[openstack-dev] [new][bandit] Release 1.1.0 (httpoxy, important fixes)

Kelsey, Timothy John tim.kelsey at hpe.com
Mon Aug 15 13:39:51 UTC 2016

Hi folks,
New bandit release 1.1.0 has been tagged. Importantly, this includes a security fix for a bug[1] in HTML formatted reports that could permit XSS.

[New Features]
- New test for HTTPoxy bug (CVE-2016-5386)
- Man page added

[Bug Fixes]
- XSS bug fixed in HTML output (Security fix)
- Various typos and spelling errors fixed

[Behind the Scenes]
- Catch general exceptions per-file
- Many docs improvements
- Py3.5 bits

[1] https://bugs.launchpad.net/ossn/+bug/1612988


More information about the OpenStack-dev mailing list