Thanks, so if your patch in comment #2 is acceptable to the other cores and can be merged before the OpenStack Train coordinated release, I think we can just patch it publicly and dispense with any need for a formal security advisory. Does anyone disagree? Basically report class Y: https://security.openstack.org/vmt-process.html#incident-report-taxonomy
Thanks, so if your patch in comment #2 is acceptable to the other cores and can be merged before the OpenStack Train coordinated release, I think we can just patch it publicly and dispense with any need for a formal security advisory. Does anyone disagree? Basically report class Y: https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy