Headline
RHSA-2023:1981: Red Hat Security Advisory: pcs security and bug fix update
An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-27530: A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected, resulting in a denial of service.
- CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-25
Updated:
2023-04-25
RHSA-2023:1981 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: pcs security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
- rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)
- rubygem-rack: denial of service in header parsing (CVE-2023-27539)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Command ‘pcs config checkpoint diff’ does not show configuration differences between checkpoints (BZ#2180699)
- [WebUI] fence levels prevent loading of cluster status (BZ#2183192)
Affected Products
- Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.0 s390x
- Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux Resilient Storage for Power LE - 4 years of updates 9.0 ppc64le
- Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2176477 - CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing
- BZ - 2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing
- BZ - 2180699 - Command ‘pcs config checkpoint diff’ does not show configuration differences between checkpoints [rhel-9.0.0.z]
- BZ - 2183192 - [WebUI] fence levels prevent loading of cluster status [rhel-9.0.0.z]
Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
x86_64
pcs-0.11.1-10.el9_0.4.x86_64.rpm
SHA-256: 25035bb01b78737cdd76ad962202a6594964da7c1239844d6f384124cf86bf01
pcs-snmp-0.11.1-10.el9_0.4.x86_64.rpm
SHA-256: 23c4f73ec1a5e9ab4ba287490671c7c63c12e99596707d6c8f6343dbbce770e5
Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
x86_64
pcs-0.11.1-10.el9_0.4.x86_64.rpm
SHA-256: 25035bb01b78737cdd76ad962202a6594964da7c1239844d6f384124cf86bf01
pcs-snmp-0.11.1-10.el9_0.4.x86_64.rpm
SHA-256: 23c4f73ec1a5e9ab4ba287490671c7c63c12e99596707d6c8f6343dbbce770e5
Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
ppc64le
pcs-0.11.1-10.el9_0.4.ppc64le.rpm
SHA-256: ff92f05b7c13cab0ece04eec9c682d780e9eaa5c821c0a896d34b8bac43e0b6d
pcs-snmp-0.11.1-10.el9_0.4.ppc64le.rpm
SHA-256: 530a0c260c6a181b6f1d07d30ebca20a89fc88908762d03623bef23ede818765
Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
ppc64le
pcs-0.11.1-10.el9_0.4.ppc64le.rpm
SHA-256: ff92f05b7c13cab0ece04eec9c682d780e9eaa5c821c0a896d34b8bac43e0b6d
pcs-snmp-0.11.1-10.el9_0.4.ppc64le.rpm
SHA-256: 530a0c260c6a181b6f1d07d30ebca20a89fc88908762d03623bef23ede818765
Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
ppc64le
pcs-0.11.1-10.el9_0.4.ppc64le.rpm
SHA-256: ff92f05b7c13cab0ece04eec9c682d780e9eaa5c821c0a896d34b8bac43e0b6d
pcs-snmp-0.11.1-10.el9_0.4.ppc64le.rpm
SHA-256: 530a0c260c6a181b6f1d07d30ebca20a89fc88908762d03623bef23ede818765
Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
x86_64
pcs-0.11.1-10.el9_0.4.x86_64.rpm
SHA-256: 25035bb01b78737cdd76ad962202a6594964da7c1239844d6f384124cf86bf01
pcs-snmp-0.11.1-10.el9_0.4.x86_64.rpm
SHA-256: 23c4f73ec1a5e9ab4ba287490671c7c63c12e99596707d6c8f6343dbbce770e5
Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
s390x
pcs-0.11.1-10.el9_0.4.s390x.rpm
SHA-256: cf1bb753ac1653762ac683ffb42cd2c88a756af68f1465413f9fb3efef2ed347
pcs-snmp-0.11.1-10.el9_0.4.s390x.rpm
SHA-256: 986535eeec37a035cef2c0b9529d9ae5a6b4f971d901ea7d61fd44e3fb7db050
Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
aarch64
pcs-0.11.1-10.el9_0.4.aarch64.rpm
SHA-256: f5a92d9109212c2d5fe0eda45a68cc776bfa95fdc9c2db14d96e57b80679baff
pcs-snmp-0.11.1-10.el9_0.4.aarch64.rpm
SHA-256: 8b2aa01899c61e8d408ecdc1ee3f8e633e5689924cf52898a6c3335c96286929
Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
s390x
pcs-0.11.1-10.el9_0.4.s390x.rpm
SHA-256: cf1bb753ac1653762ac683ffb42cd2c88a756af68f1465413f9fb3efef2ed347
pcs-snmp-0.11.1-10.el9_0.4.s390x.rpm
SHA-256: 986535eeec37a035cef2c0b9529d9ae5a6b4f971d901ea7d61fd44e3fb7db050
Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
aarch64
pcs-0.11.1-10.el9_0.4.aarch64.rpm
SHA-256: f5a92d9109212c2d5fe0eda45a68cc776bfa95fdc9c2db14d96e57b80679baff
pcs-snmp-0.11.1-10.el9_0.4.aarch64.rpm
SHA-256: 8b2aa01899c61e8d408ecdc1ee3f8e633e5689924cf52898a6c3335c96286929
Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
s390x
pcs-0.11.1-10.el9_0.4.s390x.rpm
SHA-256: cf1bb753ac1653762ac683ffb42cd2c88a756af68f1465413f9fb3efef2ed347
