I think we can get this into M, N, and O. Since this is a Class A vuln (with a Pending OSSA), it should be within scope of adding and potentially cutting another release if needed / freeze exception (I'd advocate for that for most security fixes)
Once we have the ok from oslo-coresec on the impact statement (#14) we can move forward with CVE request and move towards disclosure and submitting the patch to gerrit.
@Joshua, any additions/changes/concerns with the impact statement?
@Steve,
I think we can get this into M, N, and O. Since this is a Class A vuln (with a Pending OSSA), it should be within scope of adding and potentially cutting another release if needed / freeze exception (I'd advocate for that for most security fixes)
Once we have the ok from oslo-coresec on the impact statement (#14) we can move forward with CVE request and move towards disclosure and submitting the patch to gerrit.
@Joshua, any additions/ changes/ concerns with the impact statement?