Security Advisories (2)

CPANSA-Plack-2015-0202 (2015-02-02)

Fixed a possible directory traversal with Plack::App::File on Win32.

CVE-2026-7381 (2026-04-29)

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the Plack environment. A malicious client can set the X-Sendfile-Type header to "X-Accel-Redirect" to services running behind nginx reverse proxies, and then set the X-Accel-Mapping to map the path to an arbitrary file on the server. Since 1.0053, Plack::Middleware::XSendfile is deprecated and will be removed from future releases of Plack. This is similar to CVE-2025-61780 for Rack::Sendfile, although Plack::Middleware::XSendfile has some mitigations that disallow regular expressions to be used in the mapping, and only apply the mapping for the "X-Accel-Redirect" type.

NAME

Plack::Loader - (auto)load Plack Servers

SYNOPSIS

# auto-select server backends based on env vars
use Plack::Loader;
Plack::Loader->auto(%args)->run($app);

# specify the implementation with a name
Plack::Loader->load('FCGI', %args)->run($app);

DESCRIPTION

Plack::Loader is a factory class to load one of Plack::Handler subclasses based on the environment.

AUTOLOADING

Plack::Loader->auto(%args) will autoload the most correct server implementation by guessing from environment variables and Perl INC hashes.

PLACK_SERVER

env PLACK_SERVER=AnyEvent ...

Plack users can specify the specific implementation they want to load using the PLACK_SERVER environment variable.

PHP_FCGI_CHILDREN, GATEWAY_INTERFACE

If there's one of FastCGI or CGI specific environment variables set, use the corresponding server implementation.

%INC

If one of AnyEvent, Coro or POE is loaded, the relevant server implementation such as Twiggy, Corona or POE::Component::Server::PSGI will be loaded, if they're available.

To install Plack, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Plack

CPAN shell

perl -MCPAN -e shell
install Plack

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

AUTOLOADING

Module Install Instructions

Keyboard Shortcuts