Comment 13 for bug 1735724

Are modern versions of Neutron still sufficiently vulnerable to this to warrant publication of an advisory once it's closed? Is a fix similar to the abandoned https://review.opendev.org/527210 still needed?