Comment 26 for bug 1739593

I'm +1 now on the stable/pike backport https://review.openstack.org/#/c/543569/ - my +2 is pending discussion about a 'security' release note in the patch that mentions the CVE / OSSA which isn't yet published, and sounds like we might have a chicken-and-egg with that until the stable/ocata backport is proposed?