If the bug is really only in the design of Swift3 for this operation and the other changes are merely fixing non-production test tooling (in Swift) or adding support for Swift3's needs (in keystonemiddleware and python-keystoneclient), then the OpenStack VMT won't be issuing an official OpenStack Security Advisory. In that case the Swift3 team is still welcome to still follow our processes documented at https://security.openstack.org/vmt-process.html and the OpenStack VMT can provide access to the list of downstream stakeholders if coordinated disclosure and advance notification are deemed useful.
If the bug is really only in the design of Swift3 for this operation and the other changes are merely fixing non-production test tooling (in Swift) or adding support for Swift3's needs (in keystonemiddleware and python- keystoneclient) , then the OpenStack VMT won't be issuing an official OpenStack Security Advisory. In that case the Swift3 team is still welcome to still follow our processes documented at https:/ /security. openstack. org/vmt- process. html and the OpenStack VMT can provide access to the list of downstream stakeholders if coordinated disclosure and advance notification are deemed useful.