CVE Summaries¶

This lists the CVEs with the RackN product.

CVE Tracking and Disclosure¶

RackN monitors Common Vulnerabilities and Exposures (CVEs) that affect Digital Rebar Provision (DRP) and its dependencies, including the Go runtime, third-party libraries, and bundled tooling. This page serves as the landing point for security disclosures related to the DRP product. Individual CVE entries are listed below the introduction and are organized by the date they were reported to RackN.

When a vulnerability is identified — whether reported by a customer, discovered internally, or published in a public database — RackN evaluates its severity and impact on DRP. Critical and high severity CVEs are addressed in patch releases as quickly as practical. Medium and low severity issues may be bundled into the next scheduled minor release. Fixes are not back-ported to unsupported release branches unless explicitly noted in the CVE entry.

To report a security concern or vulnerability in DRP, submit a request at https://rackn.zendesk.com/hc/en-us/requests/new. For general security architecture questions, see the Security FAQ page.

Update Policy¶

• Critical / High severity: addressed in a dedicated patch release as soon as a fix is validated.
• Medium severity: addressed in the next scheduled minor or patch release.
• Low severity: addressed opportunistically, typically in the next minor release.
• Unsupported releases: no patches are produced. Operators must upgrade to a supported version to receive security fixes.

Administrators and operators responsible for DRP installations should subscribe to release notifications and review this page when planning maintenance windows. See Release Information for the current release stream and version information.

CVE Entries¶

CVE entries are listed below this introduction in reverse chronological order by report date.