is a developer-configured filesystem path. It is normalized earlier with `File.expand_path(root)` and then inserted directly into a regular expression without escaping.\n\nBecause the value is treated as regex syntax rather than as a literal string, metacharacters in the configured path can change how the prefix match behaves. When that happens, the expected root prefix is not removed from `path`, and the absolute filesystem path is rendered into the HTML directory listing.\n\n## Impact\n\nIf `Rack::Directory` is configured to serve a directory whose absolute path contains regex metacharacters, the generated directory listing may disclose the full server filesystem path instead of only the request-relative path.\n\nThis can expose internal deployment details such as directory layout, usernames, mount points, or naming conventions that would otherwise not be visible to clients.\n\n## Mitigation\n\n* Update to a patched version of Rack in which the root prefix is removed using an escaped regular expression.\n* Avoid using `Rack::Directory` with a root path that contains regular expression metacharacters.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:32:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-7mqq-6cf9-v2qp","https://nvd.nist.gov/vuln/detail/CVE-2026-34763","https://github.com/advisories/GHSA-7mqq-6cf9-v2qp"],"source_kind":"github","identifiers":["GHSA-7mqq-6cf9-v2qp","CVE-2026-34763"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-25T06:00:34.526Z","epss_percentage":0.00038,"epss_percentile":0.11388,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03bXFxLTZjZjktdjJxcM4ABUpD","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03bXFxLTZjZjktdjJxcM4ABUpD","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03bXFxLTZjZjktdjJxcM4ABUpD/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12NTY5LWhwM2ctMzZ3cs4ABUpC","url":"https://github.com/advisories/GHSA-v569-hp3g-36wr","title":"Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header","description":"## Summary\n\n`Rack::Utils.select_best_encoding` processes `Accept-Encoding` values with quadratic time complexity when the header contains many wildcard (`*`) entries. Because this method is used by `Rack::Deflater` to choose a response encoding, an unauthenticated attacker can send a single request with a crafted `Accept-Encoding` header and cause disproportionate CPU consumption on the compression middleware path.\n\nThis results in a denial of service condition for applications using `Rack::Deflater`.\n\n## Details\n\n`Rack::Utils.select_best_encoding` expands parsed `Accept-Encoding` values into a list of candidate encodings. When an entry is `*`, the method computes the set of concrete encodings by subtracting the encodings already present in the request:\n\n```ruby\nif m == \"*\"\n  (available_encodings - accept_encoding.map(\u0026:first)).each do |m2|\n    expanded_accept_encoding \u003c\u003c [m2, q, preference]\n  end\nelse\n  expanded_accept_encoding \u003c\u003c [m, q, preference]\nend\n```\n\nBecause `accept_encoding.map(\u0026:first)` is evaluated inside the loop, it is recomputed for each wildcard entry. If the request contains `N` wildcard entries, this produces repeated scans over the full parsed header and causes quadratic behavior.\n\nAfter expansion, the method also performs additional work over `expanded_accept_encoding`, including per-entry deletion, which further increases the cost for large inputs.\n\n`Rack::Deflater` invokes this method for each request when the middleware is enabled:\n\n```ruby\nUtils.select_best_encoding(ENCODINGS, Utils.parse_encodings(accept_encoding))\n```\n\nAs a result, a client can trigger this expensive code path simply by sending a large `Accept-Encoding` header containing many repeated wildcard values.\n\nFor example, a request with an approximately 8 KB `Accept-Encoding` header containing about 1,000 `*;q=0.5` entries can cause roughly 170 ms of CPU time in a single request on the `Rack::Deflater` path, compared to a negligible baseline for a normal header.\n\nThis issue is distinct from CVE-2024-26146. That issue concerned regular expression denial of service during `Accept` header parsing, whereas this issue arises later during encoding selection after the header has already been parsed.\n\n## Impact\n\nAny Rack application using `Rack::Deflater` may be affected.\n\nAn unauthenticated attacker can send requests with crafted `Accept-Encoding` headers to trigger excessive CPU usage in the encoding selection logic. Repeated requests can consume worker time disproportionately and reduce application availability.\n\nThe attack does not require invalid HTTP syntax or large payload bodies. A single header-sized request is sufficient to reach the vulnerable code path.\n\n## Mitigation\n\n* Update to a patched version of Rack in which encoding selection does not repeatedly rescan the parsed header for wildcard entries.\n* Avoid enabling `Rack::Deflater` on untrusted traffic.\n* Apply request filtering or header size / format restrictions at the reverse proxy or application boundary to limit abusive `Accept-Encoding` values.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-04-02T20:32:19.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-v569-hp3g-36wr","https://nvd.nist.gov/vuln/detail/CVE-2026-34230","https://github.com/advisories/GHSA-v569-hp3g-36wr"],"source_kind":"github","identifiers":["GHSA-v569-hp3g-36wr","CVE-2026-34230"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-25T06:00:34.527Z","epss_percentage":0.0002,"epss_percentile":0.05546,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NTY5LWhwM2ctMzZ3cs4ABUpC","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12NTY5LWhwM2ctMzZ3cs4ABUpC","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NTY5LWhwM2ctMzZ3cs4ABUpC/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xZmdyLWNycjktN3I0Oc4ABUpB","url":"https://github.com/advisories/GHSA-qfgr-crr9-7r49","title":"Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing","description":"## Summary\n\n`Rack::Utils.forwarded_values` parses the RFC 7239 `Forwarded` header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons, a header such as:\n\n```http\nForwarded: for=\"127.0.0.1;host=evil.com;proto=https\"\n```\n\ncan be interpreted by Rack as multiple `Forwarded` directives rather than as a single quoted `for` value.\n\nIn deployments where an upstream proxy, WAF, or intermediary validates or preserves quoted `Forwarded` values differently, this discrepancy can allow an attacker to smuggle `host`, `proto`, `for`, or `by` parameters through a single header value.\n\n## Details\n\n`Rack::Utils.forwarded_values` processes the header using logic equivalent to:\n\n```ruby\nforwarded_header.split(';').each_with_object({}) do |field, values|\n  field.split(',').each do |pair|\n    pair = pair.split('=').map(\u0026:strip).join('=')\n    return nil unless pair =~ /\\A(by|for|host|proto)=\"?([^\"]+)\"?\\Z/i\n    (values[$1.downcase.to_sym] ||= []) \u003c\u003c $2\n  end\nend\n```\n\nThe method splits on `;` before it parses individual `name=value` pairs. This is inconsistent with RFC 7239, which permits quoted-string values, and quoted strings may contain semicolons as literal content.\n\nAs a result, a header value such as:\n\n```http\nForwarded: for=\"127.0.0.1;host=evil.com;proto=https\"\n```\n\nis not treated as a single `for` value. Instead, Rack may interpret it as if the client had supplied separate `for`, `host`, and `proto` directives.\n\nThis creates an interpretation conflict when another component in front of Rack treats the quoted value as valid literal content, while Rack reparses it as multiple forwarding parameters.\n\n## Impact\n\nApplications that rely on `Forwarded` to derive request metadata may observe attacker-controlled values for `host`, `proto`, `for`, or related URL components.\n\nIn affected deployments, this can lead to host or scheme spoofing in derived values such as `req.host`, `req.scheme`, `req.base_url`, or `req.url`. Applications that use those values for password reset links, redirects, absolute URL generation, logging, IP-based decisions, or backend requests may be vulnerable to downstream security impact.\n\nThe practical security impact depends on deployment architecture. If clients can already supply arbitrary trusted `Forwarded` parameters directly, this bug may not add meaningful attacker capability. The issue is most relevant where an upstream component and Rack interpret the same `Forwarded` header differently.\n\n## Mitigation\n\n* Update to a patched version of Rack that parses `Forwarded` quoted-string values before splitting on parameter delimiters.\n* Avoid trusting client-supplied `Forwarded` headers unless they are normalized or regenerated by a trusted reverse proxy.\n* Prefer stripping inbound `Forwarded` headers at the edge and reconstructing them from trusted proxy metadata.\n* Avoid using `req.host`, `req.scheme`, `req.base_url`, or `req.url` for security-sensitive operations unless the forwarding chain is explicitly trusted and validated.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:31:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-qfgr-crr9-7r49","https://nvd.nist.gov/vuln/detail/CVE-2026-32762","https://github.com/advisories/GHSA-qfgr-crr9-7r49"],"source_kind":"github","identifiers":["GHSA-qfgr-crr9-7r49","CVE-2026-32762"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-29T16:00:38.874Z","epss_percentage":0.00044,"epss_percentile":0.13446,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZmdyLWNycjktN3I0Oc4ABUpB","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xZmdyLWNycjktN3I0Oc4ABUpB","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZmdyLWNycjktN3I0Oc4ABUpB/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yeDIyLWc5bXgtcXJods4ABUpA","url":"https://github.com/advisories/GHSA-rx22-g9mx-qrhv","title":"Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values","description":"## Summary\n\n`Rack::Multipart::Parser` unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as `filename` or `name` instead of removing the folded line break during unfolding.\n\nAs a result, applications that later reuse those parsed values in HTTP response headers may be vulnerable to downstream header injection or response splitting.\n\n## Details\n\n`Rack::Multipart::Parser` accepts folded multipart header values and unfolds them during parsing. However, the unfolding behavior does not fully remove the embedded line break sequence from the parsed value.\n\nThis means a multipart part header such as:\n\n```http\nContent-Disposition: form-data; name=\"file\"; filename=\"test\\r\\n foo.txt\"\n```\n\ncan result in a parsed parameter value that still contains CRLF characters.\n\nThe issue is not that Rack creates a second multipart header field. Rather, the problem is that CRLF remains embedded in the parsed metadata value after unfolding. If an application later uses that value in a security-sensitive context, such as constructing an HTTP response header, the preserved CRLF may alter downstream header parsing.\n\nAffected values may include multipart parameters such as `filename`, `name`, or similar parsed header attributes.\n\n## Impact\n\nApplications that accept multipart form uploads may be affected if they later reuse parsed multipart metadata in HTTP headers or other header-sensitive contexts.\n\nIn affected deployments, an attacker may be able to supply a multipart parameter value containing folded line breaks and cause downstream header injection, response splitting, cache poisoning, or related response parsing issues.\n\nThe practical impact depends on application behavior. If parsed multipart metadata is not reused in HTTP headers, the issue may be limited to incorrect parsing behavior rather than a direct exploit path.\n\n## Mitigation\n\n* Update to a patched version of Rack that removes CRLF correctly when unfolding folded multipart header values.\n* Avoid copying upload metadata such as `filename` directly into HTTP response headers without sanitization.\n* Sanitize or reject carriage return and line feed characters in multipart-derived values before reusing them in response headers, logs, or downstream protocol contexts.\n* Where feasible, normalize uploaded filenames before storing or reflecting them.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:31:01.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.8,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-rx22-g9mx-qrhv","https://nvd.nist.gov/vuln/detail/CVE-2026-26962","https://github.com/advisories/GHSA-rx22-g9mx-qrhv"],"source_kind":"github","identifiers":["GHSA-rx22-g9mx-qrhv","CVE-2026-26962"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-25T06:00:34.528Z","epss_percentage":0.0002,"epss_percentile":0.05502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yeDIyLWc5bXgtcXJods4ABUpA","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yeDIyLWc5bXgtcXJods4ABUpA","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yeDIyLWc5bXgtcXJods4ABUpA/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12Z3B2LWY3NTktOXd4M84ABUo_","url":"https://github.com/advisories/GHSA-vgpv-f759-9wx3","title":"Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.","description":"## Summary\n\n`Rack::Multipart::Parser` extracts the `boundary` parameter from `multipart/form-data` using a greedy regular expression. When a `Content-Type` header contains multiple `boundary` parameters, Rack selects the last one rather than the first.\n\nIn deployments where an upstream proxy, WAF, or intermediary interprets the first `boundary` parameter, this mismatch can allow an attacker to smuggle multipart content past upstream inspection and have Rack parse a different body structure than the intermediary validated.\n\n## Details\n\nRack identifies the multipart boundary using logic equivalent to:\n\n```ruby\nMULTIPART = %r|\\Amultipart/.*boundary=\\\"?([^\\\";,]+)\\\"?|ni\n```\n\nBecause the expression is greedy, it matches the last `boundary=` parameter in a header such as:\n\n```http\nContent-Type: multipart/form-data; boundary=safe; boundary=malicious\n```\n\nAs a result, Rack parses the request body using `malicious`, while another component may interpret the same header using `safe`.\n\nThis creates an interpretation conflict. If an upstream WAF or proxy inspects multipart parts using the first boundary and Rack later parses the body using the last boundary, a client may be able to place malicious form fields or uploaded content in parts that Rack accepts but the upstream component did not inspect as intended.\n\nThis issue is most relevant in layered deployments where security decisions are made before the request reaches Rack.\n\n## Impact\n\nApplications that accept `multipart/form-data` uploads behind an inspecting proxy or WAF may be affected.\n\nIn such deployments, an attacker may be able to bypass upstream filtering of uploaded files or form fields by sending a request with multiple `boundary` parameters and relying on the intermediary and Rack to parse the request differently.\n\nThe practical impact depends on deployment architecture. If no upstream component relies on a different multipart interpretation, this behavior may not provide meaningful additional attacker capability.\n\n## Mitigation\n\n* Update to a patched version of Rack that rejects ambiguous multipart `Content-Type` headers or parses duplicate `boundary` parameters consistently.\n* Reject requests containing multiple `boundary` parameters.\n* Normalize or regenerate multipart metadata at the trusted edge before forwarding requests to Rack.\n* Avoid relying on upstream inspection of malformed multipart requests unless duplicate parameter handling is explicitly consistent across components.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T20:30:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-vgpv-f759-9wx3","https://nvd.nist.gov/vuln/detail/CVE-2026-26961","https://github.com/advisories/GHSA-vgpv-f759-9wx3"],"source_kind":"github","identifiers":["GHSA-vgpv-f759-9wx3","CVE-2026-26961"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-25T06:00:34.528Z","epss_percentage":0.00013,"epss_percentile":0.02185,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Z3B2LWY3NTktOXd4M84ABUo_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12Z3B2LWY3NTktOXd4M84ABUo_","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Z3B2LWY3NTktOXd4M84ABUo_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12Nng1LWNnOHItdnY2eM4ABUo-","url":"https://github.com/advisories/GHSA-v6x5-cg8r-vv6x","title":"Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters","description":"## Summary\n\n`Rack::Multipart::Parser#handle_mime_head` parses quoted multipart parameters such as `Content-Disposition: form-data; name=\"...\"` using repeated `String#index` searches combined with `String#slice!` prefix deletion. For escape-heavy quoted values, this causes super-linear processing.\n\nAn unauthenticated attacker can send a crafted `multipart/form-data` request containing many parts with long backslash-escaped parameter values to trigger excessive CPU usage during multipart parsing.\n\nThis results in a denial of service condition in Rack applications that accept multipart form data.\n\n## Details\n\n`Rack::Multipart::Parser#handle_mime_head` parses quoted parameter values by repeatedly:\n\n1. Searching for the next quote or backslash,\n2. Copying the preceding substring into a new buffer, and\n3. Removing the processed prefix from the original string with `slice!`.\n\nAn attacker can exploit this by sending a multipart request with many parts whose `name` parameters contain long escape-heavy values such as:\n\n```text\nname=\"a\\\\a\\\\a\\\\a\\\\a\\\\...\"\n```\n\nUnder default Rack limits, a request can contain up to 4095 parts. If many of those parts use long quoted values with dense escape characters, the parser performs disproportionately expensive CPU work while remaining within normal request size and part-count limits.\n\n## Impact\n\nAny Rack application that accepts `multipart/form-data` requests may be affected, including file upload endpoints and standard HTML form handlers.\n\nAn unauthenticated attacker can send crafted multipart requests that consume excessive CPU time during request parsing. Repeated requests can tie up application workers, reduce throughput, and degrade or deny service availability.\n\n## Mitigation\n\n* Update to a patched version of Rack that parses quoted multipart parameters without repeated rescanning and destructive prefix deletion.\n* Apply request throttling or rate limiting to multipart upload endpoints.\n* Where operationally feasible, restrict or isolate multipart parsing on untrusted high-volume endpoints.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-04-02T20:30:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-v6x5-cg8r-vv6x","https://nvd.nist.gov/vuln/detail/CVE-2026-34827","https://github.com/advisories/GHSA-v6x5-cg8r-vv6x"],"source_kind":"github","identifiers":["GHSA-v6x5-cg8r-vv6x","CVE-2026-34827"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T21:00:08.456Z","updated_at":"2026-04-27T14:00:40.570Z","epss_percentage":0.0002,"epss_percentile":0.056,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Nng1LWNnOHItdnY2eM4ABUo-","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12Nng1LWNnOHItdnY2eM4ABUo-","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Nng1LWNnOHItdnY2eM4ABUo-/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14OGNnLWZxOGctbXhmeM4ABUo9","url":"https://github.com/advisories/GHSA-x8cg-fq8g-mxfx","title":"Rack's multipart byte range processing allows denial of service via excessive overlapping ranges","description":"## Summary\n\n`Rack::Utils.get_byte_ranges` parses the HTTP `Range` header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the file size, it does not restrict the count of ranges. An attacker can supply many small overlapping ranges such as `0-0,0-0,0-0,...` to trigger disproportionate CPU, memory, I/O, and bandwidth consumption per request.\n\nThis results in a denial of service condition in Rack file-serving paths that process multipart byte range responses.\n\n## Details\n\n`Rack::Utils.get_byte_ranges` accepts a comma-separated list of byte ranges and validates them based on their aggregate size, but does not impose a limit on how many individual ranges may be supplied.\n\nAs a result, a request such as:\n\n```http\nRange: bytes=0-0,0-0,0-0,0-0,...\n```\n\ncan contain thousands of overlapping one-byte ranges while still satisfying the total-size check added for CVE-2024-26141.\n\nWhen such a header is processed by Rack’s file-serving code, each range causes additional work, including multipart response generation, per-range iteration, file seek and read operations, and temporary string allocation for response size calculation and output. This allows a relatively small request header to trigger disproportionately expensive processing and a much larger multipart response.\n\nThe issue is distinct from CVE-2024-26141. That fix prevents range sets whose total byte coverage exceeds the file size, but does not prevent a large number of overlapping ranges whose summed size remains within that limit.\n\n## Impact\n\nApplications that expose file-serving paths with byte range support may be vulnerable to denial of service.\n\nAn unauthenticated attacker can send crafted `Range` headers containing many small overlapping ranges to consume excessive CPU time, memory, file I/O, and bandwidth. Repeated requests may reduce application availability and increase pressure on workers and garbage collection.\n\n## Mitigation\n\n* Update to a patched version of Rack that limits the number of accepted byte ranges.\n* Reject or normalize multipart byte range requests containing excessive range counts.\n* Consider disabling multipart range support where it is not required.\n* Apply request filtering or header restrictions at the reverse proxy or application boundary to limit abusive `Range` headers.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T19:07:28.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","references":["https://github.com/rack/rack/security/advisories/GHSA-x8cg-fq8g-mxfx","https://nvd.nist.gov/vuln/detail/CVE-2026-34826","https://github.com/advisories/GHSA-x8cg-fq8g-mxfx"],"source_kind":"github","identifiers":["GHSA-x8cg-fq8g-mxfx","CVE-2026-34826"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T20:00:10.704Z","updated_at":"2026-04-23T09:00:39.594Z","epss_percentage":0.00019,"epss_percentile":0.05072,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OGNnLWZxOGctbXhmeM4ABUo9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14OGNnLWZxOGctbXhmeM4ABUo9","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OGNnLWZxOGctbXhmeM4ABUo9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1xNHFmLTlqODYtZjVtaM4ABUo8","url":"https://github.com/advisories/GHSA-q4qf-9j86-f5mh","title":"Rack:: Static header_rules bypass via URL-encoded paths","description":"## Summary\n\n`Rack::Static#applicable_rules` evaluates several `header_rules` types against the raw URL-encoded `PATH_INFO`, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers that `header_rules` were intended to apply.\n\nIn deployments that rely on `Rack::Static` to attach security-relevant response headers to static content, this can allow an attacker to bypass those headers by requesting an encoded form of the path.\n\n## Details\n\n`Rack::Static#applicable_rules` matches rule types such as `:fonts`, `Array`, and `Regexp` directly against the incoming `PATH_INFO`. For example:\n\n```ruby\nwhen :fonts\n  /\\.(?:ttf|otf|eot|woff2|woff|svg)\\z/.match?(path)\nwhen Array\n  /\\.(#{rule.join('|')})\\z/.match?(path)\nwhen Regexp\n  rule.match?(path)\n```\n\nThese checks operate on the raw request path. If the request contains encoded characters such as `%2E` in place of `.`, the rule may fail to match even though the file path is later decoded and served successfully by the static file server.\n\nFor example, both of the following requests may resolve to the same file on disk:\n\n```text\n/fonts/test.woff\n/fonts/test%2Ewoff\n```\n\nbut only the unencoded form may receive the headers configured through `header_rules`.\n\nThis creates a canonicalization mismatch between the path used for header policy decisions and the path ultimately used for file serving.\n\n## Impact\n\nApplications that rely on `Rack::Static` `header_rules` to apply security-relevant headers to static files may be affected.\n\nIn affected deployments, an attacker can request an encoded variant of a static file path and receive the same file without the intended headers. Depending on how `header_rules` are used, this may bypass protections such as clickjacking defenses, content restrictions, or other response policies applied to static content.\n\nThe practical impact depends on the configured rules and the types of files being served. If `header_rules` are only used for non-security purposes such as caching, the issue may have limited security significance.\n\n## Mitigation\n\n* Update to a patched version of Rack that applies `header_rules` to a decoded path consistently with static file resolution.\n* Do not rely solely on `Rack::Static` `header_rules` for security-critical headers where encoded path variants may reach the application.\n* Prefer setting security headers at the reverse proxy or web server layer so they apply consistently to both encoded and unencoded path forms.\n* Normalize or reject encoded path variants for static content at the edge, where feasible.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-04-02T18:44:49.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-q4qf-9j86-f5mh","https://nvd.nist.gov/vuln/detail/CVE-2026-34786","https://github.com/advisories/GHSA-q4qf-9j86-f5mh"],"source_kind":"github","identifiers":["GHSA-q4qf-9j86-f5mh","CVE-2026-34786"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T19:00:09.384Z","updated_at":"2026-04-30T20:00:40.728Z","epss_percentage":0.0004,"epss_percentile":0.12019,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNHFmLTlqODYtZjVtaM4ABUo8","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1xNHFmLTlqODYtZjVtaM4ABUo8","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNHFmLTlqODYtZjVtaM4ABUo8/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1oMmpxLWc0Y3EtNXBwcc4ABUo7","url":"https://github.com/advisories/GHSA-h2jq-g4cq-5ppq","title":"Rack::Static prefix matching can expose unintended files under the static root","description":"## Summary\n\n`Rack::Static` determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as `\"/css\"`, it matches any request path that begins with that string, including unrelated paths such as `\"/css-config.env\"` or `\"/css-backup.sql\"`.\n\nAs a result, files under the static root whose names merely share the configured prefix may be served unintentionally, leading to information disclosure.\n\n## Details\n\n`Rack::Static#route_file` performs static-route matching using logic equivalent to:\n\n```ruby\n@urls.any? { |url| path.index(url) == 0 }\n```\n\nThis checks only whether the request path starts with the configured prefix string. It does not require a path segment boundary after the prefix.\n\nFor example, with:\n\n```ruby\nuse Rack::Static, urls: [\"/css\", \"/js\"], root: \"public\"\n```\n\nthe following path is matched as intended:\n\n```text\n/css/style.css\n```\n\nbut these paths are also matched:\n\n```text\n/css-config.env\n/css-backup.sql\n/csssecrets.yml\n```\n\nIf such files exist under the configured static root, Rack forwards the request to the file server and serves them as static content.\n\nThis means a configuration intended to expose only directory trees such as `/css/...` and `/js/...` may also expose sibling files whose names begin with those same strings.\n\n## Impact\n\nAn attacker can request files under the configured static root whose names share a configured URL prefix and obtain their contents.\n\nIn affected deployments, this may expose configuration files, secrets, backups, environment files, or other unintended static content located under the same root directory.\n\n## Mitigation\n\n* Update to a patched version of Rack that enforces a path boundary when matching configured static URL prefixes.\n* Match only paths that are either exactly equal to the configured prefix or begin with `prefix + \"/\"`.\n* Avoid placing sensitive files under the `Rack::Static` root directory.\n* Prefer static URL mappings that cannot overlap with sensitive filenames.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-04-02T18:44:25.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-h2jq-g4cq-5ppq","https://nvd.nist.gov/vuln/detail/CVE-2026-34785","https://github.com/advisories/GHSA-h2jq-g4cq-5ppq"],"source_kind":"github","identifiers":["GHSA-h2jq-g4cq-5ppq","CVE-2026-34785"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-04-02T19:00:09.384Z","updated_at":"2026-04-30T20:00:40.729Z","epss_percentage":0.00043,"epss_percentile":0.12916,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMmpxLWc0Y3EtNXBwcc4ABUo7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oMmpxLWc0Y3EtNXBwcc4ABUo7","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.6","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.6"},{"first_patched_version":"3.1.21","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.21"},{"first_patched_version":"2.2.23","vulnerable_version_range":"\u003c 2.2.23"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMmpxLWc0Y3EtNXBwcc4ABUo7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13aHJqLTQ0NzYtd3ZtcM4ABSbc","url":"https://github.com/advisories/GHSA-whrj-4476-wvmp","title":"Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href","description":"## Summary\n\n`Rack::Directory` generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the `javascript:` scheme (e.g. `javascript:alert(1)`), the generated index includes an anchor whose `href` attribute is exactly `javascript:alert(1)`. Clicking this entry executes arbitrary JavaScript in the context of the hosting application.\n\nThis results in a client-side XSS condition in directory listings generated by `Rack::Directory`.\n\n## Details\n\n`Rack::Directory` renders directory entries using an HTML row template similar to:\n\n```html\n\u003ca href='%s'\u003e%s\u003c/a\u003e\n```\n\nThe `%s` placeholder is populated directly with the file’s basename. If the basename begins with `javascript:`, the resulting HTML contains an executable JavaScript URL:\n\n```html\n\u003ca href='javascript:alert(1)'\u003ejavascript:alert(1)\u003c/a\u003e\n```\n\nBecause the value is inserted directly into the `href` attribute without scheme validation or normalization, browsers interpret it as a JavaScript URI. When a user clicks the link, the JavaScript executes in the origin of the Rack application.\n\n## Impact\n\nIf `Rack::Directory` is used to expose filesystem contents over HTTP, an attacker who can create or upload files within that directory may introduce a malicious filename beginning with `javascript:`.\n\nWhen a user visits the directory listing and clicks the entry, arbitrary JavaScript executes in the application's origin. Exploitation requires user interaction (clicking the malicious entry).\n\n## Mitigation\n\n* Update to a patched version of Rack in which `Rack::Directory` prefixes generated anchors with a relative path indicator (e.g. `./filename`).\n* Avoid exposing user-controlled directories via `Rack::Directory`.\n* Apply a strict Content Security Policy (CSP) to reduce impact of potential client-side execution issues.\n* Where feasible, restrict or sanitize uploaded filenames to disallow dangerous URI scheme prefixes.\n\nHackerOne profile:\nhttps://hackerone.com/thesmartshadow\n\nGitHub account owner:\nAli Firas (@thesmartshadow)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2026-02-17T18:46:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.4,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-whrj-4476-wvmp","https://github.com/rack/rack/commit/f2f225f297b99fbee3d9f51255d41f601fc40aff","https://nvd.nist.gov/vuln/detail/CVE-2026-25500","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-25500.yml","https://github.com/advisories/GHSA-whrj-4476-wvmp"],"source_kind":"github","identifiers":["GHSA-whrj-4476-wvmp","CVE-2026-25500"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-02-17T19:00:08.542Z","updated_at":"2026-04-28T13:01:38.217Z","epss_percentage":0.00025,"epss_percentile":0.06932,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13aHJqLTQ0NzYtd3ZtcM4ABSbc","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13aHJqLTQ0NzYtd3ZtcM4ABSbc","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.5","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.5"},{"first_patched_version":"3.1.20","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.20"},{"first_patched_version":"2.2.22","vulnerable_version_range":"\u003c 2.2.22"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13aHJqLTQ0NzYtd3ZtcM4ABSbc/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1teHczLTNoaDIteDJtaM4ABSa7","url":"https://github.com/advisories/GHSA-mxw3-3hh2-x2mh","title":"Rack has a Directory Traversal via Rack:Directory","description":"## Summary\n\n`Rack::Directory`’s path check used a string prefix match on the expanded path. A request like `/../root_example/` can escape the configured root if the target path starts with the root string, allowing directory listing outside the intended root.\n\n## Details\n\nIn `directory.rb`, `File.expand_path(File.join(root, path_info)).start_with?(root)` does not enforce a path boundary. If the server root is `/var/www/root`, a path like `/var/www/root_backup` passes the check because it shares the same prefix, so `Rack::Directory` will list that directory also. \n\n## Impact\n\nInformation disclosure via directory listing outside the configured root when `Rack::Directory` is exposed to untrusted clients and a directory shares the root prefix (e.g., `public2`, `www_backup`).\n\n## Mitigation\n\n* Update to a patched version of Rack that correctly checks the root prefix.\n* Don't name directories with the same prefix as one which is exposed via `Rack::Directory`.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2026-02-17T16:14:11.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-mxw3-3hh2-x2mh","https://github.com/rack/rack/commit/75c5745c286637a8f049a33790c71237762069e7","https://nvd.nist.gov/vuln/detail/CVE-2026-22860","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2026-22860.yml","https://github.com/advisories/GHSA-mxw3-3hh2-x2mh"],"source_kind":"github","identifiers":["GHSA-mxw3-3hh2-x2mh","CVE-2026-22860"],"repository_url":null,"blast_radius":0.0,"created_at":"2026-02-17T17:00:07.439Z","updated_at":"2026-04-28T13:01:38.225Z","epss_percentage":0.00105,"epss_percentile":0.28212,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teHczLTNoaDIteDJtaM4ABSa7","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1teHczLTNoaDIteDJtaM4ABSa7","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.5","vulnerable_version_range":"\u003e= 3.2.0, \u003c 3.2.5"},{"first_patched_version":"3.1.20","vulnerable_version_range":"\u003e= 3.0.0.beta1, \u003c 3.1.20"},{"first_patched_version":"2.2.22","vulnerable_version_range":"\u003c 2.2.22"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teHczLTNoaDIteDJtaM4ABSa7/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02eHc0LTN2MzktNTJtbc4ABNQi","url":"https://github.com/advisories/GHSA-6xw4-3v39-52mm","title":"Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing","description":"## Summary\n\n`Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of service (DoS) through memory exhaustion.\n\n## Details\n\nWhen handling non-multipart form submissions, Rack’s request parser performs:\n\n```ruby\nform_vars = get_header(RACK_INPUT).read\n```\n\nSince `read` is called with no argument, the entire request body is loaded into a Ruby `String`. This occurs before query parameter parsing or enforcement of any `params_limit`. As a result, Rack applications without an upstream body-size limit can experience unbounded memory allocation proportional to request size.\n\n## Impact\n\nAttackers can send large `application/x-www-form-urlencoded` bodies to consume process memory, causing slowdowns or termination by the operating system (OOM). The effect scales linearly with request size and concurrency. Even with parsing limits configured, the issue occurs *before* those limits are enforced.\n\n## Mitigation\n\n* Update to a patched version of Rack that enforces form parameter limits using `query_parser.bytesize_limit`, preventing unbounded reads of `application/x-www-form-urlencoded` bodies.\n* Enforce strict maximum body size at the proxy or web server layer (e.g., Nginx `client_max_body_size`, Apache `LimitRequestBody`).","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-10T17:33:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm","https://github.com/rack/rack/commit/4e2c903991a790ee211a3021808ff4fd6fe82881","https://github.com/rack/rack/commit/cbd541e8a3d0c5830a3c9a30d3718ce2e124f9db","https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f","https://nvd.nist.gov/vuln/detail/CVE-2025-61919","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61919.yml","https://github.com/advisories/GHSA-6xw4-3v39-52mm"],"source_kind":"github","identifiers":["GHSA-6xw4-3v39-52mm","CVE-2025-61919"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-10T18:00:07.553Z","updated_at":"2026-04-27T14:02:39.158Z","epss_percentage":0.00221,"epss_percentile":0.44504,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02eHc0LTN2MzktNTJtbc4ABNQi","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02eHc0LTN2MzktNTJtbc4ABNQi","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.3","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.3"},{"first_patched_version":"3.1.18","vulnerable_version_range":"\u003e= 3.0, \u003c 3.1.18"},{"first_patched_version":"2.2.20","vulnerable_version_range":"\u003c 2.2.20"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02eHc0LTN2MzktNTJtbc4ABNQi/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1yNjU3LXJ4amMtajU1N84ABNQh","url":"https://github.com/advisories/GHSA-r657-rxjc-j557","title":"Rack has a Possible Information Disclosure Vulnerability","description":"## Summary\n\nA possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions.\n\n## Details\n\nWhen `Rack::Sendfile` received untrusted `x-sendfile-type` or `x-accel-mapping` headers from a client, it would interpret them as proxy configuration directives. This could cause the middleware to send a \"redirect\" response to the proxy, prompting it to reissue a new internal request that was **not subject to the proxy's access controls**.\n\nAn attacker could exploit this by:\n1. Setting a crafted `x-sendfile-type: x-accel-redirect` header.\n2. Setting a crafted `x-accel-mapping` header.\n3. Requesting a path that qualifies for proxy-based acceleration.\n\n## Impact\n\nAttackers could bypass proxy-enforced restrictions and access internal endpoints intended to be protected (such as administrative pages). The vulnerability did not allow arbitrary file reads but could expose sensitive application routes.\n\nThis issue only affected systems meeting all of the following conditions:\n\n* The application used `Rack::Sendfile` with a proxy that supports `x-accel-redirect` (e.g., Nginx).\n* The proxy did **not** always set or remove the `x-sendfile-type` and `x-accel-mapping` headers.\n* The application exposed an endpoint that returned a body responding to `.to_path`.\n\n## Mitigation\n\n* Upgrade to a fixed version of Rack which requires explicit configuration to enable `x-accel-redirect`:\n\n  ```ruby\n  use Rack::Sendfile, \"x-accel-redirect\"\n  ```\n\n* Alternatively, configure the proxy to always set or strip the headers (you should be doing this!):\n\n  ```nginx\n  proxy_set_header x-sendfile-type x-accel-redirect;\n  proxy_set_header x-accel-mapping /var/www/=/files/;\n  ```\n\n* Or in Rails applications, disable sendfile completely:\n\n  ```ruby\n  config.action_dispatch.x_sendfile_header = nil\n  ```","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-10-10T17:31:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.8,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557","https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784","https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a","https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85","https://nvd.nist.gov/vuln/detail/CVE-2025-61780","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61780.yml","https://github.com/advisories/GHSA-r657-rxjc-j557"],"source_kind":"github","identifiers":["GHSA-r657-rxjc-j557","CVE-2025-61780"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-10T18:00:08.395Z","updated_at":"2026-04-23T09:02:34.446Z","epss_percentage":0.00035,"epss_percentile":0.10005,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNjU3LXJ4amMtajU1N84ABNQh","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1yNjU3LXJ4amMtajU1N84ABNQh","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.3","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.3"},{"first_patched_version":"3.1.18","vulnerable_version_range":"\u003e= 3.0, \u003c 3.1.18"},{"first_patched_version":"2.2.20","vulnerable_version_range":"\u003c 2.2.20"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNjU3LXJ4amMtajU1N84ABNQh/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13cHY1LTk3d20taHA5Y84ABNDU","url":"https://github.com/advisories/GHSA-wpv5-97wm-hp9c","title":"Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)","description":"## Summary\n\n`Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS).\n\n## Details\n\nWhile reading multipart headers, the parser waits for `CRLFCRLF` using:\n\n```ruby\n@sbuf.scan_until(/(.*?\\r\\n)\\r\\n/m)\n```\n\nIf the terminator never appears, it continues appending data (`@sbuf.concat(content)`) indefinitely. There is no limit on accumulated header bytes, so a single malformed part can consume memory proportional to the request body size.\n\n## Impact\n\nAttackers can send incomplete multipart headers to trigger high memory use, leading to process termination (OOM) or severe slowdown. The effect scales with request size limits and concurrency. All applications handling multipart uploads may be affected.\n\n## Mitigation\n\n* Upgrade to a patched Rack version that caps per-part header size (e.g., 64 KiB).\n* Until then, restrict maximum request sizes at the proxy or web server layer (e.g., Nginx `client_max_body_size`).","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-07T17:28:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c","https://nvd.nist.gov/vuln/detail/CVE-2025-61772","https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61772.yml","https://github.com/advisories/GHSA-wpv5-97wm-hp9c"],"source_kind":"github","identifiers":["GHSA-wpv5-97wm-hp9c","CVE-2025-61772"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-07T18:00:06.962Z","updated_at":"2026-04-30T20:02:22.799Z","epss_percentage":0.00193,"epss_percentile":0.41011,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cHY1LTk3d20taHA5Y84ABNDU","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13cHY1LTk3d20taHA5Y84ABNDU","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.2","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.2"},{"first_patched_version":"3.1.17","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.17"},{"first_patched_version":"2.2.19","vulnerable_version_range":"\u003c 2.2.19"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cHY1LTk3d20taHA5Y84ABNDU/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13OXBjLWZtZ2Mtdnh2d84ABNDT","url":"https://github.com/advisories/GHSA-w9pc-fmgc-vxvw","title":"Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)","description":"## Summary\n\n`Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request (hundreds of megabytes or more) can consume equivalent process memory, potentially leading to out-of-memory (OOM) conditions and denial of service (DoS).\n\n## Details\n\nDuring multipart parsing, file parts are streamed to temporary files, but non-file parts are buffered into memory:\n\n```ruby\nbody = String.new  # non-file → in-RAM buffer\n@mime_parts[mime_index].body \u003c\u003c content\n```\n\nThere is no size limit on these in-memory buffers. As a result, any large text field—while technically valid—will be loaded fully into process memory before being added to `params`.\n\n## Impact\n\nAttackers can send large non-file fields to trigger excessive memory usage. Impact scales with request size and concurrency, potentially leading to worker crashes or severe garbage-collection overhead. All Rack applications processing multipart form submissions are affected.\n\n## Mitigation\n\n* **Upgrade:** Use a patched version of Rack that enforces a reasonable size cap for non-file fields (e.g., 2 MiB).\n* **Workarounds:**\n  * Restrict maximum request body size at the web-server or proxy layer (e.g., Nginx `client_max_body_size`).\n  * Validate and reject unusually large form fields at the application level.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-07T17:27:07.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw","https://nvd.nist.gov/vuln/detail/CVE-2025-61771","https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61771.yml","https://github.com/advisories/GHSA-w9pc-fmgc-vxvw"],"source_kind":"github","identifiers":["GHSA-w9pc-fmgc-vxvw","CVE-2025-61771"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-07T18:00:09.191Z","updated_at":"2026-04-23T09:02:36.209Z","epss_percentage":0.00098,"epss_percentile":0.26932,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OXBjLWZtZ2Mtdnh2d84ABNDT","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13OXBjLWZtZ2Mtdnh2d84ABNDT","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.2","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.2"},{"first_patched_version":"3.1.17","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.17"},{"first_patched_version":"2.2.19","vulnerable_version_range":"\u003c 2.2.19"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13OXBjLWZtZ2Mtdnh2d84ABNDT/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1wNTQzLXhwZm0tNTRjcM4ABNDS","url":"https://github.com/advisories/GHSA-p543-xpfm-54cp","title":"Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)","description":"## Summary\n\n`Rack::Multipart::Parser` buffers the entire multipart **preamble** (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions.\n\n## Details\n\nWhile searching for the first boundary, the parser appends incoming data into a shared buffer (`@sbuf.concat(content)`) and scans for the boundary pattern:\n\n```ruby\n@sbuf.scan_until(@body_regex)\n```\n\nIf the boundary is not yet found, the parser continues buffering data indefinitely. There is no trimming or size cap on the preamble, allowing attackers to send arbitrary amounts of data before the first boundary.\n\n## Impact\n\nRemote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection.\n\n## Mitigation\n\n* **Upgrade:** Use a patched version of Rack that enforces a preamble size limit (e.g., 16 KiB) or discards preamble data entirely per [RFC 2046 § 5.1.1](https://www.rfc-editor.org/rfc/rfc2046.html#section-5.1.1).\n* **Workarounds:**\n  * Limit total request body size at the proxy or web server level.\n  * Monitor memory and set per-process limits to prevent OOM conditions.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-10-07T17:26:16.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp","https://nvd.nist.gov/vuln/detail/CVE-2025-61770","https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e","https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e","https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-61770.yml","https://github.com/advisories/GHSA-p543-xpfm-54cp"],"source_kind":"github","identifiers":["GHSA-p543-xpfm-54cp","CVE-2025-61770"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-10-07T18:00:09.416Z","updated_at":"2026-04-27T14:02:40.351Z","epss_percentage":0.00158,"epss_percentile":0.36438,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNTQzLXhwZm0tNTRjcM4ABNDS","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1wNTQzLXhwZm0tNTRjcM4ABNDS","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.2.2","vulnerable_version_range":"\u003e= 3.2, \u003c 3.2.2"},{"first_patched_version":"3.1.17","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.17"},{"first_patched_version":"2.2.19","vulnerable_version_range":"\u003c 2.2.19"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNTQzLXhwZm0tNTRjcM4ABNDS/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02MjVoLTk1cjgtOHhwbc4ABMpX","url":"https://github.com/advisories/GHSA-625h-95r8-8xpm","title":"Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters","description":"## Summary\n\n`Rack::QueryParser` in version `\u003c 2.2.18` enforces its `params_limit` only for parameters separated by `\u0026`, while still splitting on both `\u0026` and `;`. As a result, attackers could use `;` separators to bypass the parameter count limit and submit more parameters than intended.\n\n## Details\n\nThe issue arises because `Rack::QueryParser#check_query_string` counts only `\u0026` characters when determining the number of parameters, but the default separator regex `DEFAULT_SEP = /[\u0026;] */n` splits on both `\u0026` and `;`. This mismatch means that queries using `;` separators were not included in the parameter count, allowing `params_limit` to be bypassed.\n\nOther safeguards (`bytesize_limit` and `key_space_limit`) still applied, but did not prevent this particular bypass.\n\n## Impact\n\nApplications or middleware that directly invoke `Rack::QueryParser` with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector.\n\n`Rack::Request`, the primary entry point for typical Rack applications, uses `QueryParser` in a safe way and does not appear vulnerable by default. As such, the severity is considered **low**, with the impact limited to edge cases where `QueryParser` is used directly.\n\n## Mitigation\n\n* Upgrade to a patched version of Rack where both `\u0026` and `;` are counted consistently toward `params_limit`.\n* If upgrading is not immediately possible, configure `QueryParser` with an explicit delimiter (e.g., `\u0026`) to avoid the mismatch.\n* As a general precaution, enforce query string and request size limits at the web server or proxy layer (e.g., Nginx, Apache, or a CDN) to mitigate excessive parsing overhead.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-09-25T16:39:27.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm","https://nvd.nist.gov/vuln/detail/CVE-2025-59830","https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71","https://github.com/advisories/GHSA-625h-95r8-8xpm"],"source_kind":"github","identifiers":["GHSA-625h-95r8-8xpm","CVE-2025-59830"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-09-25T17:00:58.039Z","updated_at":"2026-04-23T09:02:40.534Z","epss_percentage":0.00074,"epss_percentile":0.22371,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02MjVoLTk1cjgtOHhwbc4ABMpX","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02MjVoLTk1cjgtOHhwbc4ABMpX","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.18","vulnerable_version_range":"\u003c 2.2.18"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02MjVoLTk1cjgtOHhwbc4ABMpX/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00N20yLTI2cnctajJqd84ABIp_","url":"https://github.com/advisories/GHSA-47m2-26rw-j2jw","title":"ReDoS Vulnerability in Rack::Multipart handle_mime_head","description":"### Summary\nThere is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571.\n\n### Details\n\nCarefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\n\n### Credits\n\nThanks to [scyoon](https://hackerone.com/scyoon) for reporting this to the Rails security team","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-06-05T05:21:34.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.6,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U","references":["https://github.com/rack/rack/security/advisories/GHSA-47m2-26rw-j2jw","https://nvd.nist.gov/vuln/detail/CVE-2025-49007","https://github.com/rack/rack/commit/4795831a0a310c2d31102749e551b38faab6401f","https://github.com/rack/rack/commit/aed514df37e33907df3c971ed3ca9a0a20ac2901","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-49007.yml","https://github.com/advisories/GHSA-47m2-26rw-j2jw"],"source_kind":"github","identifiers":["GHSA-47m2-26rw-j2jw","CVE-2025-49007"],"repository_url":"https://github.com/rack/rack","blast_radius":39.72230838522566,"created_at":"2025-06-05T06:08:07.219Z","updated_at":"2026-04-10T16:02:51.651Z","epss_percentage":0.00569,"epss_percentile":0.68507,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00N20yLTI2cnctajJqd84ABIp_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00N20yLTI2cnctajJqd84ABIp_","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.16","vulnerable_version_range":"\u003e= 3.1.0, \u003c 3.1.16"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00N20yLTI2cnctajJqd84ABIp_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1namg3LXAyZngtOTl2eM4ABHo_","url":"https://github.com/advisories/GHSA-gjh7-p2fx-99vx","title":"Rack has an Unbounded-Parameter DoS in Rack::QueryParser","description":"## Summary\n\n`Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters.\n\n## Details\n\nThe vulnerability arises because `Rack::QueryParser` iterates over each `\u0026`-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing.\n\n## Impact\n\nAn attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted.\n\n## Mitigation\n\n- Update to a version of Rack that limits the number of parameters parsed, or\n- Use middleware to enforce a maximum query string size or parameter count, or\n- Employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies.\n\nLimiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-05-08T14:45:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx","https://nvd.nist.gov/vuln/detail/CVE-2025-46727","https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712","https://github.com/rack/rack/commit/3f5a4249118d09d199fe480466c8c6717e43b6e3","https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-46727.yml","https://github.com/advisories/GHSA-gjh7-p2fx-99vx"],"source_kind":"github","identifiers":["GHSA-gjh7-p2fx-99vx","CVE-2025-46727"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-05-08T15:09:22.844Z","updated_at":"2026-04-10T16:02:58.838Z","epss_percentage":0.00808,"epss_percentile":0.73922,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1namg3LXAyZngtOTl2eM4ABHo_","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1namg3LXAyZngtOTl2eM4ABHo_","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.14","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.14"},{"first_patched_version":"3.0.16","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.16"},{"first_patched_version":"2.2.14","vulnerable_version_range":"\u003c 2.2.14"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1namg3LXAyZngtOTl2eM4ABHo_/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12cGZ3LTQ3aDcteGo0Z84ABHo9","url":"https://github.com/advisories/GHSA-vpfw-47h7-xj4g","title":"Rack session gets restored after deletion","description":"### Summary\n\nWhen using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.\n\n### Details\n\n[Rack session middleware](https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270) prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.\n\n### Impact\n\nWhen using the `Rack::Session::Pool` middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.\n\n## Mitigation\n\n- Update to the latest version of `rack`, or\n- Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a `logged_out` flag, instead of deleting them, and check this flag on every request to prevent reuse, or\n- Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.\n\n### Related\n\nAs this code was moved to `rack-session` in Rack 3+, see \u003chttps://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj\u003e for the equivalent advisory in `rack-session` (affecting Rack 3+ only).","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-05-08T14:45:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.2,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","references":["https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj","https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g","https://nvd.nist.gov/vuln/detail/CVE-2025-32441","https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d","https://github.com/rack/rack/blob/v2.2.13/lib/rack/session/abstract/id.rb#L263-L270","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-32441.yml","https://github.com/advisories/GHSA-vpfw-47h7-xj4g"],"source_kind":"github","identifiers":["GHSA-vpfw-47h7-xj4g","CVE-2025-32441"],"repository_url":"https://github.com/rack/rack-session","blast_radius":0.0,"created_at":"2025-05-08T15:09:23.194Z","updated_at":"2026-04-27T14:03:26.581Z","epss_percentage":0.00096,"epss_percentile":0.26499,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cGZ3LTQ3aDcteGo0Z84ABHo9","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12cGZ3LTQ3aDcteGo0Z84ABHo9","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.14","vulnerable_version_range":"\u003c= 2.2.13"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cGZ3LTQ3aDcteGo0Z84ABHo9/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03d3FoLTc2N3gtcjY2ds4ABFQr","url":"https://github.com/advisories/GHSA-7wqh-767x-r66v","title":"Local File Inclusion in Rack::Static","description":"## Summary\n\n`Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly.\n\n## Details\n\nThe vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory.\n\n## Impact\n\nBy exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Static`, or\n- Ensure that `root:` points at a directory path which only contains files which should be accessed publicly.\n\nIt is likely that a CDN or similar static file server would also mitigate the issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-03-10T22:19:30.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v","https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583","https://nvd.nist.gov/vuln/detail/CVE-2025-27610","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27610.yml","https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","https://github.com/advisories/GHSA-7wqh-767x-r66v"],"source_kind":"github","identifiers":["GHSA-7wqh-767x-r66v","CVE-2025-27610"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2025-03-10T23:07:48.263Z","updated_at":"2026-04-30T20:03:29.414Z","epss_percentage":0.01301,"epss_percentile":0.79811,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03d3FoLTc2N3gtcjY2ds4ABFQr","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03d3FoLTc2N3gtcjY2ds4ABFQr","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.12","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.12"},{"first_patched_version":"3.0.14","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.14"},{"first_patched_version":"2.2.13","vulnerable_version_range":"\u003c 2.2.13"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03d3FoLTc2N3gtcjY2ds4ABFQr/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS04Y2dxLTZtaDItN2o2ds4ABFEg","url":"https://github.com/advisories/GHSA-8cgq-6mh2-7j6v","title":"Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection","description":"## Summary\n\n`Rack::Sendfile` can be exploited by crafting input that includes newline characters to manipulate log entries.\n\n## Details\n\nThe `Rack::Sendfile` middleware logs unsanitized header values from the `X-Sendfile-Type` header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection.\n\n## Impact\n\nThis vulnerability can distort log files, obscure attack traces, and complicate security auditing.\n\n## Mitigation\n\n- Update to the latest version of Rack, or\n- Remove usage of `Rack::Sendfile`.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-03-04T15:27:06.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","references":["https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v","https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53","https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b","https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3","https://nvd.nist.gov/vuln/detail/CVE-2025-27111","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-27111.yml","https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","https://github.com/advisories/GHSA-8cgq-6mh2-7j6v"],"source_kind":"github","identifiers":["GHSA-8cgq-6mh2-7j6v","CVE-2025-27111"],"repository_url":"https://github.com/rack/rack","blast_radius":41.52786785728138,"created_at":"2025-03-04T16:08:16.349Z","updated_at":"2026-04-30T20:03:32.878Z","epss_percentage":0.00668,"epss_percentile":0.71369,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Y2dxLTZtaDItN2o2ds4ABFEg","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04Y2dxLTZtaDItN2o2ds4ABFEg","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.11","vulnerable_version_range":"\u003e= 3.1, \u003c 3.1.11"},{"first_patched_version":"3.0.13","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.13"},{"first_patched_version":"2.2.12","vulnerable_version_range":"\u003c 2.2.12"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Y2dxLTZtaDItN2o2ds4ABFEg/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS03ZzJ2LWpqOXEtZzNyZ84ABEZ0","url":"https://github.com/advisories/GHSA-7g2v-jj9q-g3rg","title":"Possible Log Injection in Rack::CommonLogger","description":"## Summary\n\n`Rack::CommonLogger` can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious content into logs.\n\n## Details\n\nWhen a user provides the authorization credentials via `Rack::Auth::Basic`, if success, the username will be put in `env['REMOTE_USER']` and later be used by `Rack::CommonLogger` for logging purposes.\n\nThe issue occurs when a server intentionally or unintentionally allows a user creation with the username contain CRLF and white space characters, or the server just want to log every login attempts. If an attacker enters a username with CRLF character, the logger will log the malicious username with CRLF characters into the logfile.\n\n## Impact\n\nAttackers can break log formats or insert fraudulent entries, potentially obscuring real activity or injecting malicious data into log files.\n\n## Mitigation\n\n- Update to the latest version of Rack.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-02-12T19:18:35.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.7,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P","references":["https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg","https://nvd.nist.gov/vuln/detail/CVE-2025-25184","https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2025-25184.yml","https://lists.debian.org/debian-lts-announce/2025/03/msg00016.html","https://github.com/advisories/GHSA-7g2v-jj9q-g3rg"],"source_kind":"github","identifiers":["GHSA-7g2v-jj9q-g3rg","CVE-2025-25184"],"repository_url":"https://github.com/rack/rack","blast_radius":34.30562996905853,"created_at":"2025-02-12T20:07:39.192Z","updated_at":"2026-04-30T20:03:38.344Z","epss_percentage":0.01039,"epss_percentile":0.77501,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZzJ2LWpqOXEtZzNyZ84ABEZ0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS03ZzJ2LWpqOXEtZzNyZ84ABEZ0","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.12","vulnerable_version_range":"\u003e= 3.0, \u003c 3.0.12"},{"first_patched_version":"2.2.11","vulnerable_version_range":"\u003c 2.2.11"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZzJ2LWpqOXEtZzNyZ84ABEZ0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb","url":"https://github.com/advisories/GHSA-cj83-2ww7-mvq7","title":"Rack ReDoS Vulnerability in HTTP Accept Headers Parsing","description":"### Summary\n\nA Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS).\n\n### Details\n\nThe fix for https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-07-03T17:03:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7","https://nvd.nist.gov/vuln/detail/CVE-2024-39316","https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-39316.yml","https://advisory.dw1.io/61","https://github.com/advisories/GHSA-cj83-2ww7-mvq7"],"source_kind":"github","identifiers":["GHSA-cj83-2ww7-mvq7","CVE-2024-39316"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2024-07-03T18:09:36.882Z","updated_at":"2026-04-05T20:04:48.407Z","epss_percentage":0.00833,"epss_percentile":0.74507,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.1.5","vulnerable_version_range":"\u003e= 3.1.0, \u003c 3.1.5"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE","url":"https://github.com/advisories/GHSA-22f2-v57c-j9cx","title":"Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)","description":"### Summary\n\n```ruby\nmodule Rack\n  class MediaType\n    SPLIT_PATTERN = %r{\\s*[;,]\\s*}\n```\nThe above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split.\n\n### PoC\n\nA simple HTTP request with lots of blank characters in the content-type header:\n\n```ruby\nrequest[\"Content-Type\"] = (\" \" * 50_000) + \"a,\"\n```\n\n### Impact\n\nIt's a very easy to craft ReDoS. Like all ReDoS the impact is debatable.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-02-28T22:57:26.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","references":["https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx","https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462","https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49","https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml","https://nvd.nist.gov/vuln/detail/CVE-2024-25126","https://lists.debian.org/debian-lts-announce/2024/04/msg00022.html","https://security.netapp.com/advisory/ntap-20240510-0005","https://github.com/advisories/GHSA-22f2-v57c-j9cx"],"source_kind":"github","identifiers":["GHSA-22f2-v57c-j9cx","CVE-2024-25126"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2024-02-28T23:04:48.291Z","updated_at":"2026-04-30T20:05:55.202Z","epss_percentage":0.0045,"epss_percentile":0.63712,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.8.1","vulnerable_version_range":"\u003e= 0.4, \u003c 2.2.8.1"},{"first_patched_version":"3.0.9.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.9.1"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD","url":"https://github.com/advisories/GHSA-xj5v-6v4g-jfw6","title":"Rack has possible DoS Vulnerability with Range Header","description":"# Possible DoS Vulnerability with Range Header in Rack\n\nThere is a possible DoS vulnerability relating to the Range request header in\nRack.  This vulnerability has been assigned the CVE identifier CVE-2024-26141.\n\nVersions Affected:  \u003e= 1.3.0.\nNot affected:       \u003c 1.3.0\nFixed Versions:     3.0.9.1, 2.2.8.1\n\nImpact\n------\nCarefully crafted Range headers can cause a server to respond with an\nunexpectedly large response. Responding with such large responses could lead\nto a denial of service issue.\n\nVulnerable applications will use the `Rack::File` middleware or the\n`Rack::Utils.byte_ranges` methods (this includes Rails applications).\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 3-0-range.patch - Patch for 3.0 series\n* 2-2-range.patch - Patch for 2.2 series\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for the report and\npatch","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-02-28T22:57:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6","https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9","https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b","https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml","https://nvd.nist.gov/vuln/detail/CVE-2024-26141","https://github.com/advisories/GHSA-xj5v-6v4g-jfw6"],"source_kind":"github","identifiers":["GHSA-xj5v-6v4g-jfw6","CVE-2024-26141"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2024-02-28T23:04:48.311Z","updated_at":"2026-04-30T20:05:55.202Z","epss_percentage":0.0041,"epss_percentile":0.61363,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.8.1","vulnerable_version_range":"\u003e= 1.3.0, \u003c 2.2.8.1"},{"first_patched_version":"3.0.9.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.9.1"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC","url":"https://github.com/advisories/GHSA-54rr-7fvw-6x8f","title":"Rack Header Parsing leads to Possible Denial of Service Vulnerability","description":"# Possible Denial of Service Vulnerability in Rack Header Parsing\n\nThere is a possible denial of service vulnerability in the header parsing\nroutines in Rack.  This vulnerability has been assigned the CVE identifier\nCVE-2024-26146.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.4, 2.1.4.4, 2.2.8.1, 3.0.9.1\n\nImpact\n------\nCarefully crafted headers can cause header parsing in Rack to take longer than\nexpected resulting in a possible denial of service issue. Accept and Forwarded\nheaders are impacted.\n\nRuby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2\nor newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 2-0-header-redos.patch - Patch for 2.0 series\n* 2-1-header-redos.patch - Patch for 2.1 series\n* 2-2-header-redos.patch - Patch for 2.2 series\n* 3-0-header-redos.patch - Patch for 3.0 series\n\nCredits\n-------\n\nThanks to [svalkanov](https://hackerone.com/svalkanov) for reporting this and\nproviding patches!","origin":"UNSPECIFIED","severity":"LOW","published_at":"2024-02-28T22:57:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f","https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716","https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582","https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f","https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd","https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml","https://nvd.nist.gov/vuln/detail/CVE-2024-26146","https://github.com/advisories/GHSA-54rr-7fvw-6x8f"],"source_kind":"github","identifiers":["GHSA-54rr-7fvw-6x8f","CVE-2024-26146"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2024-02-28T23:04:48.332Z","updated_at":"2026-04-30T20:05:55.203Z","epss_percentage":0.00775,"epss_percentile":0.73684,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.0.9.4","vulnerable_version_range":"\u003c 2.0.9.4"},{"first_patched_version":"2.1.4.4","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.4.4"},{"first_patched_version":"2.2.8.1","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.8.1"},{"first_patched_version":"3.0.9.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.9.1"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq","url":"https://github.com/advisories/GHSA-c6qg-cjj8-47qp","title":"Possible Denial of Service Vulnerability in Rack's header parsing","description":"There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539.\n\nVersions Affected: \u003e= 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1\n\n# Impact\nCarefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted.\n\n# Workarounds\nSetting Regexp.timeout in Ruby 3.2 is a possible workaround.\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-03-15T21:36:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2023-27539","https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27539.yml","https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c","https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff","https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","https://security.netapp.com/advisory/ntap-20231208-0016","https://www.debian.org/security/2023/dsa-5530","https://github.com/advisories/GHSA-c6qg-cjj8-47qp"],"source_kind":"github","identifiers":["GHSA-c6qg-cjj8-47qp","CVE-2023-27539"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-03-15T22:03:00.281Z","updated_at":"2026-04-30T20:07:56.306Z","epss_percentage":0.00364,"epss_percentile":0.58445,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.6.1","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.6.1"},{"first_patched_version":"2.2.6.4","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.2.6.4"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE","url":"https://github.com/advisories/GHSA-3h57-hmj3-gj3p","title":"Rack has possible DoS Vulnerability in Multipart MIME parsing","description":"There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530.\n\nVersions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3\n\n# Impact\nThe Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected.\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n# Workarounds\nA proxy can be configured to limit the POST body size which will mitigate this issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-03-08T17:20:04.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2023-27530","https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2023-27530.yml","https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html","https://www.debian.org/security/2023/dsa-5530","https://security.netapp.com/advisory/ntap-20231208-0015","https://github.com/advisories/GHSA-3h57-hmj3-gj3p"],"source_kind":"github","identifiers":["GHSA-3h57-hmj3-gj3p","CVE-2023-27530"],"repository_url":null,"blast_radius":0.0,"created_at":"2023-03-08T18:03:17.449Z","updated_at":"2026-04-30T20:08:34.533Z","epss_percentage":0.02311,"epss_percentile":0.84828,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.4.2","vulnerable_version_range":"\u003e= 3.0.0, \u003c 3.0.4.2"},{"first_patched_version":"2.2.6.3","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.6.3"},{"first_patched_version":"2.1.4.3","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.4.3"},{"first_patched_version":"2.0.9.3","vulnerable_version_range":"\u003c 2.0.9.3"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0","url":"https://github.com/advisories/GHSA-93pm-5p5f-3ghx","title":"Denial of Service Vulnerability in Rack Content-Disposition parsing","description":"There is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44571.\n\nVersions Affected: \u003e= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1\nImpact\n\nCarefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.0 series\n    2-1-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.1 series\n    2-2-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 2.2 series\n    3-0-Fix-ReDoS-vulnerability-in-multipart-parser - Patch for 3.0 series\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-01-18T18:24:40.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/releases/tag/v3.0.4.1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44571.yml","https://nvd.nist.gov/vuln/detail/CVE-2022-44571","https://discuss.rubyonrails.org/t/cve-2022-44571-possible-denial-of-service-vulnerability-in-rack-content-disposition-parsing/82126","https://www.debian.org/security/2023/dsa-5530","https://github.com/advisories/GHSA-93pm-5p5f-3ghx"],"source_kind":"github","identifiers":["GHSA-93pm-5p5f-3ghx","CVE-2022-44571"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-01-18T19:03:22.042Z","updated_at":"2026-04-30T20:07:05.512Z","epss_percentage":0.03121,"epss_percentile":0.86889,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.4.1","vulnerable_version_range":"\u003e= 3.0.0.0, \u003c 3.0.4.1"},{"first_patched_version":"2.2.6.1","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.6.1"},{"first_patched_version":"2.1.4.2","vulnerable_version_range":"\u003e= 2.1.0, \u003c 2.1.4.2"},{"first_patched_version":"2.0.9.2","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.9.2"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt","url":"https://github.com/advisories/GHSA-65f5-mfpf-vfhj","title":"Denial of service via header parsing in Rack","description":"There is a possible denial of service vulnerability in the Range header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44570.\n\nVersions Affected: \u003e= 1.5.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.2, 3.0.0.1\nImpact\n\nCarefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.0 series\n    2-1-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.1 series\n    2-2-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 2.2 series\n    3-0-Fix-ReDoS-in-Rack-Utils.get_byte_ranges.patch - Patch for 3.0 series","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2023-01-18T18:19:33.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rack/rack/releases/tag/v3.0.4.1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44570.yml","https://nvd.nist.gov/vuln/detail/CVE-2022-44570","https://discuss.rubyonrails.org/t/cve-2022-44570-possible-denial-of-service-vulnerability-in-racks-range-header-parsing/82125","https://www.debian.org/security/2023/dsa-5530","https://security.netapp.com/advisory/ntap-20231208-0010","https://github.com/advisories/GHSA-65f5-mfpf-vfhj"],"source_kind":"github","identifiers":["GHSA-65f5-mfpf-vfhj","CVE-2022-44570"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-01-18T19:03:22.116Z","updated_at":"2026-04-30T20:08:45.090Z","epss_percentage":0.03121,"epss_percentile":0.86889,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.4.1","vulnerable_version_range":"\u003e= 3.0.0.0, \u003c 3.0.4.1"},{"first_patched_version":"2.2.6.2","vulnerable_version_range":"\u003e= 2.2.0.0, \u003c 2.2.6.2"},{"first_patched_version":"2.1.4.2","vulnerable_version_range":"\u003e= 2.1.0.0, \u003c 2.1.4.2"},{"first_patched_version":"2.0.9.2","vulnerable_version_range":"\u003e= 1.5.0, \u003c 2.0.9.2"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs","url":"https://github.com/advisories/GHSA-rqv2-275x-2jq5","title":"Denial of service via multipart parsing in Rack","description":"There is a denial of service vulnerability in the multipart parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-44572.\n\nVersions Affected: \u003e= 2.0.0 Not affected: None. Fixed Versions: 2.0.9.2, 2.1.4.2, 2.2.6.1, 3.0.0.1\nImpact\n\nCarefully crafted input can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.\nReleases\n\nThe fixed releases are available at the normal locations.\nWorkarounds\n\nThere are no feasible workarounds for this issue.\nPatches\n\nTo aid users who aren’t able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n    2-0-Forbid-control-characters-in-attributes.patch - Patch for 2.0 series\n    2-1-Forbid-control-characters-in-attributes.patch - Patch for 2.1 series\n    2-2-Forbid-control-characters-in-attributes.patch - Patch for 2.2 series\n    3-0-Forbid-control-characters-in-attributes.patch - Patch for 3.0 series\n","origin":"UNSPECIFIED","severity":"LOW","published_at":"2023-01-18T18:19:21.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/rack/rack/releases/tag/v3.0.4.1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-44572.yml","https://nvd.nist.gov/vuln/detail/CVE-2022-44572","https://hackerone.com/reports/1639882","https://www.debian.org/security/2023/dsa-5530","https://github.com/advisories/GHSA-rqv2-275x-2jq5"],"source_kind":"github","identifiers":["GHSA-rqv2-275x-2jq5","CVE-2022-44572"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-01-18T19:03:22.126Z","updated_at":"2026-04-30T20:07:05.512Z","epss_percentage":0.00255,"epss_percentile":0.48764,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"3.0.4.1","vulnerable_version_range":"\u003e= 3.0.0.0, \u003c 3.0.4.1"},{"first_patched_version":"2.2.6.1","vulnerable_version_range":"\u003e= 2.2.0.0, \u003c 2.2.6.1"},{"first_patched_version":"2.1.4.2","vulnerable_version_range":"\u003e= 2.1.0.0, \u003c 2.1.4.2"},{"first_patched_version":"2.0.9.2","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.9.2"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW","url":"https://github.com/advisories/GHSA-hxqx-xwvh-44m2","title":"Denial of Service Vulnerability in Rack Multipart Parsing","description":"There is a possible denial of service vulnerability in the multipart parsing component of Rack.  This vulnerability has been assigned the CVE identifier CVE-2022-30122.\n\nVersions Affected:  \u003e= 1.2\nNot affected:       \u003c 1.2\nFixed Versions:     2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability.\n\nImpacted code will use Rack's multipart parser to parse multipart posts.  This includes directly using the multipart parser like this:\n\n```\nparams = Rack::Multipart.parse_multipart(env)\n```\n\nBut it also includes reading POST data from a Rack request object like this:\n\n```\np request.POST # read POST data\np request.params # reads both query params and POST data\n```\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\n## Workarounds\nThere are no feasible workarounds for this issue.\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-05-27T16:36:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml","https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk","https://nvd.nist.gov/vuln/detail/CVE-2022-30122","https://discuss.rubyonrails.org/t/cve-2022-30122-denial-of-service-vulnerability-in-rack-multipart-parsing/80729","https://www.debian.org/security/2023/dsa-5530","https://security.gentoo.org/glsa/202310-18","https://security.netapp.com/advisory/ntap-20231208-0012/","https://github.com/advisories/GHSA-hxqx-xwvh-44m2"],"source_kind":"github","identifiers":["GHSA-hxqx-xwvh-44m2","CVE-2022-30122"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:12:22.209Z","updated_at":"2026-04-28T20:07:43.744Z","epss_percentage":0.01403,"epss_percentile":0.80508,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.3.1","vulnerable_version_range":"\u003e= 2.2, \u003c= 2.2.3.0"},{"first_patched_version":"2.1.4.1","vulnerable_version_range":"\u003e= 2.1, \u003c= 2.1.4.0"},{"first_patched_version":"2.0.9.1","vulnerable_version_range":"\u003e= 1.2, \u003c= 2.0.9.0"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oeHF4LXh3dmgtNDRtMs4AArQW/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV","url":"https://github.com/advisories/GHSA-wq4h-7r42-5hrr","title":"Possible shell escape sequence injection vulnerability in Rack","description":"There is a possible shell escape sequence injection vulnerability in the Lint\nand CommonLogger components of Rack.  This vulnerability has been assigned the\nCVE identifier CVE-2022-30123.\n\nVersions Affected:  All.\nNot affected:       None\nFixed Versions:     2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted requests can cause shell escape sequences to be written to\nthe terminal via Rack's Lint middleware and CommonLogger middleware.  These\nescape sequences can be leveraged to possibly execute commands in the victim's\nterminal.\n\nImpacted applications will have either of these middleware installed, and\nvulnerable apps may have something like this:\n\n```\nuse Rack::Lint\n```\n\nOr\n\n```\nuse Rack::CommonLogger\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nRemove these middleware from your application\n","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-27T16:36:51.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":10.0,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","references":["https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml","https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8","https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88","https://nvd.nist.gov/vuln/detail/CVE-2022-30123","https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728","https://www.debian.org/security/2023/dsa-5530","https://security.gentoo.org/glsa/202310-18","https://security.netapp.com/advisory/ntap-20231208-0011/","https://github.com/advisories/GHSA-wq4h-7r42-5hrr"],"source_kind":"github","identifiers":["GHSA-wq4h-7r42-5hrr","CVE-2022-30123"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:12:22.219Z","updated_at":"2026-04-30T20:09:37.335Z","epss_percentage":0.02206,"epss_percentile":0.84509,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.3.1","vulnerable_version_range":"\u003e= 2.2, \u003c= 2.2.3.0"},{"first_patched_version":"2.1.4.1","vulnerable_version_range":"\u003e= 2.1, \u003c= 2.1.4.0"},{"first_patched_version":"2.0.9.1","vulnerable_version_range":"\u003c= 2.0.9.0"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J","url":"https://github.com/advisories/GHSA-v6j3-7jrw-hq2p","title":"Rack Gem Subject to Denial of Service via Hash Collisions","description":"Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-17T04:59:13.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2011-5036","https://gist.github.com/52bbc6b9cc19ce330829","http://www.debian.org/security/2013/dsa-2783","http://www.kb.cert.org/vuls/id/903934","http://www.ocert.org/advisories/ocert-2011-003.html","https://web.archive.org/web/20120201040317/http://jruby.org/2011/12/27/jruby-1-6-5-1","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2011-5036.yml","https://web.archive.org/web/20130213132312/http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html","http://www.nruns.com/_downloads/advisory28122011.pdf","https://github.com/advisories/GHSA-v6j3-7jrw-hq2p"],"source_kind":"github","identifiers":["GHSA-v6j3-7jrw-hq2p","CVE-2011-5036"],"repository_url":null,"blast_radius":1.0,"created_at":"2023-03-27T17:03:16.616Z","updated_at":"2026-04-23T10:07:33.513Z","epss_percentage":0.01278,"epss_percentile":0.79508,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J","packages":[{"ecosystem":"maven","package_name":"org.jruby:jruby-parent","versions":[{"first_patched_version":"1.6.5.1","vulnerable_version_range":"\u003c 1.6.5.1"}],"purl":null},{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.3.6","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.6"},{"first_patched_version":"1.2.5","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.5"},{"first_patched_version":"1.1.3","vulnerable_version_range":"\u003c 1.1.3"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14Yzg1LTMybWYteHB2OM3iYQ","url":"https://github.com/advisories/GHSA-xc85-32mf-xpv8","title":"Rack arbitrary code execution via timing attack","description":"Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-05T02:48:42.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0263","https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07","https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11","https://bugzilla.redhat.com/show_bug.cgi?id=909071","https://gist.github.com/codahale/f9f3781f7b54985bee94","https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J","https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ","https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ","https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","http://rhn.redhat.com/errata/RHSA-2013-0686.html","http://www.debian.org/security/2013/dsa-2783","https://github.com/advisories/GHSA-xc85-32mf-xpv8"],"source_kind":"github","identifiers":["GHSA-xc85-32mf-xpv8","CVE-2013-0263"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:12:18.658Z","updated_at":"2026-04-28T20:09:27.490Z","epss_percentage":0.16071,"epss_percentile":0.94798,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Yzg1LTMybWYteHB2OM3iYQ","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14Yzg1LTMybWYteHB2OM3iYQ","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.1.6","vulnerable_version_range":"\u003e= 1.1.0, \u003c 1.1.6"},{"first_patched_version":"1.2.8","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.8"},{"first_patched_version":"1.3.10","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.10"},{"first_patched_version":"1.4.5","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.5"},{"first_patched_version":"1.5.2","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.2"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Yzg1LTMybWYteHB2OM3iYQ/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw","url":"https://github.com/advisories/GHSA-v882-ccj6-jc48","title":"Rack vulnerable to Denial of Service","description":"Unspecified vulnerability in `Rack::Auth::AbstractRequest` in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to \"symbolized arbitrary strings.\"","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-05T02:48:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0184","https://bugzilla.redhat.com/show_bug.cgi?id=895384","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","http://rhn.redhat.com/errata/RHSA-2013-0544.html","http://rhn.redhat.com/errata/RHSA-2013-0548.html","http://www.debian.org/security/2013/dsa-2783","https://access.redhat.com/errata/RHSA-2013:0544","https://access.redhat.com/errata/RHSA-2013:0548","https://access.redhat.com/security/cve/CVE-2013-0184","https://github.com/rack/rack/commit/1f61549529d07abd4aa512b8320ab0e97dcacc5d","https://github.com/advisories/GHSA-v882-ccj6-jc48"],"source_kind":"github","identifiers":["GHSA-v882-ccj6-jc48","CVE-2013-0184"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2023-03-08T21:03:15.881Z","updated_at":"2026-04-23T10:08:17.397Z","epss_percentage":0.00677,"epss_percentile":0.715,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.4","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.4"},{"first_patched_version":"1.3.9","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.9"},{"first_patched_version":"1.2.7","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.7"},{"first_patched_version":"1.1.5","vulnerable_version_range":"\u003e= 1.1.0, \u003c 1.1.5"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3","url":"https://github.com/advisories/GHSA-5f9h-9pjv-v6j7","title":"Directory traversal in Rack::Directory app bundled with Rack","description":"A directory traversal vulnerability exists in rack \u003c 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-07-06T21:31:02.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":8.6,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-8161","https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8161.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/T4ZIsfRf2eA","https://groups.google.com/g/rubyonrails-security/c/IOO1vNZTzPA","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://usn.ubuntu.com/4561-1/","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://github.com/advisories/GHSA-5f9h-9pjv-v6j7"],"source_kind":"github","identifiers":["GHSA-5f9h-9pjv-v6j7","CVE-2020-8161"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:23.741Z","updated_at":"2026-04-05T20:08:16.783Z","epss_percentage":0.00907,"epss_percentile":0.755,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.1.3","vulnerable_version_range":"\u003c 2.1.3"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy","url":"https://github.com/advisories/GHSA-j6w9-fv6q-3q52","title":"Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names","description":"A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it possible for an attacker to forge a secure or host-only cookie prefix.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2020-06-24T17:15:00.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2020-8184","https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c","https://hackerone.com/reports/895727","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2020-8184.yml","https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak","https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html","https://usn.ubuntu.com/4561-1/","https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html","https://github.com/advisories/GHSA-j6w9-fv6q-3q52"],"source_kind":"github","identifiers":["GHSA-j6w9-fv6q-3q52","CVE-2020-8184"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:23.946Z","updated_at":"2026-04-28T20:07:43.751Z","epss_percentage":0.00884,"epss_percentile":0.75483,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.2.3","vulnerable_version_range":"\u003e= 2.2.0, \u003c 2.2.3"},{"first_patched_version":"2.1.4","vulnerable_version_range":"\u003c 2.1.4"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz","url":"https://github.com/advisories/GHSA-hrqr-hxpp-chr3","title":"Possible Information Leak / Session Hijack Vulnerability in Rack","description":"There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\nThe session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.\n\n### Impact\n\nThe session id stored in a cookie is the same id that is used when querying the backing session storage engine.  Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id.  By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.\n\n## Releases\n\nThe 1.6.12 and 2.0.8 releases are available at the normal locations.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### Patches\n\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 1-6-session-timing-attack.patch - Patch for 1.6 series\n* 2-0-session-timing-attack.patch - Patch for 2.6 series\n\n### Credits\n\nThanks Will Leinweber for reporting this!","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2019-12-18T19:01:31.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","references":["https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3","https://nvd.nist.gov/vuln/detail/CVE-2019-16782","https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38","http://www.openwall.com/lists/oss-security/2019/12/18/2","http://www.openwall.com/lists/oss-security/2019/12/18/3","http://www.openwall.com/lists/oss-security/2019/12/19/3","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html","http://www.openwall.com/lists/oss-security/2020/04/08/1","http://www.openwall.com/lists/oss-security/2020/04/09/2","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2019-16782.yml","https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX","https://github.com/advisories/GHSA-hrqr-hxpp-chr3"],"source_kind":"github","identifiers":["GHSA-hrqr-hxpp-chr3","CVE-2019-16782"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:26.790Z","updated_at":"2026-04-30T20:11:12.604Z","epss_percentage":0.00892,"epss_percentile":0.75594,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.0.8","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.8"},{"first_patched_version":"1.6.12","vulnerable_version_range":"\u003c 1.6.12"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn","url":"https://github.com/advisories/GHSA-5r2p-j47h-mhpg","title":"Rack vulnerable to Cross-site Scripting","description":"There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-11-15T15:59:08.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.1,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-16471","https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag","https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html","https://usn.ubuntu.com/4089-1/","http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00032.html","http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00016.html","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16471.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/NAalCee8n6o","https://github.com/advisories/GHSA-5r2p-j47h-mhpg"],"source_kind":"github","identifiers":["GHSA-5r2p-j47h-mhpg","CVE-2018-16471"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:13:33.597Z","updated_at":"2026-04-23T10:07:32.280Z","epss_percentage":0.00829,"epss_percentile":0.74553,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.6.11","vulnerable_version_range":"\u003c 1.6.11"},{"first_patched_version":"2.0.6","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.6"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx","url":"https://github.com/advisories/GHSA-hg78-4f6x-99wq","title":"Rack vulnerable to Denial of Service","description":"There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2018-11-15T15:58:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-16470","https://access.redhat.com/errata/RHSA-2019:3172","https://groups.google.com/forum/#!msg/rubyonrails-security/U_x-YkfuVTg/xhvYAmp6AAAJ","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2018-16470.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/Dz4sRl-ktKk","https://github.com/advisories/GHSA-hg78-4f6x-99wq"],"source_kind":"github","identifiers":["GHSA-hg78-4f6x-99wq","CVE-2018-16470"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:13:33.588Z","updated_at":"2026-04-05T20:08:16.782Z","epss_percentage":0.00177,"epss_percentile":0.39006,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"2.0.6","vulnerable_version_range":"\u003e= 2.0.4, \u003c 2.0.6"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNzgtNGY2eC05OXdx/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2YzItcDM0eC1qaHho","url":"https://github.com/advisories/GHSA-9vc2-p34x-jhxh","title":"Moderate severity vulnerability that affects rack","description":"Withdrawn, accidental duplicate publish.\r\n\r\nlib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2018-09-17T21:56:30.000Z","withdrawn_at":"2020-06-16T21:29:41.000Z","classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2015-3225","https://github.com/advisories/GHSA-9vc2-p34x-jhxh"],"source_kind":"github","identifiers":["GHSA-9vc2-p34x-jhxh"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:13:36.155Z","updated_at":"2026-04-30T20:11:23.569Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2YzItcDM0eC1qaHho","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2YzItcDM0eC1qaHho","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.6.2","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.2"},{"first_patched_version":"1.5.4","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.4"},{"first_patched_version":"1.4.6","vulnerable_version_range":"\u003c 1.4.6"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2YzItcDM0eC1qaHho/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5","url":"https://github.com/advisories/GHSA-85r7-w5mv-c849","title":"Rack Vulnerable to Path Traversal","description":"`rack/file.rb` (`Rack::File`) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted `PATH_INFO` environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka \"symlink path traversals.\"","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0262","https://github.com/rack/rack/commit/6f237e4c9fab649d3750482514f0fde76c56ab30","https://bugzilla.redhat.com/show_bug.cgi?id=909071","https://bugzilla.redhat.com/show_bug.cgi?id=909072","https://gist.github.com/rentzsch/4736940","https://github.com/rack/rack/blob/master/lib/rack/file.rb#L56","https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ","https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0262.yml","https://github.com/advisories/GHSA-85r7-w5mv-c849"],"source_kind":"github","identifiers":["GHSA-85r7-w5mv-c849","CVE-2013-0262"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:38.320Z","updated_at":"2026-04-28T20:07:44.968Z","epss_percentage":0.01263,"epss_percentile":0.79502,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.5","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.5"},{"first_patched_version":"1.5.2","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.2"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cjctdzVtdi1jODQ5/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo","url":"https://github.com/advisories/GHSA-h77x-m5q8-c29h","title":"Rack vulnerable to REDoS","description":"`lib/rack/multipart.rb` in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2012-6109","https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5","https://bugzilla.redhat.com/show_bug.cgi?id=895277","https://github.com/rack/rack/blob/master/README.rdoc","https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","https://access.redhat.com/errata/RHSA-2013:0544","https://access.redhat.com/security/cve/CVE-2012-6109","https://groups.google.com/forum/#%21msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ","https://rhn.redhat.com/errata/RHSA-2013-0544.html","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2012-6109.yml","https://github.com/advisories/GHSA-h77x-m5q8-c29h"],"source_kind":"github","identifiers":["GHSA-h77x-m5q8-c29h","CVE-2012-6109"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:38.224Z","updated_at":"2026-04-23T10:07:33.510Z","epss_percentage":0.00828,"epss_percentile":0.745,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.2","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.2"},{"first_patched_version":"1.3.7","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.7"},{"first_patched_version":"1.2.6","vulnerable_version_range":"\u003e= 1.2.0, \u003c 1.2.6"},{"first_patched_version":"1.1.4","vulnerable_version_range":"\u003c 1.1.4"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3","url":"https://github.com/advisories/GHSA-3pxh-h8hw-mj8w","title":"Rack rubygems receiving excessively long lines triggers out-of-memory error","description":"multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:37.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2013-0183","https://github.com/rack/rack/commit/548b9af2dc0059f4c0c19728624448d84de450ff","https://github.com/rack/rack/commit/f95113402b7239f225282806673e1b6424522b18","https://bugzilla.redhat.com/show_bug.cgi?id=895282","https://groups.google.com/forum/#!topic/rack-devel/-MWPHDeGWtI","https://groups.google.com/forum/#!topic/rack-devel/7ZKPNAjgRSs","http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html","http://rack.github.com/","http://www.debian.org/security/2013/dsa-2783","https://access.redhat.com/errata/RHSA-2013:0544","https://access.redhat.com/security/cve/CVE-2013-0183","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2013-0183.yml","https://groups.google.com/forum/#%21topic/rack-devel/-MWPHDeGWtI","https://groups.google.com/forum/#%21topic/rack-devel/7ZKPNAjgRSs","http://rhn.redhat.com/errata/RHSA-2013-0544.html","http://rhn.redhat.com/errata/RHSA-2013-0548.html","https://github.com/advisories/GHSA-3pxh-h8hw-mj8w"],"source_kind":"github","identifiers":["GHSA-3pxh-h8hw-mj8w","CVE-2013-0183"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:38.291Z","updated_at":"2026-04-23T10:07:32.280Z","epss_percentage":0.01824,"epss_percentile":0.82508,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.3","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.3"},{"first_patched_version":"1.3.8","vulnerable_version_range":"\u003e= 1.3.0, \u003c 1.3.8"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2","url":"https://github.com/advisories/GHSA-rgr4-9jh5-j4j6","title":"Rack vulnerable to Denial of Service via large parameter depth request","description":"lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2017-10-24T18:33:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2015-3225","https://github.com/rack/rack/blob/master/HISTORY.md","http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164173.html","http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165180.html","http://lists.opensuse.org/opensuse-updates/2015-07/msg00040.html","http://lists.opensuse.org/opensuse-updates/2015-07/msg00043.html","http://lists.opensuse.org/opensuse-updates/2015-07/msg00044.html","http://openwall.com/lists/oss-security/2015/06/16/14","http://rhn.redhat.com/errata/RHSA-2015-2290.html","http://www.debian.org/security/2015/dsa-3322","https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2015-3225.yml","https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc","https://github.com/advisories/GHSA-rgr4-9jh5-j4j6"],"source_kind":"github","identifiers":["GHSA-rgr4-9jh5-j4j6","CVE-2015-3225"],"repository_url":"https://github.com/rack/rack","blast_radius":0.0,"created_at":"2022-12-21T16:13:39.106Z","updated_at":"2026-04-30T20:07:50.380Z","epss_percentage":0.13251,"epss_percentile":0.94172,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2","packages":[{"ecosystem":"rubygems","package_name":"rack","versions":[{"first_patched_version":"1.4.6","vulnerable_version_range":"\u003e= 1.4.0, \u003c 1.4.6"},{"first_patched_version":"1.5.4","vulnerable_version_range":"\u003e= 1.5.0, \u003c 1.5.4"},{"first_patched_version":"1.6.2","vulnerable_version_range":"\u003e= 1.6.0, \u003c 1.6.2"}],"purl":"pkg:gem/rack"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/rubygems/rack","docker_dependents_count":2618,"docker_downloads_count":1346686159,"usage_url":"https://repos.ecosyste.ms/usage/rubygems/rack","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/rubygems/rack/dependencies","status":null,"funding_links":[],"critical":true,"issue_metadata":{"last_synced_at":"2026-04-29T08:00:46.279Z","issues_count":153,"pull_requests_count":438,"avg_time_to_close_issue":10204153.094017094,"avg_time_to_close_pull_request":2699192.5846153847,"issues_closed_count":117,"pull_requests_closed_count":390,"pull_request_authors_count":104,"issue_authors_count":115,"avg_comments_per_issue":5.209150326797386,"avg_comments_per_pull_request":2.8059360730593608,"merged_pull_requests_count":329,"bot_issues_count":0,"bot_pull_requests_count":7,"past_year_issues_count":36,"past_year_pull_requests_count":81,"past_year_avg_time_to_close_issue":649387.6666666666,"past_year_avg_time_to_close_pull_request":692692.3448275862,"past_year_issues_closed_count":21,"past_year_pull_requests_closed_count":58,"past_year_pull_request_authors_count":34,"past_year_issue_authors_count":33,"past_year_avg_comments_per_issue":3.055555555555556,"past_year_avg_comments_per_pull_request":2.2962962962962963,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":3,"past_year_merged_pull_requests_count":53,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/issues","maintainers":[{"login":"ioquatix","count":152,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ioquatix"},{"login":"tenderlove","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tenderlove"},{"login":"jhawthorn","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhawthorn"},{"login":"raggi","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/raggi"}],"active_maintainers":[{"login":"ioquatix","count":15,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ioquatix"},{"login":"jhawthorn","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhawthorn"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rack/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rack/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rack/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rack/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages/rack/codemeta","maintainers":[{"uuid":"207","login":"tenderlove","name":null,"email":null,"url":null,"packages_count":189,"html_url":"https://rubygems.org/profiles/tenderlove","role":null,"created_at":"2022-11-09T09:46:28.840Z","updated_at":"2022-11-09T09:46:28.840Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/tenderlove/packages"},{"uuid":"47349","login":"rafaelfranca","name":null,"email":null,"url":null,"packages_count":120,"html_url":"https://rubygems.org/profiles/rafaelfranca","role":null,"created_at":"2022-11-09T09:46:28.866Z","updated_at":"2022-11-09T09:46:28.866Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/rafaelfranca/packages"},{"uuid":"96878","login":"eileencodes","name":null,"email":null,"url":null,"packages_count":53,"html_url":"https://rubygems.org/profiles/eileencodes","role":null,"created_at":"2022-11-09T09:46:28.857Z","updated_at":"2022-11-09T09:46:28.857Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/eileencodes/packages"},{"uuid":"44200","login":"ioquatix","name":null,"email":null,"url":null,"packages_count":252,"html_url":"https://rubygems.org/profiles/ioquatix","role":null,"created_at":"2022-11-09T09:46:28.889Z","updated_at":"2022-11-09T09:46:28.889Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/ioquatix/packages"},{"uuid":"264","login":"raggi","name":null,"email":null,"url":null,"packages_count":25,"html_url":"https://rubygems.org/profiles/raggi","role":null,"created_at":"2022-11-09T09:46:28.830Z","updated_at":"2022-11-09T09:46:28.830Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/raggi/packages"},{"uuid":"31711","login":"chneukirchen","name":null,"email":null,"url":null,"packages_count":4,"html_url":"https://rubygems.org/profiles/chneukirchen","role":null,"created_at":"2022-11-09T09:46:28.819Z","updated_at":"2022-11-09T09:46:28.819Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers/chneukirchen/packages"}],"registry":{"name":"rubygems.org","url":"https://rubygems.org","ecosystem":"rubygems","default":true,"packages_count":205567,"maintainers_count":68480,"namespaces_count":0,"keywords_count":0,"github":"rubygems","metadata":{"funded_packages_count":7260},"icon_url":"https://github.com/rubygems.png","created_at":"2022-04-04T15:19:23.446Z","updated_at":"2026-04-03T06:42:17.024Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/rubygems.org/namespaces"}}],"commits":{"id":3332,"full_name":"rack/rack","default_branch":"main","total_commits":2826,"total_committers":567,"total_bot_commits":9,"total_bot_committers":1,"mean_commits":4.984126984126984,"dds":0.9019815994338287,"past_year_total_commits":102,"past_year_total_committers":32,"past_year_total_bot_commits":4,"past_year_total_bot_committers":1,"past_year_mean_commits":3.1875,"past_year_dds":0.6666666666666667,"last_synced_at":"2026-04-30T21:18:54.586Z","last_synced_commit":"3628cea311718b9f2350bd641abfb0f8c5c7292e","created_at":"2023-03-07T09:17:17.238Z","updated_at":"2026-04-30T21:15:21.079Z","committers":[{"name":"Samuel Williams","email":"samuel.williams@oriontransfer.co.nz","login":"ioquatix","count":277},{"name":"Leah Neukirchen","email":"leah@vuxu.org","login":"leahneukirchen","count":262},{"name":"Jeremy Evans","email":"code@jeremyevans.net","login":"jeremyevans","count":230},{"name":"James Tucker","email":"jftucker@gmail.com","login":"raggi","count":228},{"name":"Aaron Patterson","email":"aaron.patterson@gmail.com","login":"tenderlove","count":177},{"name":"Scytrin dai Kinthra","email":"scytrin@gmail.com","login":"scytrin","count":105},{"name":"Joshua Peek","email":"josh@joshpeek.com","login":"josh","count":101},{"name":"Konstantin Haase","email":"konstantin.mailinglists@googlemail.com","login":"rkh","count":63},{"name":"Michael Fellinger","email":"m.fellinger@gmail.com","login":"manveru","count":44},{"name":"Santiago Pastorino","email":"santiago@wyeworks.com","login":"spastorino","count":44},{"name":"Ryan Tomayko","email":"rtomayko@gmail.com","login":"rtomayko","count":31},{"name":"Jeremy Kemper","email":"jeremy@bitsweat.net","login":"jeremy","count":27},{"name":"James Tucker","email":"raggi@google.com","login":null,"count":24},{"name":"deepj","email":"deepjungle.maca@gmail.com","login":"deepj","count":23},{"name":"José Valim","email":"jose.valim@gmail.com","login":"josevalim","count":22},{"name":"Christoffer Sawicki","email":"christoffer.sawicki@gmail.com","login":"qerub","count":20},{"name":"Ravil Bayramgalin","email":"brainopia@evilmartians.com","login":null,"count":17},{"name":"Eric Wong","email":"normalperson@yhbt.net","login":null,"count":16},{"name":"Eric Wong","email":"e@80x24.org","login":null,"count":14},{"name":"Lars Gierth","email":"lars.gierth@gmail.com","login":null,"count":14},{"name":"Rafael Mendonça França","email":"rafaelmfranca@gmail.com","login":"rafaelfranca","count":14},{"name":"Oscar Del Ben","email":"oscar@oscardelben.com","login":"oscardelben","count":14},{"name":"Postmodern","email":"postmodern.mod3@gmail.com","login":"postmodern","count":13},{"name":"eileencodes","email":"eileencodes@gmail.com","login":"eileencodes","count":13},{"name":"Yoshiyuki Hirano","email":"yhirano@me.com","login":"yhirano55","count":12},{"name":"Olle Jonsson","email":"olle.jonsson@auctionet.com","login":"olleolleolle","count":12},{"name":"Thomas Klemm","email":"github@tklemm.eu","login":"thomasklemm","count":12},{"name":"Patrik Ragnarsson","email":"patrik@starkast.net","login":"dentarg","count":12},{"name":"Hongli Lai (Phusion)","email":"hongli@phusion.nl","login":"FooBarWidget","count":12},{"name":"Nick Adams","email":"nick@nickadams.co.uk","login":null,"count":12},{"name":"Earlopain","email":"14981592+Earlopain","login":"Earlopain","count":11},{"name":"Ryan Davis","email":"ryand-ruby@zenspider.com","login":"zenspider","count":11},{"name":"Max Cantor","email":"max@maxcantor.net","login":"changemewtf","count":11},{"name":"Krzysztof Rybka","email":"krzysztof.rybka@gmail.com","login":"krzysiek1507","count":10},{"name":"Luca Guidi","email":"me@lucaguidi.com","login":"jodosha","count":10},{"name":"Pavel Rosicky","email":"pavel.rosicky@easy.cz","login":"ahorek","count":10},{"name":"Adrian Setyadi","email":"a.styd@yahoo.com","login":"styd","count":10},{"name":"Ryuta Kamizono","email":"kamipo@gmail.com","login":"kamipo","count":9},{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":9},{"name":"Jon Dufresne","email":"jon.dufresne@gmail.com","login":"jdufresne","count":8},{"name":"Matthew Draper","email":"matthew@trebex.net","login":"matthewd","count":8},{"name":"rinaldifonseca","email":"rinaldifonseca@gmail.com","login":"rinaldifonseca","count":8},{"name":"Dan Kubb","email":"dan.kubb@autopilotmarketing.com","login":null,"count":8},{"name":"Tim Fletcher","email":"twoggle@gmail.com","login":null,"count":7},{"name":"Lukas Oberhuber","email":"lukas.oberhuber@simplybusiness.co.uk","login":null,"count":7},{"name":"Vipul A M","email":"vipulnsward@gmail.com","login":"vipulnsward","count":7},{"name":"Matt Todd","email":"chiology@gmail.com","login":"mtodd","count":7},{"name":"Jean Boussier","email":"jean.boussier@gmail.com","login":"byroot","count":7},{"name":"Ian Cordasco","email":"graffatcolmingov@gmail.com","login":"sigmavirus24","count":7},{"name":"Guo Xiang Tan","email":"tgx_world@hotmail.com","login":"tgxworld","count":7},{"name":"thedarkone","email":"thedarkone2@gmail.com","login":"thedarkone","count":6},{"name":"Ryan Bigg","email":"radarlistener@gmail.com","login":"radar","count":6},{"name":"Simon Chiang","email":"simon.a.chiang@gmail.com","login":"thinkerbot","count":5},{"name":"Richard Schneeman","email":"richard.schneeman@gmail.com","login":"schneems","count":5},{"name":"Megan Batty","email":"megan@stormbrew.ca","login":"stormbrew","count":5},{"name":"Josef Šimánek","email":"josef.simanek@gmail.com","login":"simi","count":5},{"name":"Jordan Owens","email":"jkowens@gmail.com","login":"jkowens","count":5},{"name":"Aaron Rosenberg","email":"aarongrosenberg@gmail.com","login":"agrberg","count":5},{"name":"Sophie Deziel","email":"courrier@sophiedeziel.com","login":"sophiedeziel","count":5},{"name":"John Hawthorn","email":"john@hawthorn.email","login":"jhawthorn","count":5},{"name":"Jean byroot Boussier","email":"jean.boussier+github@shopify.com","login":"casperisfine","count":5},{"name":"Janko Marohnić","email":"janko.marohnic@gmail.com","login":"janko","count":5},{"name":"Vais Salikhov","email":"vsalikhov@gmail.com","login":"vais","count":5},{"name":"Dima Fatko","email":"fatkodima123@gmail.com","login":"fatkodima","count":5},{"name":"Dan Kubb","email":"dan.kubb@gmail.com","login":"dkubb","count":5},{"name":"Akira Matsuda","email":"ronnie@dio.jp","login":"amatsuda","count":5},{"name":"Timothy Elliott","email":"tle@holymonkey.com","login":"ender672","count":4},{"name":"Stephen Best","email":"bestie@gmail.com","login":"bestie","count":4},{"name":"Jian Weihang","email":"tonytonyjan@gmail.com","login":"tonytonyjan","count":4},{"name":"Hartley McGuire","email":"skipkayhil@gmail.com","login":"skipkayhil","count":4},{"name":"Ben Hamill","email":"git-commits@benhamill.com","login":null,"count":4},{"name":"Will Jordan","email":"will@code.org","login":"wjordan","count":4},{"name":"dB","email":"dblock@dblock.org","login":"dblock","count":4},{"name":"Sam","email":"sam.saffron@gmail.com","login":"SamSaffron","count":4},{"name":"MSP-Greg","email":"MSP-Greg","login":"MSP-Greg","count":4},{"name":"Katsuhiko YOSHIDA","email":"claddvd@gmail.com","login":"kyoshidajp","count":4},{"name":"haruki0409","email":"76884995+haruki0409","login":"haruki0409","count":4},{"name":"Uriel Katz","email":"uriel.katz@gmail.com","login":"urielka","count":3},{"name":"Valentin V. Bartenev","email":"vbart@nginx.com","login":"VBart","count":3},{"name":"Yusuke Endoh","email":"mame@ruby-lang.org","login":"mame","count":3},{"name":"lanzhiheng","email":"lanzhihengrj@gmail.com","login":"lanzhiheng","count":3},{"name":"osamtimizer","email":"eaten.jb@gmail.com","login":"osamtimizer","count":3},{"name":"Brian Candler","email":"b.candler@pobox.com","login":"candlerb","count":3},{"name":"Lenny Marks","email":"lenny@aps.org","login":"lenny","count":3},{"name":"Ted Johansson","email":"drenmi@gmail.com","login":"Drenmi","count":3},{"name":"Phil Hagelberg","email":"technomancy@gmail.com","login":"technomancy","count":3},{"name":"Martin Ottenwaelter","email":"martin.ottenwaelter@gmail.com","login":"martoche","count":3},{"name":"Ryunosuke Sato","email":"tricknotes.rs@gmail.com","login":"tricknotes","count":3},{"name":"KITAITI Makoto","email":"KitaitiMakoto@gmail.com","login":"KitaitiMakoto","count":3},{"name":"Junichi Ito","email":"jit@sonicgarden.jp","login":"JunichiIto","count":3},{"name":"Jamie Woods","email":"jamie.woods@bbc.co.uk","login":"Jamie0","count":3},{"name":"ITO Nobuaki","email":"daydream.trippers@gmail.com","login":"dayflower","count":3},{"name":"Garen Torikian","email":"gjtorikian@gmail.com","login":"gjtorikian","count":3},{"name":"Felix Bünemann","email":"buenemann@louis.info","login":"felixbuenemann","count":3},{"name":"Evan Phoenix","email":"evan@fallingsnow.net","login":"evanphx","count":3},{"name":"Zachary Scott","email":"zachary@zacharyscott.net","login":null,"count":3},{"name":"Thomas Grindinger","email":"thomas@linux-ei28.site","login":null,"count":3},{"name":"Santiago Pastorino \u0026 Alexis Mas","email":"santiago+alexis@wyeworks.com","login":null,"count":3},{"name":"Rafael Mendonça França","email":"rafael.franca@plataformatec.com.br","login":null,"count":3},{"name":"Franklin Webber","email":"franklin.webber@gmail.com","login":null,"count":3},{"name":"Alex Rakoczy \u0026 Matthew Horan","email":"pair+arakoczy+mhoran@pivotallabs.com","login":null,"count":3},{"name":"Andy Lindeman","email":"andy@highgroove.com","login":"alindeman","count":3},{"name":"Andreas Loupasakis","email":"andreas@aloop.org","login":"alup","count":3},{"name":"Andrew Konchin","email":"andry.konchin@gmail.com","login":"andrykonchin","count":3},{"name":"Anton Davydov","email":"antondavydov.o@gmail.com","login":"davydovanton","count":3},{"name":"Anurag Priyam","email":"anurag08priyam@gmail.com","login":"yeban","count":3},{"name":"Benoit Daloze","email":"eregontp@gmail.com","login":"eregon","count":3},{"name":"Carl Zulauf","email":"carl@linkleaf.com","login":"carlzulauf","count":3},{"name":"Charles Oliver Nutter","email":"headius@headius.com","login":"headius","count":3},{"name":"Kir Shatrov","email":"kirs","login":"kirs","count":2},{"name":"Alec Clarke","email":"alec.clarke@clio.com","login":null,"count":2},{"name":"Igor Kapkov","email":"igasgeek@me.com","login":null,"count":2},{"name":"HannesG","email":"hag@informatik.uni-kiel.de","login":null,"count":2},{"name":"Gustavo Villa","email":"gustavo@backlotcars.com","login":null,"count":2},{"name":"Gregor Melhorn","email":"gregor.melhorn@gmail.com","login":null,"count":2},{"name":"Graham Conzett","email":"gconzett@covermymeds.com","login":null,"count":2},{"name":"Jakub Pawlowicz","email":"contact@jakubpawlowicz.com","login":"jakubpawlowicz","count":2},{"name":"James Silberbauer","email":"jamessil@telkomsa.net","login":"jcsjcs","count":2},{"name":"Naveen","email":"172697+naveensrinivasan","login":"naveensrinivasan","count":2},{"name":"Erik Michaels-Ober","email":"sferik@gmail.com","login":"sferik","count":2},{"name":"Egor Homakov","email":"homakov@gmail.com","login":"homakov","count":2},{"name":"David Wang","email":"DevilDavidWang@gmail.com","login":"dahakawang","count":2},{"name":"David Celis","email":"me@davidcel.is","login":"davidcelis","count":2},{"name":"Daniel Roethlisberger","email":"daniel@roe.ch","login":"droe","count":2},{"name":"Daniel Rodríguez Troitiño","email":"drodrigueztroitino@yahoo.es","login":"drodriguez","count":2},{"name":"Daniel Aleksandersen","email":"code@daniel.priv.no","login":"da2x","count":2},{"name":"Damir Svrtan","email":"damir.svrtan@gmail.com","login":"DamirSvrtan","count":2},{"name":"Christopher J Kinniburgh","email":"s.github@cjkinni.com","login":"CJKinni","count":2},{"name":"Christian Bruckmayer","email":"cbruckmayer@suse.com","login":"ChrisBr","count":2},{"name":"Chris Griego","email":"cgriego@gmail.com","login":"cgriego","count":2},{"name":"Charles Hornberger","email":"charles.hornberger@gmail.com","login":"charlie","count":2},{"name":"Kenn Costales","email":"fxkennyfrc@gmail.com","login":"kennyfrc","count":2},{"name":"Aaron Suggs","email":"aaron@ktheory.com","login":"ktheory","count":2},{"name":"Alexander Popov","email":"alex.wayfer@gmail.com","login":"AlexWayfer","count":2},{"name":"Alexander Shemetovsky","email":"alexkval@gmail.com","login":"AlexKVal","count":2},{"name":"Anatolii Didukh","email":"railsme7@gmail.com","login":"AnatoliiD","count":2},{"name":"Prathamesh Sonpatki","email":"csonpatki@gmail.com","login":"prathamesh-sonpatki","count":2},{"name":"Geremia Taglialatela","email":"tagliala.dev@gmail.com","login":"tagliala","count":2},{"name":"Bart de Water","email":"bartdewater@gmail.com","login":"bdewater","count":2},{"name":"Bart ten Brinke","email":"info@retrosync.com","login":"barttenbrinke","count":2},{"name":"Ben Alpert","email":"spicyjalapeno@gmail.com","login":"sophiebits","count":2},{"name":"Brendan Baldwin","email":"brendan@usergenic.com","login":"usergenic","count":2},{"name":"Brian Palmer","email":"brianp@instructure.com","login":"codekitchen","count":2},{"name":"Bruno Aguirre","email":"yo@brunoaguirre.com","login":"elcuervo","count":2},{"name":"Stephen Celis","email":"stephen@stephencelis.com","login":"stephencelis","count":2},{"name":"Sho Ito","email":"i.sho.0628@gmail.com","login":"Sean0628","count":2},{"name":"Seamus Abshere","email":"seamus@abshere.net","login":"seamusabshere","count":2},{"name":"Samuel Williams","email":"samuel.williams@shopify.com","login":"samuel-williams-shopify","count":2},{"name":"Espartaco Palma","email":"esparta@gmail.com","login":"esparta","count":2},{"name":"Keith Gable","email":"ziggy@ignition-project.com","login":"ziggythehamster","count":2},{"name":"OKURA Masafumi","email":"masafumi.o1988@gmail.com","login":"okuramasafumi","count":2},{"name":"Oleksandr Avoiants","email":"shhavel@gmail.com","login":"shhavel","count":2},{"name":"Pete Elmore","email":"pete@debu.gs","login":"pete","count":2},{"name":"Peter Ohler","email":"peter@ohler.com","login":"ohler55","count":2},{"name":"Petrik","email":"petrik@deheus.net","login":"p8","count":2},{"name":"Pieter van de Bruggen","email":"pvande@gmail.com","login":"pvande","count":2},{"name":"Rob","email":"rob.anderton@thewebfellas.com","login":"rob-at-thewebfellas","count":2},{"name":"Rob Jones","email":"jones@craic.com","login":"craic","count":2},{"name":"Artūrs Mekšs","email":"arturs.mekss@gmail.com","login":"AMekss","count":2},{"name":"Benjamin Quorning","email":"22333+bquorning","login":"bquorning","count":2},{"name":"Sam Roberts","email":"vieuxtech@gmail.com","login":"sam-github","count":2},{"name":"Sam Ruby","email":"rubys@intertwingly.net","login":"rubys","count":2},{"name":"Uchio KONDO","email":"udzura@udzura.jp","login":"udzura","count":2},{"name":"Will Bryant","email":"will.bryant@gmail.com","login":"willbryant","count":2},{"name":"Wojtek Kruszewski","email":"wojtek@oxos.pl","login":"wkrsz","count":2},{"name":"Yann Vanhalewyn","email":"yann.vanhalewyn@gmail.com","login":"yannvanhalewyn","count":2},{"name":"alpaca-tc","email":"alpaca-tc@alpaca.tc","login":"alpaca-tc","count":2},{"name":"bartuer","email":"bartuer@gmail.com","login":"bartuer","count":2},{"name":"comboy","email":"kacper.ciesla@gmail.com","login":"comboy","count":2},{"name":"cremno","email":"cremno@mail.ru","login":"cremno","count":2},{"name":"oleg dashevskii","email":"olegdashevskii@gmail.com","login":"be9","count":2},{"name":"s.kawahara","email":"kawahara.shinya@izumo-it.co.jp","login":"itnsk","count":2},{"name":"tompng","email":"tomoyapenguin@gmail.com","login":"tompng","count":2},{"name":"Troels Thomsen","email":"troels@thomsen.io","login":"tt","count":2},{"name":"Tomer Elmalem","email":"telmalem@gmail.com","login":"tomelm","count":2},{"name":"Tim Moore","email":"tmoore@incrementalism.net","login":"TimMoore","count":2},{"name":"Tim Lucas","email":"t.lucas@toolmantim.com","login":"toolmantim","count":2},{"name":"Tim Connor","email":"timocratic@gmail.com","login":"knzai","count":2},{"name":"TJ Holowaychuk","email":"tj@vision-media.ca","login":"tj","count":2},{"name":"Steve Richert","email":"steve.richert@gmail.com","login":"laserlemon","count":2},{"name":"Nikolay Rys","email":"nikolay@rys.me","login":"NikolayRys","count":2},{"name":"Fabian Rodriguez","email":"fabianrbz@gmail.com","login":"fabianrbz","count":2},{"name":"Felix C. Stegerman","email":"flx@obfusk.net","login":"obfusk","count":2},{"name":"Gioele Barabucci","email":"gioele@svario.it","login":"gioele","count":2},{"name":"Grayson Wright","email":"wright.grayson@gmail.com","login":"c-lliope","count":2},{"name":"Matt Brictson","email":"matt@123mail.org","login":"mattbrictson","count":2},{"name":"Grey Baker","email":"greysteil@gmail.com","login":"greysteil","count":2},{"name":"Wei Zhe","email":"tech@weizheheng.com","login":null,"count":2},{"name":"Yehuda Katz + Carl Lerche","email":"ykatz+clerche@engineyard.com","login":null,"count":2},{"name":"nleguen","email":"nleguen@anaeinteractive.com","login":null,"count":2},{"name":"Rich Meyers","email":"richmeyers@gmx.com","login":null,"count":2},{"name":"Rodrigo Flores","email":"rodrigo.flores@plataformatec.com.br","login":null,"count":2},{"name":"S. Brent Faulkner","email":"brentf@unwwwired.net","login":null,"count":2},{"name":"Lars Gierth","email":"lars@soundcloud.com","login":null,"count":2},{"name":"Keith Duncan","email":"keith.duncan@github.com","login":null,"count":2},{"name":"John Hope","email":"info@midhirrecords.com","login":null,"count":2},{"name":"John Firebaugh","email":"john_firebaugh@us.ibm.com","login":null,"count":2},{"name":"Janne Hietamaki","email":"janne.hietamaki@leonidasoy.fi","login":null,"count":2},{"name":"Jan Xie","email":"jan.h.xie@gmail.com","login":null,"count":2},{"name":"Nick LaMuro","email":"nicklamuro@gmail.com","login":"NickLaMuro","count":2},{"name":"Michal Bryxí","email":"michal.bryxi@gmail.com","login":"MichalBryxi","count":2},{"name":"Michael Sauter","email":"michael.sauter@experteer.com","login":"michaelsauter","count":2},{"name":"Michael Herold","email":"github@michaeljherold.com","login":"michaelherold","count":2},{"name":"Matthew M. Boedicker","email":"matthewm@boedicker.org","login":"mmb","count":2},{"name":"Matt Kasa","email":"mkasa@baent.net","login":"mattkasa","count":2},{"name":"Masayoshi Takahashi","email":"takahashimm@gmail.com","login":"takahashim","count":2},{"name":"Mark Turner","email":"mark@amerine.net","login":"amerine","count":2},{"name":"Marc-André Cournoyer","email":"macournoyer@gmail.com","login":"macournoyer","count":2},{"name":"Kouhei Sutou","email":"kou@clear-code.com","login":"kou","count":2},{"name":"yuuji.yaginuma","email":"yuuji.yaginuma@gmail.com","login":"y-yagi","count":2},{"name":"Junghyun Park","email":"rockethyun@gmail.com","login":"hyun-park","count":2},{"name":"Julik Tarkhanov","email":"me@julik.nl","login":"julik","count":2},{"name":"Jordi Massaguer Pla","email":"jmassaguerpla@suse.de","login":"jordimassaguerpla","count":2},{"name":"John Naegle","email":"john.naegle@goodmeasures.com","login":"johnnaegle","count":2},{"name":"John Manoogian III","email":"jm3@jm3.net","login":"jm3","count":2},{"name":"Jamie Hodge","email":"jamiehodge@me.com","login":"jamiehodge","count":2},{"name":"William","email":"35801+wtn","login":"wtn","count":2},{"name":"Gary Grossman","email":"ggrossman@zendesk.com","login":null,"count":2},{"name":"Adrien Rey-Jarthon","email":"jobs@adrienjarthon.com","login":"jarthod","count":1},{"name":"Adam Wiggins","email":"adam@heroku.com","login":"adamwiggins","count":1},{"name":"Adam Daniels","email":"adam@mediadrive.ca","login":"adam12","count":1},{"name":"Adam Butler","email":"adam@lab.io","login":"adambutler","count":1},{"name":"takiy33","email":"takiy33@gmail.com","login":null,"count":1},{"name":"slivu","email":"slivuz@gmail.com","login":null,"count":1},{"name":"sbfaulkner","email":"brentf@gto.net","login":null,"count":1},{"name":"remi","email":"remi@remitaylor.com","login":null,"count":1},{"name":"qertoip","email":"qertoip@gmail.com","login":null,"count":1},{"name":"nov","email":"nov.matake@gree.net","login":null,"count":1},{"name":"hexfet","email":"jpublic123@yahoo.com","login":null,"count":1},{"name":"eTM","email":"juergen.mangler@univie.ac.at","login":null,"count":1},{"name":"Zachary Scott","email":"mail@zzak.io","login":null,"count":1},{"name":"Zachary Scott","email":"e@zzak.io","login":null,"count":1},{"name":"Yun Huang Yong","email":"gumby@mooh.org","login":null,"count":1},{"name":"Victor Bilyk","email":"spy@undev.ru","login":null,"count":1},{"name":"Timur Batyrshin","email":"erthad@altlinux.org","login":null,"count":1},{"name":"Teo Ljungberg","email":"teo.ljungberg@gmail.com","login":null,"count":1},{"name":"Tadashi Saito","email":"tadashi_saito@dwango.co.jp","login":null,"count":1},{"name":"Stefano Cobianchi","email":"stefano.cobianchi@gmail.com","login":null,"count":1},{"name":"Simon Chiang","email":"simon.chiang@pinnacol.com","login":null,"count":1},{"name":"Saundra Castaneda","email":"svcastaneda@github.com","login":null,"count":1},{"name":"Raving Genius","email":"rg+code@ravinggenius.com","login":null,"count":1},{"name":"Neal Harris","email":"neal@squareup.com","login":null,"count":1},{"name":"Muir Manders","email":"muir@retailnext.net","login":null,"count":1},{"name":"Mobile Commons","email":"android@mcommons.com","login":null,"count":1},{"name":"Maël Clérambault","email":"maelclerambault@yahoo.fr","login":null,"count":1},{"name":"Maurizio De Magnis","email":"maurizio.demagnis@gmail.com","login":null,"count":1},{"name":"Matthias Hengel","email":"matthias@wovn.io","login":null,"count":1},{"name":"Martin Emde \u0026 Jason Hansen","email":"memde@engineyard.com","login":null,"count":1},{"name":"Maksim Sitnikov","email":"sitnikovme@undev.ru","login":null,"count":1},{"name":"Lucas Kanashiro","email":"lucas.kanashiro@collabora.com","login":null,"count":1},{"name":"Lisa Ugray","email":"lisa.ugray@shopify.com","login":null,"count":1},{"name":"Thomas","email":"ts@tcare.fr","login":null,"count":1},{"name":"Keiji, Yoshimi","email":"walf443@gmail dot com","login":null,"count":1},{"name":"Juanito Fatas","email":"juanito.fatas@shopify.com","login":null,"count":1},{"name":"Adam Harper","email":"adam@harper.nu","login":null,"count":1},{"name":"Alex","email":"Alex@Alexs-Mac-Pro.local","login":null,"count":1},{"name":"Alex Beregszaszi","email":"alex@datira.com","login":null,"count":1},{"name":"Alex Rakoczy, Matthew Horan \u0026 Ryan Ong","email":"pair+arakoczy+mhoran+rong@pivotallabs.com","login":null,"count":1},{"name":"Alexandru Creanga","email":"alexandru.creanga@assist.ro","login":null,"count":1},{"name":"Aman Gupta","email":"aman@ramaze.net","login":null,"count":1},{"name":"Andrew Bortz","email":"abortz@cs.stanford.edu","login":null,"count":1},{"name":"Andrew Stevens","email":"astevens@tstmedia.com","login":null,"count":1},{"name":"Ben","email":"ben@Macintosh.local","login":null,"count":1},{"name":"Bosko Milekic","email":"bmilekic@tesla.(none)","login":null,"count":1},{"name":"Carl Lerche","email":"carllerche@mac.com","login":null,"count":1},{"name":"Chase DuBois","email":"cdubois@goodreads.com","login":null,"count":1},{"name":"Fran Casas","email":"nflamel@otrobloggeek.com","login":null,"count":1},{"name":"Dave Myron","email":"dave.myron@contentfree.com","login":null,"count":1},{"name":"Derek and Matt","email":"drat@gdis-imac-2.local","login":null,"count":1},{"name":"Diego Plentz","email":"diego@plentz.org","login":null,"count":1},{"name":"Diego Scataglini","email":"diego@junivi.com","login":null,"count":1},{"name":"Durran Jordan and Paul Elliott","email":"dev+durran+paulelliott@hashrocket.com","login":null,"count":1},{"name":"Emmanuel Hayford","email":"hi@manny.codes","login":null,"count":1},{"name":"Eric Wong","email":"e...@80x24.org","login":null,"count":1},{"name":"Erwan Thomas","email":"erwan.thomas@steeple.fr","login":null,"count":1},{"name":"Joe Van Dyk","email":"joe@fixieconsulting.com","login":null,"count":1},{"name":"Francesco Rodríguez","email":"frodsan@protonmail.ch","login":null,"count":1},{"name":"Gearnode","email":"bfrimin@student.42.fr","login":null,"count":1},{"name":"Iain Barnett","email":"iainspeed@gmail.com","login":null,"count":1},{"name":"Jack Xu","email":"Jack_Xu@cable.comcast.com","login":null,"count":1},{"name":"Jasper Culong","email":"jculongit10@yahoo.com","login":null,"count":1},{"name":"Jon Bardin","email":"jon@jbardin.local","login":null,"count":1},{"name":"Jonas Nicklas and Kim Burgestrand","email":"dev+jnicklas+burgestrand@elabs.se","login":null,"count":1},{"name":"Jonathan del Strother","email":"jon.delStrother@audioboo.fm","login":null,"count":1},{"name":"Jonathan del Strother","email":"jon.delStrother@bestbefore.tv","login":null,"count":1},{"name":"Robin Bortlik","email":"robinbortlik@gmail.com","login":"robinbortlik","count":1},{"name":"Roberto Miranda","email":"rjmaltamar@gmail.com","login":"robertomiranda","count":1},{"name":"Robert Gogolok","email":"gogolok@gmail.com","login":"gogolok","count":1},{"name":"Ricardo Chimal, Jr","email":"ricardo@heroku.com","login":"ricardochimal","count":1},{"name":"Rhett Sutphin","email":"rhett@detailedbalance.net","login":"rsutphin","count":1},{"name":"Radek Osmulski","email":"rosmulski@gmail.com","login":"radekosmulski","count":1},{"name":"Prem Sichanugrist","email":"s@sikac.hu","login":"sikachu","count":1},{"name":"Pierre Chapuis","email":"catwell@archlinux.us","login":"catwell","count":1},{"name":"Peter Wilmott","email":"p@p8952.info","login":"p8952","count":1},{"name":"Peter Rhoades","email":"createdbypete@gmail.com","login":"createdbypete","count":1},{"name":"Peter Cline","email":"peter.cline@gmail.com","login":"petercline","count":1},{"name":"Pete Nicholls","email":"aupajo@gmail.com","login":"Aupajo","count":1},{"name":"Paul R Alexander","email":"palexander@stanford.edu","login":"palexander","count":1},{"name":"Patrik Rak","email":"patrik@raxoft.cz","login":"raxoft","count":1},{"name":"Patrick Tulskie","email":"patricktulskie@gmail.com","login":"PatrickTulskie","count":1},{"name":"Patrick Aljord","email":"patcito@gmail.com","login":"patcito","count":1},{"name":"Pat Allan","email":"pat@freelancing-gods.com","login":"pat","count":1},{"name":"Paolo \"Nusco\" Perrotta","email":"paolo.nusco.perrotta@gmail.com","login":"nusco","count":1},{"name":"Stephen Paul Weber","email":"singpolyma@singpolyma.net","login":"singpolyma","count":1},{"name":"Stefan Wrobel","email":"swrobel","login":"swrobel","count":1},{"name":"Sokolov Yura","email":"funny.falcon@gmail.com","login":"funny-falcon","count":1},{"name":"Snuggs","email":"rashaunstovall@gmail.com","login":"snuggs","count":1},{"name":"Shlomo Shuck","email":"sjshuck@us.ibm.com","login":"sjshuck-ibm","count":1},{"name":"Sergey Chooh","email":"chooh@chooh.msk.ru","login":"chooh","count":1},{"name":"Sebastiaan Pouyet","email":"srpouyet","login":"srpouyet","count":1},{"name":"Sean McGivern","email":"sean@mcgivern.me.uk","login":"smcgivern","count":1},{"name":"Sean Griffin","email":"sean@seantheprogrammer.com","login":"sgrif","count":1},{"name":"Samvita_Karkal","email":"48873741+SamvitaKarkal","login":"SamvitaKarkal","count":1},{"name":"Sam Woodard","email":"sam.h.woodard@gmail.com","login":"shwoodard","count":1},{"name":"Sam Stephenson","email":"sam@37signals.com","login":"sstephenson","count":1},{"name":"Ryosuke Yamazaki","email":"ryosuke.yamazaki@techouse.jp","login":"nappa","count":1},{"name":"Ryan T. Hosford","email":"tad.hosford@gmail.com","login":"rthbound","count":1},{"name":"Russ Smith","email":"russ@bashme.org","login":"russ","count":1},{"name":"Rune Philosof","email":"57357936+runephilosof-abtion","login":"runephilosof-abtion","count":1},{"name":"Rodrigo Rosenfeld Rosas","email":"rr.rosas@gmail.com","login":"rosenfeld","count":1},{"name":"Matthias Günther","email":"matze@wikimatze.de","login":"wikimatze","count":1},{"name":"Matthew Trost","email":"mrtrost@gmail.com","login":"matthewtoast","count":1},{"name":"Matthew Puku","email":"47205255+matthew-puku","login":"matthew-puku","count":1},{"name":"Matt Wildig","email":"matt@mattwildig.co.uk","login":"mattwildig","count":1},{"name":"Matt Robenolt","email":"matt@ydekproductions.com","login":"mattrobenolt","count":1},{"name":"Matt Langlois","email":"fletchto99@gmail.com","login":"fletchto99","count":1},{"name":"Matias Korhonen","email":"matias@kiskolabs.com","login":"matiaskorhonen","count":1},{"name":"Masato Nakamura","email":"masato.nakamura145@gmail.com","login":"m-nakamura145","count":1},{"name":"Masamune","email":"125840508+Masamuneee","login":"Masamuneee","count":1},{"name":"Martin Schürrer","email":"martin@schuerrer.org","login":"MSch","count":1},{"name":"Jordan Raine","email":"jnraine@gmail.com","login":"jnraine","count":1},{"name":"Marek Kasztelnik","email":"mkasztelnik@gmail.com","login":"mkasztelnik","count":1},{"name":"Marcus Stollsteimer","email":"sto.mar@web.de","login":"stomar","count":1},{"name":"Marcelo Junior","email":"marcelo.jr63@gmail.com","login":"juneira","count":1},{"name":"Mamoru TASAKA","email":"mtasaka@fedoraproject.org","login":"mtasaka","count":1},{"name":"Magnus Holm","email":"judofyr@gmail.com","login":"judofyr","count":1},{"name":"MIKAMI Yoshiyuki","email":"yoshuki@saikyoline.jp","login":"yoshuki","count":1},{"name":"Luke Jahnke","email":"luke.jahnke@gmail.com","login":"lukejahnke","count":1},{"name":"Robin Wallin","email":"walro467@gmail.com","login":"walro","count":1},{"name":"Oskar Pearson","email":"oskar@deckle.co.uk","login":"oskarpearson","count":1},{"name":"Oleh Demianiuk","email":"oleh.demianiuk@managebac.com","login":"oleh-demyanyuk","count":1},{"name":"Oana Sipos","email":"oanasipos@gmail.com","login":"oana-sipos","count":1},{"name":"Noemi","email":"45180344+unflxw","login":"unflxw","count":1},{"name":"Niklas Häusele","email":"niklas.haeusele@hey.com","login":"codergeek121","count":1},{"name":"Nicholas Mulder","email":"nicholas.mulder@gmail.com","login":"mulder","count":1},{"name":"Misaki Shioi","email":"shioi.mm@gmail.com","login":"shioimm","count":1},{"name":"Mike Perham","email":"mperham@gmail.com","login":"mperham","count":1},{"name":"Mike Pastore","email":"mike@oobak.org","login":"mwpastore","count":1},{"name":"Mickaël Riga","email":"mig@mypeplum.com","login":"mig-hub","count":1},{"name":"Michael Stock","email":"mikeastock@gmail.com","login":"mikeastock","count":1},{"name":"Michael S. Klishin","email":"michael@novemberain.com","login":"michaelklishin","count":1},{"name":"Michael Rykov","email":"mrykov@gmail.com","login":"rykov","count":1},{"name":"Michael Raidel","email":"raidel@induktiv.at","login":"mraidel","count":1},{"name":"Michael Gee","email":"michaelpgee@gmail.com","login":"mikegee","count":1},{"name":"Mark Wubben","email":"mark@novemberborn.net","login":"novemberborn","count":1},{"name":"mrageh","email":"adam@mrageh.com","login":"mrageh","count":1},{"name":"madlad33","email":"54079440+madlad33","login":"madlad33","count":1},{"name":"kvokka","email":"kvokka@yahoo.com","login":"kvokka","count":1},{"name":"krororo","email":"krororo.07@gmail.com","login":"krororo","count":1},{"name":"keepcosmos","email":"keepcosmos@gmail.com","login":"keepcosmos","count":1},{"name":"kastner","email":"kastner@gmail.com","login":"kastner","count":1},{"name":"glaszig","email":"mail+github@glasz.org","login":"glaszig","count":1},{"name":"geemus","email":"geemus@gmail.com","login":"geemus","count":1},{"name":"ganmacs","email":"ganmacs@gmail.com","login":"ganmacs","count":1},{"name":"flavio-b","email":"flaviobombonatti@gmail.com","login":"flavio-b","count":1},{"name":"extern-c","email":"10775696+extern-c","login":"extern-c","count":1},{"name":"dmann","email":"darrinmann@gmail.com","login":"dmann","count":1},{"name":"d-theus","email":"slma0x02@gmail.com","login":"d-theus","count":1},{"name":"chiwenchen","email":"cwchen2000@gmail.com","login":"chiwenchen","count":1},{"name":"ceclinux","email":"src655@gmail.com","login":"ceclinux","count":1},{"name":"bb-froggy","email":"ch-git@hannebauer.name","login":"bb-froggy","count":1},{"name":"bajamircea","email":"bajamircea@yahoo.com","login":"bajamircea","count":1},{"name":"aithscel","email":"74430681+aithscel","login":"aithscel","count":1},{"name":"Michael Coyne","email":"mikeycgto@gmail.com","login":"mjc-gh","count":1},{"name":"北䑓如法","email":"algebraicallyClosedField@gmail.com","login":"Nyoho","count":1},{"name":"znz","email":"kzhr.nsym@gmail.com","login":"znz","count":1},{"name":"zarqman","email":"tm@iprog.com","login":"zarqman","count":1},{"name":"yumetodo","email":"yume-wikijp@live.jp","login":"yumetodo","count":1},{"name":"yonghui","email":"yonghui.luo@gmail.com","login":"Yonghui","count":1},{"name":"xu jianyong","email":"xujianyong1986@gmail.com","login":"xjyjp","count":1},{"name":"unbit","email":"info@unbit.it","login":"unbit","count":1},{"name":"stahnma","email":"stahnma@websages.com","login":"stahnma","count":1},{"name":"rkyrychuk","email":"ruslan.kyrychuk@gmail.com","login":"rkyrychuk","count":1},{"name":"p.hoai.le","email":"yeuem1vannam","login":"yeuem1vannam","count":1},{"name":"oieioi","email":"atsuinatsu.samuifuyu@gmail.com","login":"oieioi","count":1},{"name":"ohbarye","email":"over.rye@gmail.com","login":"ohbarye","count":1},{"name":"nullprophet","email":"cookieandcream560@gmail.com","login":"Oblivionsage","count":1},{"name":"niku","email":"10890+niku","login":"niku","count":1},{"name":"nightpool","email":"nightpool","login":"nightpool","count":1},{"name":"neilnaveen","email":"42328488+neilnaveen","login":"neilnaveen","count":1},{"name":"Tom Wey","email":"tjmwey@gmail.com","login":"tjmw","count":1},{"name":"Tom Wardrop","email":"tom@tomwardrop.com","login":"Wardrop","count":1},{"name":"Tom Stuart","email":"tom@codon.com","login":"tomstuart","count":1},{"name":"Tom Harvey","email":"tom@alush.co.uk","login":"tomharvey","count":1},{"name":"Timo Schilling","email":"timo@schilling.io","login":"timoschilling","count":1},{"name":"Tim Carey-Smith","email":"tim@spork.in","login":"halorgium","count":1},{"name":"Alex Taylor","email":"alex.taylor@clio.com","login":"mctaylorpants","count":1},{"name":"Thaddee Tyl","email":"thaddee.tyl@gmail.com","login":"espadrine","count":1},{"name":"Teo Ljungberg","email":"teo@teoljungberg.com","login":"teoljungberg","count":1},{"name":"Tavian Barnes","email":"tavianator@tavianator.com","login":"tavianator","count":1},{"name":"Tasos Latsas","email":"tlatsas@hey.com","login":"tlatsas","count":1},{"name":"Takuya Noguchi","email":"takninnovationresearch@gmail.com","login":"tnir","count":1},{"name":"Takafumi ONAKA","email":"takafumi.onaka@gmail.com","login":"onk","count":1},{"name":"Steven Soroka","email":"ssoroka78@gmail.com","login":"ssoroka","count":1},{"name":"Steven Bloch","email":"snbloch@gmail.com","login":"snbloch","count":1},{"name":"Steve Hodgkiss","email":"steve@hodgkiss.me","login":"stevehodgkiss","count":1},{"name":"Steve Agalloco","email":"steve.agalloco@gmail.com","login":"stve","count":1},{"name":"Max Albrecht","email":"1@178.is","login":"eins78","count":1},{"name":"nanaya","email":"me@myconan.net","login":"nanaya","count":1},{"name":"Zach Taylor","email":"ztaylor234@gmail.com","login":"zach-taylor","count":1},{"name":"Zach Brock","email":"zbrock@gmail.com","login":"zbrock","count":1},{"name":"Yusuke Ichinohe","email":"yusuke.ichinohe@gmail.com","login":"egtra","count":1},{"name":"Yuichiro Kaneko","email":"spiketeika@gmail.com","login":"yui-knk","count":1},{"name":"Yudai Suzuki","email":"3280467rec@gmail.com","login":"onigra","count":1},{"name":"Younes Serraj","email":"younes.serraj@gmail.com","login":"yoones","count":1},{"name":"Wyatt Pan","email":"wppurking@gmail.com","login":"wppurking","count":1},{"name":"Willson Mock","email":"willson.mock@gmail.com","login":"fay-jai","count":1},{"name":"Will Leinweber","email":"will@bitfission.com","login":"will","count":1},{"name":"Vincent","email":"vincent.yoon@daumkakao.com","login":"yeonhoyoon","count":1},{"name":"Victor Bilyk","email":"victorbilyk@gmail.com","login":"vspy","count":1},{"name":"VG","email":"vaudoc@gmail.com","login":"vaudoc","count":1},{"name":"Utkarsh Gupta","email":"utkarsh@debian.org","login":"utkarsh2102","count":1},{"name":"Tsutomu Kuroda","email":"t-kuroda@oiax.jp","login":"kuroda","count":1},{"name":"Trevor Wennblom","email":"trevor@well.com","login":"trevor","count":1},{"name":"TonyCTHsu","email":"tonyc.t.hsu@gmail.com","login":"TonyCTHsu","count":1},{"name":"Tony Ta","email":"tonyta.tt@gmail.com","login":"tonyta","count":1},{"name":"Blake Mizerany","email":"blake.mizerany@gmail.com","login":"bmizerany","count":1},{"name":"Clive Crous","email":"clive@crous.co.za","login":"clivecrous","count":1},{"name":"Christoph Wagner","email":"wagner@webit.de","login":"aiomaster","count":1},{"name":"Chris Wanstrath","email":"chris@ozmm.org","login":"defunkt","count":1},{"name":"Chayoung You","email":"yousbe@gmail.com","login":"yous","count":1},{"name":"Carlos Antonio da Silva","email":"carlosantoniodasilva@gmail.com","login":"carlosantoniodasilva","count":1},{"name":"Carl Hörberg","email":"carl.hoerberg@gmail.com","login":"carlhoerberg","count":1},{"name":"Budhram Gurung","email":"budhram.gurung01@gmail.com","login":"coolbrg","count":1},{"name":"Britni Alexander","email":"britnialexander@gmail.com","login":"twitnithegirl","count":1},{"name":"Brian Kephart","email":"briantkephart@gmail.com","login":"brian-kephart","count":1},{"name":"Brent Wheeldon","email":"brent.wheeldon@gmail.com","login":"BrentWheeldon","count":1},{"name":"Brendon Murphy","email":"xternal1+github@gmail.com","login":"bemurphy","count":1},{"name":"Braulio Martinez","email":"braulio@paragon-labs.com","login":"brauliomartinezlm","count":1},{"name":"Brasten Sager","email":"brasten@gmail.com","login":"brasten","count":1},{"name":"Brad Ediger","email":"brad.ediger@madriska.com","login":"bradediger","count":1},{"name":"Bob Long","email":"robertjflong@gmail.com","login":"bobjflong","count":1},{"name":"Ben Toews","email":"mastahyeti","login":"mastahyeti","count":1},{"name":"Ben Sheldon [he/him]","email":"bensheldon@gmail.com","login":"bensheldon","count":1},{"name":"Eli Sadoff","email":"esadoff@ardiangroup.com","login":"snood1205","count":1},{"name":"Eero Saynatkari","email":"projects@kittensoft.org","login":"rue","count":1},{"name":"Edouard CHIN","email":"edouard.chin@shopify.com","login":"Edouard-chin","count":1},{"name":"Dwi Siswanto","email":"dwi.siswanto98@gmail.com","login":"dwisiswant0","count":1},{"name":"Alex Sulim","email":"hello@sul.im","login":"soulim","count":1},{"name":"Dov Murik","email":"dov.murik@gmail.com","login":"dubek","count":1},{"name":"Doug McInnes","email":"doug@dougmcinnes.com","login":"dmcinnes","count":1},{"name":"Dorian Taylor","email":"1181000+doriantaylor","login":"doriantaylor","count":1},{"name":"Dmitry Pak","email":"fenec230@yahoo.com","login":"fenec","count":1},{"name":"Dimitrij Denissenko","email":"dimitrij.denissenko@blacksquaremedia.com","login":"dim","count":1},{"name":"Dillon Welch","email":"daw0328@gmail.com","login":"dillonwelch","count":1},{"name":"David Wilkie","email":"dwilkie@gmail.com","login":"dwilkie","count":1},{"name":"David Stosik","email":"davidstosik","login":"davidstosik","count":1},{"name":"David Runger","email":"daverunger@gmail.com","login":"davidrunger2","count":1},{"name":"David Lee","email":"davidomundo@gmail.com","login":"dlee","count":1},{"name":"Daniel J. Pritchett","email":"dpritchett@gmail.com","login":"dpritchett","count":1},{"name":"Damian Janowski","email":"damian.janowski@gmail.com","login":"djanowski","count":1},{"name":"Andrew Hoglund","email":"ahoglund@github.com","login":"ahoglund","count":1},{"name":"Andrew Cole","email":"aocole@gmail.com","login":"aocole","count":1},{"name":"Andreas Wurm","email":"andreaswurm@gmx.de","login":"AndreasWurm","count":1},{"name":"Anatoly Chernow","email":"f0ck1ng.namespace@gmail.com","login":"ch1c0t","count":1},{"name":"Aman Gupta","email":"aman@tmm1.net","login":"tmm1","count":1},{"name":"Ally","email":"28497049+AllyMarthaJ","login":"AllyMarthaJ","count":1},{"name":"Alexander Kahn","email":"alexanderkahn@gmail.com","login":"akahn","count":1},{"name":"Alexander Adam","email":"alexanderadam","login":"alexanderadam","count":1},{"name":"Alex Weiksnar","email":"aweiksnar@gmail.com","login":"aweiksnar","count":1},{"name":"Alex Speller","email":"alex@alexspeller.com","login":"alexspeller","count":1},{"name":"Alex Grigorovich","email":"alex.grigorovich@gmail.com","login":"grig","count":1},{"name":"Alessandro Minali","email":"alessandro.minali@gmail.com","login":"AlessandroMinali","count":1},{"name":"Alan Wu","email":"XrXr","login":"XrXr","count":1},{"name":"Akshay Joshi","email":"github@akshayjoshi.com","login":"axyjo","count":1},{"name":"Aaron Pfeifer","email":"aaron.pfeifer@gmail.com","login":"obrie","count":1},{"name":"Aaron Stone","email":"aaron@serendipity.cx","login":"sodabrew","count":1},{"name":"Achilleas Pipinellis","email":"axilleas","login":"axilleas","count":1},{"name":"tlrobinson","email":"tom@280north.com","login":null,"count":1},{"name":"Daisuke Koide","email":"disk2id@gmail.com","login":"diskkid","count":1},{"name":"Ben Schwarz","email":"ben.schwarz@gmail.com","login":"benschwarz","count":1},{"name":"Ben Pickles","email":"spideryoung@gmail.com","login":"benpickles","count":1},{"name":"Ben Fritsch","email":"beanie@benle.de","login":"beanieboi","count":1},{"name":"Ben A. Morgan","email":"ben@benmorgan.io","login":"BenMorganIO","count":1},{"name":"Bas Vodde","email":"basv@odd-e.com","login":"basvodde","count":1},{"name":"Aurora Nockert","email":"aurora@nockert.se","login":"auroranockert","count":1},{"name":"Artur Cygan","email":"arczicygan@gmail.com","login":"arcz","count":1},{"name":"Arthur Nogueira Neves","email":"arthurnn@gmail.com","login":"arthurnn","count":1},{"name":"Artem Pyanykh","email":"artem.pyanykh@gmail.com","login":"artempyanykh","count":1},{"name":"Arron Mabrey","email":"arron@mabreys.com","login":"arronmabrey","count":1},{"name":"Aredridel","email":"aredridel@nbtsc.org","login":"aredridel","count":1},{"name":"Antonio Terceiro","email":"asa@terceiro.xyz","login":"terceiro","count":1},{"name":"Conrad Irwin","email":"conrad.irwin@gmail.com","login":"ConradIrwin","count":1},{"name":"16yuki0702","email":"hs19870702@gmail.com","login":"16yuki0702","count":1},{"name":"Anil Wadghule","email":"anildigital@gmail.com","login":"anildigital","count":1},{"name":"Andrew Pariser","email":"pariser@gmail.com","login":"pariser","count":1},{"name":"Josef Sin","email":"josef.sin@gmail.com","login":"josin","count":1},{"name":"Johan Lundström","email":"johanlunds@gmail.com","login":"johanlunds","count":1},{"name":"Jonathan Tron","email":"jonathan@tron.name","login":"JonathanTron","count":1},{"name":"Jonathan Rochkind","email":"jonathan@dnil.net","login":"jrochkind","count":1},{"name":"Jonathan Chen","email":"dijonkitchen","login":"dijonkitchen","count":1},{"name":"Jon foster","email":"redcabinny@gmail.com","login":"jonfoster9999","count":1},{"name":"Jon Moss","email":"me@jonathanmoss.me","login":"maclover7","count":1},{"name":"Jon Leighton","email":"j@jonathanleighton.com","login":"jonleighton","count":1},{"name":"Jon Daniel","email":"binarycleric@gmail.com","login":"binarycleric","count":1},{"name":"Jon Crosby","email":"jon@joncrosby.me","login":"jcrosby","count":1},{"name":"John Sumsion","email":"sumsionjg@familysearch.org","login":"jdsumsion","count":1},{"name":"John Firebaugh","email":"john.firebaugh@gmail.com","login":"jfirebaugh","count":1},{"name":"John Faucett","email":"jwaterfaucett@gmail.com","login":"DataDaoDe","count":1},{"name":"John Doe","email":"info@example.com","login":"wuzX56","count":1},{"name":"John Barnette","email":"jbarnette@gmail.com","login":"jbarnette","count":1},{"name":"Lawrence Pit","email":"lawrence.pit@gmail.com","login":"lawrencepit","count":1},{"name":"Hrvoje Šimić","email":"shime.ferovac@gmail.com","login":"shime","count":1},{"name":"Joe Rafaniello","email":"jrafanie@redhat.com","login":"jrafanie","count":1},{"name":"Louis Nyffenegger","email":"louis.nyffenegger@gmail.com","login":"snyff","count":1},{"name":"Loren Segal","email":"lsegal@soen.ca","login":"lsegal","count":1},{"name":"Liroy Leshed","email":"liroyleshed@protonmail.com","login":"liroyleshed","count":1},{"name":"Lio","email":"bentnt1982@gmail.com","login":"th4s1s","count":1},{"name":"Liam Sean Brady","email":"liamseanbrady@gmail.com","login":"liamseanbrady","count":1},{"name":"Leonard Garvey","email":"lengarvey@gmail.com","login":"lengarvey","count":1},{"name":"Larry Siden","email":"lsiden@gmail.com","login":"lsiden","count":1},{"name":"Kyle Drake","email":"kyledrake@gmail.com","login":"kyledrake","count":1},{"name":"Kevin Sylvestre","email":"kevin@ksylvest.com","login":"ksylvest","count":1},{"name":"Ken Collins","email":"ken@metaskills.net","login":"metaskills","count":1},{"name":"Kazuya Hotta","email":"khotta116@gmail.com","login":"khotta","count":1},{"name":"Karol Bucek","email":"kares","login":"kares","count":1},{"name":"Kamal Fariz Mahyuddin","email":"kamal.fariz@gmail.com","login":"kamal","count":1},{"name":"KS","email":"Magi-KS","login":"Magi-KS","count":1},{"name":"Jun Aruga","email":"jaruga@redhat.com","login":"junaruga","count":1},{"name":"Julien Sanchez","email":"julien.sanchez@gmail.com","login":"gentooboontoo","count":1},{"name":"Josh Soref","email":"2119212+jsoref","login":"jsoref","count":1},{"name":"Guo","email":"dormancywang@gmail.com","login":"DormancyWang","count":1},{"name":"Greg Hazel","email":"ghazel@gmail.com","login":"ghazel","count":1},{"name":"Giles Bowkett","email":"gilesb@gmail.com","login":"gilesbowkett","count":1},{"name":"Geoffrey Grosenbach","email":"boss@topfunky.com","login":"topfunky","count":1},{"name":"Genki Takiuchi","email":"genki@s21g.com","login":"genki","count":1},{"name":"Garry Shutler","email":"garry@robustsoftware.co.uk","login":"gshutler","count":1},{"name":"Gabriel Horner","email":"gabriel.horner@gmail.com","login":"cldwalker","count":1},{"name":"Frederick Cheung","email":"frederick.cheung@gmail.com","login":"fcheung","count":1},{"name":"Francesco Rodríguez","email":"frodsan@me.com","login":"frodsan","count":1},{"name":"Florian Gilcher","email":"florian.gilcher@asquera.de","login":"skade","count":1},{"name":"Fabio Kreusch","email":"fabiokr@gmail.com","login":"fabiokr","count":1},{"name":"Fabien Jakimowicz","email":"fabien@jakimowicz.com","login":"jakimowicz","count":1},{"name":"Fabian Winkler","email":"wynksaiddestroy","login":"wynksaiddestroy","count":1},{"name":"FUJI Goro","email":"gfuji@cpan.org","login":"gfx","count":1},{"name":"Eugene Kenny","email":"elkenny@gmail.com","login":"eugeneius","count":1},{"name":"Erol Fornoles","email":"erol.fornoles@gmail.com","login":"Erol","count":1},{"name":"Eliot Sykes","email":"eliotsykes@gmail.com","login":"eliotsykes","count":1},{"name":"Andrew Marshall","email":"andrew@johnandrewmarshall.com","login":"amarshall","count":1},{"name":"Josh Gross","email":"joshmgross@github.com","login":"joshmgross","count":1},{"name":"Joe Francis","email":"joe@lostapathy.com","login":"lostapathy","count":1},{"name":"Joe Fiorini","email":"joe@joefiorini.com","login":"joefiorini","count":1},{"name":"Jim Myhrberg","email":"contact@jimeh.me","login":"jimeh","count":1},{"name":"Jesse Cooke","email":"jesse@jc00ke.com","login":"jc00ke","count":1},{"name":"Jens Alfke","email":"jens@mooseyard.com","login":"snej","count":1},{"name":"Jason Staten","email":"jstaten07@gmail.com","login":"statianzo","count":1},{"name":"Jason Garber","email":"jason@sixtwothree.org","login":"jgarber623","count":1},{"name":"Jan Dudek","email":"jd@jandudek.com","login":"jdudek","count":1},{"name":"Jamie Macey","email":"jamie@tracefunc.com","login":"jamie","count":1},{"name":"Jamie English","email":"jamienglish@gmail.com","login":"english","count":1},{"name":"Ivan Ukhov","email":"ivan.ukhov@gmail.com","login":"IvanUkhov","count":1},{"name":"Igor Bochkariov","email":"ujifgc@gmail.com","login":"ujifgc","count":1},{"name":"Hugo Abonizio","email":"hugo_abonizio@hotmail.com","login":"hugoabonizio","count":1},{"name":"Dru Nelson","email":"drudru@gmail.com","login":"drudru","count":1},{"name":"Hiro Asari","email":"asari.ruby@gmail.com","login":"BanzaiMan","count":1},{"name":"Henning Kulander","email":"henning.kulander@amedia.no","login":"hennikul","count":1},{"name":"Gustavo Villa","email":"gfvcastro@gmail.com","login":"gfvcastro","count":1}],"past_year_committers":[{"name":"Samuel Williams","email":"samuel.williams@oriontransfer.co.nz","login":"ioquatix","count":34},{"name":"Jeremy Evans","email":"code@jeremyevans.net","login":"jeremyevans","count":27},{"name":"dependabot[bot]","email":"49699333+dependabot[bot]","login":"dependabot[bot]","count":4},{"name":"haruki0409","email":"76884995+haruki0409","login":"haruki0409","count":4},{"name":"Hartley McGuire","email":"skipkayhil@gmail.com","login":"skipkayhil","count":3},{"name":"Earlopain","email":"14981592+Earlopain","login":"Earlopain","count":2},{"name":"Samuel Williams","email":"samuel.williams@shopify.com","login":"samuel-williams-shopify","count":2},{"name":"Benjamin Quorning","email":"22333+bquorning","login":"bquorning","count":2},{"name":"Alexander Adam","email":"alexanderadam","login":"alexanderadam","count":1},{"name":"Ben Sheldon [he/him]","email":"bensheldon@gmail.com","login":"bensheldon","count":1},{"name":"Guo","email":"dormancywang@gmail.com","login":"DormancyWang","count":1},{"name":"John Hawthorn","email":"john@hawthorn.email","login":"jhawthorn","count":1},{"name":"Karol Bucek","email":"kares","login":"kares","count":1},{"name":"Lio","email":"bentnt1982@gmail.com","login":"th4s1s","count":1},{"name":"Mamoru TASAKA","email":"mtasaka@fedoraproject.org","login":"mtasaka","count":1},{"name":"Marcelo Junior","email":"marcelo.jr63@gmail.com","login":"juneira","count":1},{"name":"Masamune","email":"125840508+Masamuneee","login":"Masamuneee","count":1},{"name":"Matthew Draper","email":"matthew@trebex.net","login":"matthewd","count":1},{"name":"Matthew Puku","email":"47205255+matthew-puku","login":"matthew-puku","count":1},{"name":"Niklas Häusele","email":"niklas.haeusele@hey.com","login":"codergeek121","count":1},{"name":"Noemi","email":"45180344+unflxw","login":"unflxw","count":1},{"name":"Patrik Ragnarsson","email":"patrik@starkast.net","login":"dentarg","count":1},{"name":"Rune Philosof","email":"57357936+runephilosof-abtion","login":"runephilosof-abtion","count":1},{"name":"Ryunosuke Sato","email":"tricknotes.rs@gmail.com","login":"tricknotes","count":1},{"name":"Tavian Barnes","email":"tavianator@tavianator.com","login":"tavianator","count":1},{"name":"William","email":"35801+wtn","login":"wtn","count":1},{"name":"alpaca-tc","email":"alpaca-tc@alpaca.tc","login":"alpaca-tc","count":1},{"name":"extern-c","email":"10775696+extern-c","login":"extern-c","count":1},{"name":"glaszig","email":"mail+github@glasz.org","login":"glaszig","count":1},{"name":"nightpool","email":"nightpool","login":"nightpool","count":1},{"name":"niku","email":"10890+niku","login":"niku","count":1},{"name":"nullprophet","email":"cookieandcream560@gmail.com","login":"Oblivionsage","count":1}],"commits_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/commits","host":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-04-30T00:00:07.427Z","repositories_count":6223834,"commits_count":900050450,"contributors_count":34902052,"owners_count":1147610,"icon_url":"https://github.com/github.png","host_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://commits.ecosyste.ms/api/v1/hosts/GitHub/repositories"}},"issues_stats":{"full_name":"rack/rack","html_url":"https://github.com/rack/rack","last_synced_at":"2026-04-10T10:00:46.358Z","status":null,"issues_count":149,"pull_requests_count":434,"avg_time_to_close_issue":10204153.094017094,"avg_time_to_close_pull_request":2705224.350515464,"issues_closed_count":117,"pull_requests_closed_count":388,"pull_request_authors_count":102,"issue_authors_count":111,"avg_comments_per_issue":5.315436241610739,"avg_comments_per_pull_request":2.827188940092166,"merged_pull_requests_count":327,"bot_issues_count":0,"bot_pull_requests_count":6,"past_year_issues_count":34,"past_year_pull_requests_count":81,"past_year_avg_time_to_close_issue":622928.6818181818,"past_year_avg_time_to_close_pull_request":721590.779661017,"past_year_issues_closed_count":22,"past_year_pull_requests_closed_count":59,"past_year_pull_request_authors_count":33,"past_year_issue_authors_count":30,"past_year_avg_comments_per_issue":3.1176470588235294,"past_year_avg_comments_per_pull_request":2.617283950617284,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":2,"past_year_merged_pull_requests_count":52,"created_at":"2023-05-12T15:36:32.953Z","updated_at":"2026-04-10T10:00:46.359Z","repository_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack","issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/rack%2Frack/issues","issue_labels_count":{"Documentation":6,"SPEC":3,"Maintenance":2,"Bug":2,"Needs Feedback":1},"pull_request_labels_count":{"Backport":8,"dependencies":6,"Bug":4,"Maintenance":3,"SPEC":3,"github_actions":2,"hacktoberfest-accepted":2,"Feature":1,"Needs