Comment 5 for bug 1823200

It sounds like this could wind up being a class B1 report (can only be fixed in master) like related bug 1736773, or B2 (vulnerability without a complete fix yet, security note for all versions):

https://security.openstack.org/vmt-process.html#incident-report-taxonomy

If we can get some confirmation that there's unlikely to be any backportable fix on the way, then we may as well switch this to public ahead of the embargo expiration rather than delaying further. Thanks for checking!