Updated the patch to include a reference to the now-assigned CVE.
The one patch applies cleanly to stable/wallaby and later. For earlier branches, it should be fairly easy to cherry-pick; it's simple context differences for stable/train through stable/victoria, and a minor unit test conflict for stable/rocky and stable/stein.
Recently checked on the stable gates, too -- we should be able to merge patches at least as far back as stein without too much difficulty.
Matt, Alistair, Clay, can I get some reviews on the newest patch?
Jeremy, have we sent the advance notice already, or are we waiting on reviews? FWIW, the only feedback I expect would be with regard to testing -- the crux of the issue is the one line change in swift/common/middleware/s3api/etree.py
Updated the patch to include a reference to the now-assigned CVE.
The one patch applies cleanly to stable/wallaby and later. For earlier branches, it should be fairly easy to cherry-pick; it's simple context differences for stable/train through stable/victoria, and a minor unit test conflict for stable/rocky and stable/stein.
Recently checked on the stable gates, too -- we should be able to merge patches at least as far back as stein without too much difficulty.
Matt, Alistair, Clay, can I get some reviews on the newest patch?
Jeremy, have we sent the advance notice already, or are we waiting on reviews? FWIW, the only feedback I expect would be with regard to testing -- the crux of the issue is the one line change in swift/common/ middleware/ s3api/etree. py