Skip to content

P20-1753: Bump rack from 2.2.9 to 2.2.21 #70166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
artem-vavilov wants to merge 2 commits into
base: staging
Choose a base branch
from
Open

P20-1753: Bump rack from 2.2.9 to 2.2.21 #70166

artem-vavilov wants to merge 2 commits into from
+2 −2

Conversation

@artem-vavilov
Copy link
Member

@artem-vavilov artem-vavilov commented Jan 1, 2026
edited
Loading

@artem-vavilov artem-vavilov added the dependencies Pull requests that update a dependency file label Jan 5, 2026
@artem-vavilov artem-vavilov requested review from a team January 5, 2026 09:50
@Hamms
Copy link
Contributor

Hamms commented Jan 5, 2026

Glancing through the changelog, I note that version 2.2.14 has a warning about potentially breaking existing applications "if query parameters exceed 4,096 in count or 4 MB in total size"

I certainly hope that's not the case for any of our routes, but are we able to definitively confirm that?

@artem-vavilov
Copy link
Member Author

artem-vavilov commented Jan 12, 2026
edited
Loading

Glancing through the changelog, I note that version 2.2.14 has a warning about potentially breaking existing applications "if query parameters exceed 4,096 in count or 4 MB in total size"

I certainly hope that's not the case for any of our routes, but are we able to definitively confirm that?

The URL encoded parameter size limit (query string and form encoded POST parameters) is now 4,194,304 characters in the new Rack. This limit is enforced by Rack::QueryParser and does not apply to JSON request bodies (payload):

Rack::QueryParser::QueryLimitError: total query size exceeds limit (4194304)

In production, CloudFront enforces its own URL size limits and rejects requests whose URL (path plus query string) exceeds 8,192 bytes. As a result, requests with query strings larger than approximately 4,096 characters can be rejected by CloudFront with HTTP 413, independently of the Rack version or Rack query size limits:

largest_query

@sureshc
Copy link
Contributor

sureshc commented Jan 12, 2026

Can we search our CloudFront http logs for querystring larger than a specific size? Those logs might truncate that field at a specific length. I'll try to research that today.

Hamms
Hamms approved these changes Jan 12, 2026
View reviewed changes
Copy link
Contributor

@Hamms Hamms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fantastic, thank you for digging into this! That CloudFront limit is exactly the kind of evidence I was looking for to be able to be confident that this change will not affect any existing functionality.

LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Hamms Hamms Hamms approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@artem-vavilov @Hamms @sureshc