File _patchinfo of Package patchinfo.41925

<patchinfo incident="41925">
  <issue tracker="bnc" id="1248869">exporter-common package adds example.rb file breaking rmt-server because gce.rb engine also exists</issue>
  <issue tracker="bnc" id="1253953">VUL-0: CVE-2025-61780: rmt-server: improper handling of headers in `Rack::Sendfile` allows for bypass of proxy-level access restrictions</issue>
  <issue tracker="bnc" id="1248510">LTSS registry container access is denied</issue>
  <issue tracker="bnc" id="1251937">VUL-0: CVE-2025-61919: rmt-server: rack: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap</issue>
  <issue tracker="bnc" id="1246976">RMT does not correctly mirror custom repos that have repodata that uses xz compression</issue>
  <packager>digitaltomm</packager>
  <rating>important</rating>
  <category>recommended</category>
  <summary>Recommended update for rmt-server</summary>
  <description>This update for rmt-server fixes the following issues:

- Update to version 2.24:
    * Enable mirroring xz compressed repositories (bsc#1246976) 
    * Rack 2.2.20 security update (bsc#1253953, bsc#1251937)
    * Drop some de-published products from RMT
    * rmt-server-pubcloud:
        + Do not decode instance data coming from the system (bsc#1248510)
        + Include Live-Patching for SLES 15.X (jsc#PCT-630)
        + Handle only one data exporter (bsc#1248869)
        + Do not decode instance data from db to access registry (bsc#1248510)
        + Handle instance verification exceptions
</description>
</patchinfo>