594333a183
Bumps [rack](https://github.com/rack/rack) from 3.2.3 to 3.2.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rack/rack/blob/main/CHANGELOG.md">rack's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A Changelog</a>.</p> <h2>Unreleased</h2> <h3>Security</h3> <ul> <li><a href="https://github.com/advisories/GHSA-r657-rxjc-j557">CVE-2025-61780</a> Improper handling of headers in <code>Rack::Sendfile</code> may allow proxy bypass.</li> <li><a href="https://github.com/advisories/GHSA-6xw4-3v39-52mm">CVE-2025-61919</a> Unbounded read in <code>Rack::Request</code> form parsing can lead to memory exhaustion.</li> <li><a href="https://github.com/advisories/GHSA-whrj-4476-wvmp">CVE-2026-25500</a> XSS injection via malicious filename in <code>Rack::Directory</code>.</li> <li><a href="https://github.com/advisories/GHSA-mxw3-3hh2-x2mh">CVE-2026-22860</a> Directory traversal via root prefix bypass in <code>Rack::Directory</code>.</li> </ul> <h3>SPEC Changes</h3> <ul> <li>Define <code>rack.response_finished</code> callback arguments more strictly. (<a href="https://redirect.github.com/rack/rack/pull/2365">#2365</a>, <a href="https://github.com/skipkayhil"><code>@skipkayhil</code></a>)</li> </ul> <h3>Added</h3> <ul> <li>Add <code>Rack::Files#assign_headers</code> to allow overriding how the configured file headers are set. (<a href="https://redirect.github.com/rack/rack/pull/2377">#2377</a>, <a href="https://github.com/codergeek121"><code>@codergeek121</code></a>)</li> <li>Add support for <code>rack.response_finished</code> to <code>Rack::TempfileReaper</code>. (<a href="https://redirect.github.com/rack/rack/pull/2363">#2363</a>, <a href="https://github.com/skipkayhil"><code>@skipkayhil</code></a>)</li> <li>Add support for streaming bodies when using <code>Rack::Events</code>. (<a href="https://redirect.github.com/rack/rack/blob/main/redirect.github.com/rack/rack/pull/2375">#2375</a>, <a href="https://github.com/unflxw"><code>@unflxw</code></a>)</li> <li>Add <code>deflaters</code> option to <code>Rack::Deflater</code> to enable custom compression algorithms like zstd. (<a href="https://redirect.github.com/rack/rack/issues/2168">#2168</a>, <a href="https://github.com/alexanderadam"><code>@alexanderadam</code></a>)</li> <li>Add <code>Rack::Request#prefetch?</code> for identifying requests with <code>Sec-Purpose: prefetch</code> header set. (<a href="https://redirect.github.com/rack/rack/pull/2405">#2405</a>, <a href="https://github.com/glaszig"><code>@glaszig</code></a>)</li> <li>Add <code>rack.request.trusted_proxy</code> environment key to indicate whether the request is coming from a trusted proxy.</li> </ul> <h3>Changed</h3> <ul> <li>Raise before exceeding a part limit, not after. (<a href="https://redirect.github.com/rack/rack/pull/2362">#2362</a>, <a href="https://github.com/matthew-puku"><code>@matthew-puku</code></a>)</li> <li>Rack::Deflater now uses a fixed GZip mtime value. (<a href="https://redirect.github.com/rack/rack/pull/2372">#2372</a>, <a href="https://github.com/bensheldon"><code>@bensheldon</code></a>)</li> <li>Multipart parser drops support for RFC 2231 <code>filename*</code> parameter (prohibited by RFC 7578) and now properly handles UTF-8 encoded filenames via percent-encoding and direct UTF-8 bytes. (<a href="https://redirect.github.com/rack/rack/pull/2398">#2398</a>, <a href="https://github.com/wtn"><code>@wtn</code></a>)</li> <li>The query parser now raises <code>Rack::QueryParser::IncompatibleEncodingError</code> if we try to parse params that are not ASCII compatible. (<a href="https://redirect.github.com/rack/rack/pull/2416">#2416</a>, <a href="https://github.com/bquorning"><code>@bquorning</code></a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Multipart parser: limit MIME header size check to the unread buffer region to avoid false <code>multipart mime part header too large</code> errors when previously read data accumulates in the scan buffer. (<a href="https://redirect.github.com/rack/rack/pull/2392">#2392</a>, <a href="https://github.com/alpaca-tc"><code>@alpaca-tc</code></a>, <a href="https://github.com/willnet"><code>@willnet</code></a>, <a href="https://github.com/krororo"><code>@krororo</code></a>)</li> <li>Fix <code>Rack::MockResponse#body</code> when the body is a Proc. (<a href="https://redirect.github.com/rack/rack/pull/2420">#2420</a>, <a href="https://redirect.github.com/rack/rack/pull/2423">#2423</a>, <a href="https://github.com/tavianator"><code>@tavianator</code></a>, [<a href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li> </ul> <h2>[3.2.4] - 2025-11-03</h2> <h3>Fixed</h3> <ul> <li>Multipart parser: limit MIME header size check to the unread buffer region to avoid false <code>multipart mime part header too large</code> errors when previously read data accumulates in the scan buffer. (<a href="https://redirect.github.com/rack/rack/pull/2392">#2392</a>, <a href="https://github.com/alpaca-tc"><code>@alpaca-tc</code></a>, <a href="https://github.com/willnet"><code>@willnet</code></a>, <a href="https://github.com/krororo"><code>@krororo</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="bb5f3555bd"><code>bb5f355</code></a> Bump patch version.</li> <li><a href="f9bde3bc2d"><code>f9bde3b</code></a> Prevent directory traversal via root prefix bypass.</li> <li><a href="93a68f58aa"><code>93a68f5</code></a> XSS injection via malicious filename in <code>Rack::Directory</code>.</li> <li><a href="3b8b0d22d6"><code>3b8b0d2</code></a> Fix MockResponse#body when the body is a Proc (<a href="https://redirect.github.com/rack/rack/issues/2420">#2420</a>)</li> <li><a href="4c24539777"><code>4c24539</code></a> Bump patch version.</li> <li><a href="3ba5e4f22f"><code>3ba5e4f</code></a> Allow Multipart head to span read boundary. (<a href="https://redirect.github.com/rack/rack/issues/2392">#2392</a>)</li> <li>See full diff in <a href="https://github.com/rack/rack/compare/v3.2.3...v3.2.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/chatwoot/chatwoot/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Chatwoot
The modern customer support platform, an open-source alternative to Intercom, Zendesk, Salesforce Service Cloud etc.
Chatwoot is the modern, open-source, and self-hosted customer support platform designed to help businesses deliver exceptional customer support experience. Built for scale and flexibility, Chatwoot gives you full control over your customer data while providing powerful tools to manage conversations across channels.
✨ Captain – AI Agent for Support
Supercharge your support with Captain, Chatwoot’s AI agent. Captain helps automate responses, handle common queries, and reduce agent workload—ensuring customers get instant, accurate answers. With Captain, your team can focus on complex conversations while routine questions are resolved automatically. Read more about Captain here.
💬 Omnichannel Support Desk
Chatwoot centralizes all customer conversations into one powerful inbox, no matter where your customers reach out from. It supports live chat on your website, email, Facebook, Instagram, Twitter, WhatsApp, Telegram, Line, SMS etc.
📚 Help center portal
Publish help articles, FAQs, and guides through the built-in Help Center Portal. Enable customers to find answers on their own, reduce repetitive queries, and keep your support team focused on more complex issues.
🗂️ Other features
Collaboration & Productivity
- Private Notes and @mentions for internal team discussions.
- Labels to organize and categorize conversations.
- Keyboard Shortcuts and a Command Bar for quick navigation.
- Canned Responses to reply faster to frequently asked questions.
- Auto-Assignment to route conversations based on agent availability.
- Multi-lingual Support to serve customers in multiple languages.
- Custom Views and Filters for better inbox organization.
- Business Hours and Auto-Responders to manage response expectations.
- Teams and Automation tools for scaling support workflows.
- Agent Capacity Management to balance workload across the team.
Customer Data & Segmentation
- Contact Management with profiles and interaction history.
- Contact Segments and Notes for targeted communication.
- Campaigns to proactively engage customers.
- Custom Attributes for storing additional customer data.
- Pre-Chat Forms to collect user information before starting conversations.
Integrations
- Slack Integration to manage conversations directly from Slack.
- Dialogflow Integration for chatbot automation.
- Dashboard Apps to embed internal tools within Chatwoot.
- Shopify Integration to view and manage customer orders right within Chatwoot.
- Use Google Translate to translate messages from your customers in realtime.
- Create and manage Linear tickets within Chatwoot.
Reports & Insights
- Live View of ongoing conversations for real-time monitoring.
- Conversation, Agent, Inbox, Label, and Team Reports for operational visibility.
- CSAT Reports to measure customer satisfaction.
- Downloadable Reports for offline analysis and reporting.
Documentation
Detailed documentation is available at chatwoot.com/help-center.
Translation process
The translation process for Chatwoot web and mobile app is managed at https://translate.chatwoot.com using Crowdin. Please read the translation guide for contributing to Chatwoot.
Branching model
We use the git-flow branching model. The base branch is develop.
If you are looking for a stable version, please use the master or tags labelled as v1.x.x.
Deployment
Heroku one-click deploy
Deploying Chatwoot to Heroku is a breeze. It's as simple as clicking this button:
Follow this link to understand setting the correct environment variables for the app to work with all the features. There might be breakages if you do not set the relevant environment variables.
DigitalOcean 1-Click Kubernetes deployment
Chatwoot now supports 1-Click deployment to DigitalOcean as a kubernetes app.
Other deployment options
For other supported options, checkout our deployment page.
Security
Looking to report a vulnerability? Please refer our SECURITY.md file.
Community
If you need help or just want to hang out, come, say hi on our Discord server.
Contributors
Thanks goes to all these wonderful people:
Chatwoot © 2017-2026, Chatwoot Inc - Released under the MIT License.