Thanks, for now the VMT will consider this a class C1 report (impractical vulnerability) and so not plan to issue any advisory:
https://security.openstack.org/vmt-process.html#incident-report-taxonomy
Let us know if the situation changes and you determine it's risky enough to backport a solution to supported stable branches.
Thanks, for now the VMT will consider this a class C1 report (impractical vulnerability) and so not plan to issue any advisory:
https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy
Let us know if the situation changes and you determine it's risky enough to backport a solution to supported stable branches.