Subscribed Horizon PTL to the bug.
For reference, here is the process we follow for vulnerability management in OpenStack: http://wiki.openstack.org/VulnerabilityManagement
I'd like to hold off on deciding on a CRD until we're ready to send out an advance notification of the issue. Next steps:
1) We will need a patch for both master and stable/essex. I suspect that the same patch will apply fine to both in this case.
2) The patch(es) need to be pre-approved on this bug by two members of horizon-core. Devin, can you handle that?
3) Once all of that is done, we can decide on a CRD and one of the VMT members can send out the advance notification. (I don't mind doing it.)
Subscribed Horizon PTL to the bug.
For reference, here is the process we follow for vulnerability management in OpenStack: http:// wiki.openstack. org/Vulnerabili tyManagement
I'd like to hold off on deciding on a CRD until we're ready to send out an advance notification of the issue. Next steps:
1) We will need a patch for both master and stable/essex. I suspect that the same patch will apply fine to both in this case.
2) The patch(es) need to be pre-approved on this bug by two members of horizon-core. Devin, can you handle that?
3) Once all of that is done, we can decide on a CRD and one of the VMT members can send out the advance notification. (I don't mind doing it.)