From Al Bailey: StarlingX ships with python2-django-1.11.20
This vulnerability warning is for Django 1.11 before 1.11.28 allows SQL Injection
So this issue applies to us.
However, we are currently locked based on the “stein” upper constraints which is 1.11.20 https://github.com/openstack/requirements/blob/stable/stein/upper-constraints.txt#L419
Train locks to 1.11.24, but that would also have his CVE violation https://github.com/openstack/requirements/blob/stable/train/upper-constraints.txt#L507
From Al Bailey: django- 1.11.20
StarlingX ships with python2-
This vulnerability warning is for Django 1.11 before 1.11.28 allows SQL Injection
So this issue applies to us.
However, we are currently locked based on the “stein” upper constraints which is 1.11.20 /github. com/openstack/ requirements/ blob/stable/ stein/upper- constraints. txt#L419
https:/
Train locks to 1.11.24, but that would also have his CVE violation /github. com/openstack/ requirements/ blob/stable/ train/upper- constraints. txt#L507
https:/