Feedback":1},"issue_author_associations_count":{"NONE":91,"MEMBER":30,"CONTRIBUTOR":28},"pull_request_author_associations_count":{"CONTRIBUTOR":228,"MEMBER":128,"NONE":77,"COLLABORATOR":1},"issue_authors":{"ioquatix":29,"catatsuy":3,"Fjan":3,"lloeki":2,"gegenelnet":2,"LevitatingBusinessMan":2,"doriantaylor":2,"radar":2,"mikgry":2,"trak3r":1,"leviwilson":1,"larouxn":1,"JunichiIto":1,"jurruh":1,"dmix":1,"xxz199539":1,"zzak":1,"rubyFeedback":1,"bquorning":1,"PragTob":1,"fosrias":1,"sergioa":1,"urmora":1,"jasnow":1,"ta":1,"tavianator":1,"radarek":1,"voxik":1,"matas-zanevicius":1,"Earlopain":1,"wynksaiddestroy":1,"moonglum":1,"mperham":1,"0x1eef":1,"morgoth":1,"culov":1,"francoataffarel":1,"jeremyevans":1,"sdalu":1,"joshgoebel":1,"foonlyboy":1,"nappa":1,"kazuho":1,"0llirocks":1,"mrj":1,"julienchabanon":1,"zarqman":1,"luke-hill":1,"j1mmie":1,"bryanp":1,"ParadoxV5":1,"sm1ee":1,"alpaca-tc":1,"tenderlove":1,"JoeDupuis":1,"BenSandeen":1,"sandipransing":1,"AdamGold":1,"ericproulx":1,"matthew-puku":1,"MSP-Greg":1,"btalbot":1,"MatzFan":1,"masonlouchart":1,"niedfelj":1,"emassip":1,"al6x":1,"aithscel":1,"jarthod":1,"lacostenycoder":1,"sergey-arkhipov":1,"kemuridama":1,"flavio-b":1,"utkarsh2102":1,"SilentSobs":1,"willbryant":1,"dentarg":1,"casperisfine":1,"tisba":1,"Jokacar":1,"Pirikara":1,"boazsegev":1,"aglushkov":1,"earlonrails":1,"runephilosof-abtion":1,"alexpark20":1,"mattbrictson":1,"rplopes":1,"kochetkovandrew":1,"AllyMarthaJ":1,"alor":1,"DormancyWang":1,"sandstrom":1,"drnic":1,"unflxw":1,"shimoju":1,"JonJagger":1,"nunosilva800":1,"patmcdermott":1,"caiofct":1,"RootUp":1,"ngudbhav":1,"tagliala":1,"wuarmin":1,"brkn":1,"travisTheOrange":1,"yahonda":1,"schneems":1,"tomharvey":1,"ledermann":1,"VitaliySerov":1},"pull_request_authors":{"ioquatix":123,"jeremyevans":71,"Earlopain":34,"dentarg":15,"skipkayhil":8,"casperisfine":6,"dependabot[bot]":6,"MSP-Greg":5,"alexanderadam":5,"sandipransing":4,"byroot":4,"willbryant":4,"tenderlove":4,"adam12":4,"alpaca-tc":3,"nappa":3,"jhawthorn":3,"wtn":3,"tomharvey":3,"JunichiIto":3,"mattbrictson":3,"jdufresne":3,"p8":3,"stefansundin":2,"tomhughes":2,"JoeDupuis":2,"JasonnnW3000":2,"simi":2,"amatsuda":2,"liroyleshed":2,"tagliala":2,"DormancyWang":2,"headius":2,"HoneyryderChuck":2,"dblock":2,"doriantaylor":2,"jasonpenny":2,"majioa":2,"zzak":2,"SamvitaKarkal":2,"mperham":2,"oieioi":2,"m-nakamura145":2,"dchitragupt-conga":2,"robertomiranda":2,"runephilosof-abtion":2,"ccutrer":2,"madlad33":2,"akostadinov":2,"timcraft":2,"matthewd":2,"tt":2,"redox":2,"return-nil":2,"wynksaiddestroy":2,"AllyMarthaJ":2,"extern-c":2,"michaelherold":2,"samuel-williams-shopify":1,"lukateras":1,"kyoshidajp":1,"tavianator":1,"EMunozMobbex":1,"davidalejandroaguilar":1,"mctaylorpants":1,"juneira":1,"ziggythehamster":1,"tricknotes":1,"codergeek121":1,"ayushn21":1,"raggi":1,"yoones":1,"bdewater":1,"jarthod":1,"bensheldon":1,"zarqman":1,"henm":1,"nightpool":1,"wanabe":1,"olleolleolle":1,"koic":1,"dchandekstark":1,"aithscel":1,"niku":1,"bquorning":1,"lewispb":1,"eregon":1,"fcalahorro":1,"axilleas":1,"lukaso":1,"thadeu":1,"kares":1,"NARKOZ":1,"Oblivionsage":1,"mimosa":1,"tisba":1,"davidstosik":1,"mrj":1,"weizheheng":1,"kimulab":1,"glaszig":1,"unflxw":1},"host":{"name":"GitHub","url":"https://github.com","kind":"github","last_synced_at":"2026-04-12T00:00:13.218Z","repositories_count":14218147,"issues_count":34640629,"pull_requests_count":113174726,"authors_count":11232898,"icon_url":"https://github.com/github.png","host_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories","owners_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/owners","authors_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors"},"past_year_issue_labels_count":{},"past_year_pull_request_labels_count":{"dependencies":2,"github_actions":2,"hacktoberfest-accepted":2,"Backport":1},"past_year_issue_author_associations_count":{"NONE":21,"CONTRIBUTOR":9,"MEMBER":4},"past_year_pull_request_author_associations_count":{"CONTRIBUTOR":46,"NONE":18,"MEMBER":14,"COLLABORATOR":1},"past_year_issue_authors":{"ioquatix":4,"gegenelnet":2,"yahonda":1,"wuarmin":1,"voxik":1,"utkarsh2102":1,"unflxw":1,"tavianator":1,"tagliala":1,"ta":1,"sm1ee":1,"SilentSobs":1,"shimoju":1,"sdalu":1,"schneems":1,"rubyFeedback":1,"radarek":1,"Pirikara":1,"ngudbhav":1,"mrj":1,"moonglum":1,"masonlouchart":1,"LevitatingBusinessMan":1,"kemuridama":1,"ericproulx":1,"DormancyWang":1,"doriantaylor":1,"dmix":1,"dentarg":1,"bquorning":1},"past_year_pull_request_authors":{"ioquatix":14,"jeremyevans":11,"Earlopain":10,"alexanderadam":5,"byroot":4,"skipkayhil":3,"wtn":2,"runephilosof-abtion":2,"jasonpenny":2,"extern-c":2,"DormancyWang":2,"dependabot[bot]":2,"alpaca-tc":1,"unflxw":1,"tricknotes":1,"tavianator":1,"ayushn21":1,"samuel-williams-shopify":1,"bensheldon":1,"Oblivionsage":1,"niku":1,"nightpool":1,"NARKOZ":1,"mrj":1,"lewispb":1,"kares":1,"juneira":1,"jhawthorn":1,"bquorning":1,"codergeek121":1,"dentarg":1,"glaszig":1},"maintainers":[{"login":"ioquatix","count":152,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ioquatix"},{"login":"tenderlove","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/tenderlove"},{"login":"jhawthorn","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhawthorn"},{"login":"raggi","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/raggi"}],"active_maintainers":[{"login":"ioquatix","count":18,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/ioquatix"},{"login":"jhawthorn","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhawthorn"}]},"events":{"total":{"DeleteEvent":27,"PullRequestEvent":153,"ForkEvent":43,"DiscussionEvent":1,"IssuesEvent":88,"WatchEvent":181,"IssueCommentEvent":463,"PushEvent":304,"PullRequestReviewCommentEvent":182,"PullRequestReviewEvent":257,"CreateEvent":55},"last_year":{"DeleteEvent":11,"PullRequestEvent":77,"ForkEvent":20,"DiscussionEvent":1,"IssuesEvent":35,"WatchEvent":82,"IssueCommentEvent":213,"PushEvent":157,"PullRequestReviewCommentEvent":68,"PullRequestReviewEvent":109,"CreateEvent":28}},"keywords":["rack","ruby","web"],"dependencies":[{"ecosystem":"rubygems","filepath":"Gemfile","sha":null,"kind":"manifest","created_at":"2022-07-06T03:00:27.663Z","updated_at":"2022-07-06T03:00:27.663Z","repository_link":"https://github.com/rack/rack/blob/main/Gemfile","dependencies":[{"id":107490846,"package_name":"webrick","ecosystem":"rubygems","requirements":"\u003e= 0","direct":true,"kind":"runtime","optional":false},{"id":107490847,"package_name":"rubocop","ecosystem":"rubygems","requirements":"\u003e= 0","direct":true,"kind":"runtime","optional":false},{"id":107490848,"package_name":"rubocop-packaging","ecosystem":"rubygems","requirements":"\u003e= 0","direct":true,"kind":"runtime","optional":false},{"id":107490849,"package_name":"rdoc","ecosystem":"rubygems","requirements":"\u003e= 0","direct":true,"kind":"development","optional":false}]},{"ecosystem":"rubygems","filepath":"rack.gemspec","sha":null,"kind":"manifest","created_at":"2022-07-06T03:00:27.673Z","updated_at":"2022-07-06T03:00:27.673Z","repository_link":"https://github.com/rack/rack/blob/main/rack.gemspec","dependencies":[{"id":107490850,"package_name":"minitest","ecosystem":"rubygems","requirements":"~\u003e 5.0","direct":true,"kind":"development","optional":false},{"id":107490851,"package_name":"minitest-global_expectations","ecosystem":"rubygems","requirements":"\u003e= 0","direct":true,"kind":"development","optional":false},{"id":107490852,"package_name":"bundler","ecosystem":"rubygems","requirements":"\u003e= 0","direct":true,"kind":"development","optional":false},{"id":107490853,"package_name":"rake","ecosystem":"rubygems","requirements":"\u003e= 0","direct":true,"kind":"development","optional":false}]},{"ecosystem":"actions","filepath":".github/workflows/depsreview.yaml","sha":null,"kind":"manifest","created_at":"2023-01-13T10:21:49.305Z","updated_at":"2023-01-13T10:21:49.305Z","repository_link":"https://github.com/rack/rack/blob/main/.github/workflows/depsreview.yaml","dependencies":[{"id":6875542464,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false},{"id":6875542465,"package_name":"actions/dependency-review-action","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false}]},{"ecosystem":"actions","filepath":".github/workflows/test-external.yaml","sha":null,"kind":"manifest","created_at":"2023-01-13T10:21:49.323Z","updated_at":"2023-01-13T10:21:49.323Z","repository_link":"https://github.com/rack/rack/blob/main/.github/workflows/test-external.yaml","dependencies":[{"id":6875542466,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false},{"id":6875542467,"package_name":"ruby/setup-ruby","ecosystem":"actions","requirements":"v1","direct":true,"kind":"composite","optional":false}]},{"ecosystem":"actions","filepath":".github/workflows/test.yaml","sha":null,"kind":"manifest","created_at":"2023-01-13T10:21:49.338Z","updated_at":"2023-01-13T10:21:49.338Z","repository_link":"https://github.com/rack/rack/blob/main/.github/workflows/test.yaml","dependencies":[{"id":6875542468,"package_name":"actions/checkout","ecosystem":"actions","requirements":"v3","direct":true,"kind":"composite","optional":false},{"id":6875542469,"package_name":"ruby/setup-ruby","ecosystem":"actions","requirements":"v1","direct":true,"kind":"composite","optional":false}]}],"score":37.26005723323853,"created_at":"2024-12-15T21:38:06.790Z","updated_at":"2026-04-30T22:01:49.570Z","avatar_url":"https://github.com/rack.png","language":"Ruby","monthly_downloads":0,"readme":"# ![Rack](contrib/logo.webp)\n\nRack provides a minimal, modular, and adaptable interface for developing web\napplications in Ruby. By wrapping HTTP requests and responses in the simplest\nway possible, it unifies and distills the bridge between web servers, web\nframeworks, and web application into a single method call.\n\nThe exact details of this are described in the [Rack Specification], which all\nRack applications should conform to. Browse the [Documentation] for more\ninformation.\n\n## Version support\n\n| Version  | Support                            |\n|----------|------------------------------------|\n|    3.2.x | Bug fixes and security patches.    |\n|    3.1.x | Security patches only.             |\n|    3.0.x | End of support.                    |\n|    2.2.x | Security patches only.             |\n| \u003c= 2.1.x | End of support.                    |\n\n**Rack 2.2.x is in security maintenance mode**. Please upgrade to Rack 3.1+ as soon\nas possible to ensure you are receiving the latest features and security patches.\n\nPlease see the [Security Policy] for more information.\n\n## Change log\n\nSee the [Changelog](CHANGELOG.md) for a detailed list of changes in each version of Rack.\n\n### Rack 3.2 (latest release)\n\nThis version of rack contains bug fixes and security patches.\n\n### Rack 3.1\n\nThis version of rack contains bug fixes and security patches.\n\n### Rack 3.0\n\nThis version of rack contains significant changes which are detailed in the\n[Upgrade Guide](UPGRADE-GUIDE.md). It is recommended to upgrade to Rack 3 as soon\nas possible to receive the latest features and security patches.\n\n### Rack 2.2\n\nThis version of Rack is receiving security patches only, and effort should be\nmade to move to Rack 3.\n\nStarting in Ruby 3.4 the `base64` dependency will no longer be a default gem,\nand may cause a warning or error about `base64` being missing. To correct this,\nadd `base64` as a dependency to your project.\n\n## Installation\n\nAdd the rack gem to your application bundle, or follow the instructions provided\nby a [supported web framework](#supported-web-frameworks):\n\n```bash\n# Install it generally:\n$ gem install rack\n\n# or, add it to your current application gemfile:\n$ bundle add rack\n```\n\nIf you need features from `Rack::Session` or `bin/rackup` please add those gems separately.\n\n```bash\n$ gem install rack-session rackup\n```\n\n## Usage\n\nCreate a file called `config.ru` with the following contents:\n\n```ruby\nrun do |env|\n  [200, {}, [\"Hello World\"]]\nend\n```\n\nRun this using the rackup gem or another [supported web\nserver](#supported-web-servers).\n\n```bash\n$ gem install rackup\n$ rackup\n\n# In another shell:\n$ curl http://localhost:9292\nHello World\n```\n\n## Supported web servers\n\nRack is supported by a wide range of servers, including:\n\n* [Agoo](https://github.com/ohler55/agoo)\n* [Falcon](https://github.com/socketry/falcon)\n* [Iodine](https://github.com/boazsegev/iodine)\n* [NGINX Unit](https://unit.nginx.org/)\n* [Phusion Passenger](https://www.phusionpassenger.com/) (which is mod_rack for\n  Apache and for nginx)\n* [Pitchfork](https://github.com/Shopify/pitchfork)\n* [Puma](https://puma.io/)\n* [Thin](https://github.com/macournoyer/thin)\n* [Unicorn](https://yhbt.net/unicorn/)\n* [uWSGI](https://uwsgi-docs.readthedocs.io/en/latest/)\n* [Lamby](https://lamby.custominktech.com) (for AWS Lambda)\n\nYou will need to consult the server documentation to find out what features and\nlimitations they may have. In general, any valid Rack app will run the same on\nall these servers, without changing anything.\n\n### Rackup\n\nRack provides a separate gem, [rackup](https://github.com/rack/rackup) which is\na generic interface for running a Rack application on supported servers, which\ninclude `WEBRick`, `Puma`, `Falcon` and others.\n\n## Supported web frameworks\n\nThese frameworks and many others support the [Rack Specification]:\n\n* [Camping](https://github.com/camping/camping)\n* [Hanami](https://hanamirb.org/)\n* [Ramaze](https://github.com/ramaze/ramaze)\n* [Padrino](https://padrinorb.com/)\n* [Roda](https://github.com/jeremyevans/roda)\n* [Ruby on Rails](https://rubyonrails.org/)\n* [Rum](https://github.com/leahneukirchen/rum)\n* [Sinatra](https://sinatrarb.com/)\n* [Utopia](https://github.com/socketry/utopia)\n* [WABuR](https://github.com/ohler55/wabur)\n\n## Available middleware shipped with Rack\n\nBetween the server and the framework, Rack can be customized to your\napplications needs using middleware. Rack itself ships with the following\nmiddleware:\n\n* `Rack::CommonLogger` for creating Apache-style logfiles.\n* `Rack::ConditionalGet` for returning [Not\n  Modified](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/304)\n  responses when the response has not changed.\n* `Rack::Config` for modifying the environment before processing the request.\n* `Rack::ContentLength` for setting a `content-length` header based on body\n  size.\n* `Rack::ContentType` for setting a default `content-type` header for responses.\n* `Rack::Deflater` for compressing responses with gzip.\n* `Rack::ETag` for setting `etag` header on bodies that can be buffered.\n* `Rack::Events` for providing easy hooks when a request is received and when\n  the response is sent.\n* `Rack::Head` for returning an empty body for HEAD requests.\n* `Rack::Lint` for checking conformance to the [Rack Specification].\n* `Rack::Lock` for serializing requests using a mutex.\n* `Rack::MethodOverride` for modifying the request method based on a submitted\n  parameter.\n* `Rack::Recursive` for including data from other paths in the application, and\n  for performing internal redirects.\n* `Rack::Reloader` for reloading files if they have been modified.\n* `Rack::Runtime` for including a response header with the time taken to process\n  the request.\n* `Rack::Sendfile` for working with web servers that can use optimized file\n  serving for file system paths.\n* `Rack::ShowException` for catching unhandled exceptions and presenting them in\n  a nice and helpful way with clickable backtrace.\n* `Rack::ShowStatus` for using nice error pages for empty client error\n  responses.\n* `Rack::Static` for configurable serving of static files.\n* `Rack::TempfileReaper` for removing temporary files creating during a request.\n\nAll these components use the same interface, which is described in detail in the\n[Rack Specification]. These optional components can be used in any way you wish.\n\n### Convenience interfaces\n\nIf you want to develop outside of existing frameworks, implement your own ones,\nor develop middleware, Rack provides many helpers to create Rack applications\nquickly and without doing the same web stuff all over:\n\n* `Rack::Request` which also provides query string parsing and multipart\n  handling.\n* `Rack::Response` for convenient generation of HTTP replies and cookie\n  handling.\n* `Rack::MockRequest` and `Rack::MockResponse` for efficient and quick testing\n  of Rack application without real HTTP round-trips.\n* `Rack::Cascade` for trying additional Rack applications if an application\n  returns a not found or method not supported response.\n* `Rack::Directory` for serving files under a given directory, with directory\n  indexes.\n* `Rack::Files` for serving files under a given directory, without directory\n  indexes.\n* `Rack::MediaType` for parsing content-type headers.\n* `Rack::Mime` for determining content-type based on file extension.\n* `Rack::RewindableInput` for making any IO object rewindable, using a temporary\n  file buffer.\n* `Rack::URLMap` to route to multiple applications inside the same process.\n\n## Configuration\n\nRack exposes several configuration parameters to control various features of the\nimplementation.\n\n### `RACK_QUERY_PARSER_BYTESIZE_LIMIT`\n\nThis environment variable sets the default for the maximum query string bytesize\nthat `Rack::QueryParser` will attempt to parse.  Attempts to use a query string\nthat exceeds this number of bytes will result in a\n`Rack::QueryParser::QueryLimitError` exception. If this enviroment variable is\nprovided, it must be an integer, or `Rack::QueryParser` will raise an exception.\n\nThe default limit can be overridden on a per-`Rack::QueryParser` basis using\nthe `bytesize_limit` keyword argument when creating the `Rack::QueryParser`.\n\n### `RACK_QUERY_PARSER_PARAMS_LIMIT`\n\nThis environment variable sets the default for the maximum number of query\nparameters that `Rack::QueryParser` will attempt to parse.  Attempts to use a\nquery string with more than this many query parameters will result in a\n`Rack::QueryParser::QueryLimitError` exception. If this enviroment variable is\nprovided, it must be an integer, or `Rack::QueryParser` will raise an exception.\n\nThe default limit can be overridden on a per-`Rack::QueryParser` basis using\nthe `params_limit` keyword argument when creating the `Rack::QueryParser`.\n\nThis is implemented by counting the number of parameter separators in the\nquery string, before attempting parsing, so if the same parameter key is\nused multiple times in the query, each counts as a separate parameter for\nthis check.\n\n### `RACK_MULTIPART_BUFFERED_UPLOAD_BYTESIZE_LIMIT`\n\nThis environment variable sets the maximum amount of memory Rack will use\nto buffer multipart parameters when parsing a request body. This considers\nthe size of the multipart mime headers and the body part for multipart\nparameters that are buffered in memory and do not use tempfiles. This\ndefaults to 16MB if not provided.\n\n### `param_depth_limit`\n\n```ruby\nRack::Utils.param_depth_limit = 32 # default\n```\n\nThe maximum amount of nesting allowed in parameters. For example, if set to 3,\nthis query string would be allowed:\n\n```\n?a[b][c]=d\n```\n\nbut this query string would not be allowed:\n\n```\n?a[b][c][d]=e\n```\n\nLimiting the depth prevents a possible stack overflow when parsing parameters.\n\n### `multipart_file_limit`\n\n```ruby\nRack::Utils.multipart_file_limit = 128 # default\n```\n\nThe maximum number of parts with a filename a request can contain. Accepting\ntoo many parts can lead to the server running out of file handles.\n\nThe default is 128, which means that a single request can't upload more than 128\nfiles at once. Set to 0 for no limit.\n\nCan also be set via the `RACK_MULTIPART_FILE_LIMIT` environment variable.\n\n(This is also aliased as `multipart_part_limit` and `RACK_MULTIPART_PART_LIMIT` for compatibility)\n\n### `multipart_total_part_limit`\n\nThe maximum total number of parts a request can contain of any type, including\nboth file and non-file form fields.\n\nThe default is 4096, which means that a single request can't contain more than\n4096 parts.\n\nSet to 0 for no limit.\n\nCan also be set via the `RACK_MULTIPART_TOTAL_PART_LIMIT` environment variable.\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for specific details about how to make a\ncontribution to Rack.\n\nPlease post bugs, suggestions and patches to [GitHub Issues](https://github.com/rack/rack/issues).\n\nPlease check our [Security Policy](https://github.com/rack/rack/security/policy)\nfor responsible disclosure and security bug reporting process. Due to wide usage\nof the library, it is strongly preferred that we manage timing in order to\nprovide viable patches at the time of disclosure. Your assistance in this matter\nis greatly appreciated.\n\n## See Also\n\n### `rackup`\n\nA useful tool for running Rack applications from the command line, including\n`Rackup::Server` (previously `Rack::Server`) for scripting servers.\n\n* https://github.com/rack/rackup\n\n### `rack-contrib`\n\nThe plethora of useful middleware created the need for a project that collects\nfresh Rack middleware. `rack-contrib` includes a variety of add-on components\nfor Rack and it is easy to contribute new modules.\n\n* https://github.com/rack/rack-contrib\n\n### `rack-session`\n\nProvides convenient session management for Rack.\n\n* https://github.com/rack/rack-session\n\n## Thanks\n\nThe Rack Core Team, consisting of\n\n* Aaron Patterson [tenderlove](https://github.com/tenderlove)\n* Samuel Williams [ioquatix](https://github.com/ioquatix)\n* Jeremy Evans [jeremyevans](https://github.com/jeremyevans)\n* Eileen Uchitelle [eileencodes](https://github.com/eileencodes)\n* Matthew Draper [matthewd](https://github.com/matthewd)\n* Rafael França [rafaelfranca](https://github.com/rafaelfranca)\n\nand the Rack Alumni\n\n* Ryan Tomayko [rtomayko](https://github.com/rtomayko)\n* Scytrin dai Kinthra [scytrin](https://github.com/scytrin)\n* Leah Neukirchen [leahneukirchen](https://github.com/leahneukirchen)\n* James Tucker [raggi](https://github.com/raggi)\n* Josh Peek [josh](https://github.com/josh)\n* José Valim [josevalim](https://github.com/josevalim)\n* Michael Fellinger [manveru](https://github.com/manveru)\n* Santiago Pastorino [spastorino](https://github.com/spastorino)\n* Konstantin Haase [rkh](https://github.com/rkh)\n\nwould like to thank:\n\n* Adrian Madrid, for the LiteSpeed handler.\n* Christoffer Sawicki, for the first Rails adapter and `Rack::Deflater`.\n* Tim Fletcher, for the HTTP authentication code.\n* Luc Heinrich for the Cookie sessions, the static file handler and bugfixes.\n* Armin Ronacher, for the logo and racktools.\n* Alex Beregszaszi, Alexander Kahn, Anil Wadghule, Aredridel, Ben Alpert, Dan\n  Kubb, Daniel Roethlisberger, Matt Todd, Tom Robinson, Phil Hagelberg, S. Brent\n  Faulkner, Bosko Milekic, Daniel Rodríguez Troitiño, Genki Takiuchi, Geoffrey\n  Grosenbach, Julien Sanchez, Kamal Fariz Mahyuddin, Masayoshi Takahashi,\n  Patrick Aljordm, Mig, Kazuhiro Nishiyama, Jon Bardin, Konstantin Haase, Larry\n  Siden, Matias Korhonen, Sam Ruby, Simon Chiang, Tim Connor, Timur Batyrshin,\n  and Zach Brock for bug fixing and other improvements.\n* Eric Wong, Hongli Lai, Jeremy Kemper for their continuous support and API\n  improvements.\n* Yehuda Katz and Carl Lerche for refactoring rackup.\n* Brian Candler, for `Rack::ContentType`.\n* Graham Batty, for improved handler loading.\n* Stephen Bannasch, for bug reports and documentation.\n* Gary Wright, for proposing a better `Rack::Response` interface.\n* Jonathan Buch, for improvements regarding `Rack::Response`.\n* Armin Röhrl, for tracking down bugs in the Cookie generator.\n* Alexander Kellett for testing the Gem and reviewing the announcement.\n* Marcus Rückert, for help with configuring and debugging lighttpd.\n* The WSGI team for the well-done and documented work they've done and Rack\n  builds up on.\n* All bug reporters and patch contributors not mentioned above.\n\n## License\n\nRack is released under the [MIT License](MIT-LICENSE).\n\n[Rack Specification]: https://rack.github.io/rack/main/SPEC_rdoc.html\n[Documentation]: https://rack.github.io/rack/\n[Security Policy]: SECURITY.md\n","funding_links":[],"readme_doi_urls":[],"works":{},"citation_counts":{},"total_citations":0,"keywords_from_contributors":["activerecord","activejob","mvc","rubygems","sinatra","rspec","crash-reporting","multithreading","rubocop","background-jobs"],"project_url":"https://ruby.ecosyste.ms/api/v1/projects/25","html_url":"https://ruby.ecosyste.ms/projects/25"}