Comment 5 for bug 977944

Subscribed Horizon PTL to the bug.

For reference, here is the process we follow for vulnerability management in OpenStack: http://wiki.openstack.org/VulnerabilityManagement

I'd like to hold off on deciding on a CRD until we're ready to send out an advance notification of the issue. Next steps:

1) We will need a patch for both master and stable/essex. I suspect that the same patch will apply fine to both in this case.

2) The patch(es) need to be pre-approved on this bug by two members of horizon-core. Devin, can you handle that?

3) Once all of that is done, we can decide on a CRD and one of the VMT members can send out the advance notification. (I don't mind doing it.)