[openstack-dev] [requirements][ffe] Critical bug found in python-cinderclient

Doug Hellmann doug at doughellmann.com
Tue Jul 31 19:50:42 UTC 2018

Excerpts from Sean McGinnis's message of 2018-07-31 14:15:08 -0500:
> A critical bug has been found in python-cinderclient that is impacting both
> horizon and python-openstackclient (at least).
> https://bugs.launchpad.net/cinder/+bug/1784703
> tl;dr is, something new was added with a microversion, but support for that was
> done incorrectly such that nothing less than that new microversion would be
> allowed. This patch addresses the issue:
> https://review.openstack.org/587601
> Once that lands we will need a new python-cinderclient release to unbreak
> clients. We may want to blacklist python-cinderclient 4.0.0, but I think at
> least just raising the upper-constraints should get things working again.
> Sean

Both adding the exclusion and changing the upper constraint makes sense,
since it will ensure that bad version never makes it back into the
constraints list.

We don't need to sync the exclusion setting into all of the projects
that depend on the client, so we won't need a new release of any of the
downstream consumers.

We could add the exclusion to OSC on master, just for accuracy's sake.


More information about the OpenStack-dev mailing list