osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[requirements][requests] security update for requests in stable branches


Recently it was reported to us that requests had a recent release that
addressed a CVE (CVE-2018-18074).  Requests has no stable branches so
the only way to update openstack stable branches is to update to 2.20.1
in this case.  I wanted to pass this by people as requests is generally
a nasty library with nasty surprises.  It's passed our cross and dvsm
gating though (for rocky) so indications look good.  What I'm asking you
for is anything that could go wrong with updating (rocky in this case,
but possibly back to newton, depending on co-installability).  Please
let me know any blockers to to update (in the review preferably).

https://review.openstack.org/637124

Thanks,

-- 
Matthew Thode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190215/b49b27ec/attachment.sig>