pcs-snmp-0.11.1-10.el9_0.4.s390x.rpm
SHA-256: 986535eeec37a035cef2c0b9529d9ae5a6b4f971d901ea7d61fd44e3fb7db050
Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
x86_64
pcs-0.11.1-10.el9_0.4.x86_64.rpm
SHA-256: 25035bb01b78737cdd76ad962202a6594964da7c1239844d6f384124cf86bf01
pcs-snmp-0.11.1-10.el9_0.4.x86_64.rpm
SHA-256: 23c4f73ec1a5e9ab4ba287490671c7c63c12e99596707d6c8f6343dbbce770e5
Red Hat Enterprise Linux Resilient Storage for Power LE - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
ppc64le
pcs-0.11.1-10.el9_0.4.ppc64le.rpm
SHA-256: ff92f05b7c13cab0ece04eec9c682d780e9eaa5c821c0a896d34b8bac43e0b6d
pcs-snmp-0.11.1-10.el9_0.4.ppc64le.rpm
SHA-256: 530a0c260c6a181b6f1d07d30ebca20a89fc88908762d03623bef23ede818765
Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.4.src.rpm
SHA-256: c1cd5c5f0b428fa769597463ef95604c7cd9e5ba0d25f82ab8d67ea0ff18b266
s390x
pcs-0.11.1-10.el9_0.4.s390x.rpm
SHA-256: cf1bb753ac1653762ac683ffb42cd2c88a756af68f1465413f9fb3efef2ed347
pcs-snmp-0.11.1-10.el9_0.4.s390x.rpm
SHA-256: 986535eeec37a035cef2c0b9529d9ae5a6b4f971d901ea7d61fd44e3fb7db050
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6905-1 - It was discovered that Rack incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
Ubuntu Security Notice 6837-1 - It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Rack incorrectly parsed certain media types. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service.
Ubuntu Security Notice 6689-1 - It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service.
Debian Linux Security Advisory 5530-1 - Several vulnerabilities were discovered in ruby-rack, a modular Ruby webserver interface, which may result in denial of service and shell escape sequence injection.
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat Security Advisory 2023-3403-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.
An update for pcs is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27530: A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected, resulting in a denial of ...
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.
Red Hat Security Advisory 2023-3082-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.
An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27530: A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected, resulting in a denial of service. * CVE-2023-27539:...
An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2319: It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific...
Red Hat Security Advisory 2023-1953-01 - Red Hat OpenShift Logging Subsystem 5.6.5 update. Issues addressed include cross site scripting and denial of service vulnerabilities.
Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. * CVE-2023-28120: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrus...
Red Hat Security Advisory 2023-1981-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-1961-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a denial of service vulnerability.
An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27530: A flaw was found in rubygem-rack. This issue occurs in the Multipart MIME parsing code in Rack, which limits the number of file parts but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected, resulting in a denial of ...
There is a denial of service vulnerability in the header parsing component of Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27539. Versions Affected: >= 2.0.0 Not affected: None. Fixed Versions: 2.2.6.4, 3.0.6.1 # Impact Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack (virtually all Rails applications) are impacted. # Workarounds Setting Regexp.timeout in Ruby 3.2 is a possible workaround.
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
There is a possible DoS vulnerability in the Multipart MIME parsing code in Rack. This vulnerability has been assigned the CVE identifier CVE-2023-27530. Versions Affected: All. Not affected: None Fixed Versions: 3.0.4.2, 2.2.6.3, 2.1.4.3, 2.0.9.3 # Impact The Multipart MIME parsing code in Rack limits the number of file parts, but does not limit the total number of parts that can be uploaded. Carefully crafted requests can abuse this and cause multipart parsing to take longer than expected. All users running an affected release should either upgrade or use one of the workarounds immediately. # Workarounds A proxy can be configured to limit the POST body size which will mitigate this issue.