@Tristan, the problem is that there are several places that need this deflate method in Juno. I think disabling /0 allowed address pairs is an okay hack to solve this security issue for juno. We can always a better fix later (though gerrit which will be easier to test). It does break an API workflow people could have previously been using, that said the dataplane slide of it would not have worked in juno because of this bug.
@Darragh - yes this issue exists in juno with the ip set driver.
@Tristan, the problem is that there are several places that need this deflate method in Juno. I think disabling /0 allowed address pairs is an okay hack to solve this security issue for juno. We can always a better fix later (though gerrit which will be easier to test). It does break an API workflow people could have previously been using, that said the dataplane slide of it would not have worked in juno because of this bug.
@Darragh - yes this issue exists in juno with the ip set driver.