[requirements][requests] security update for requests in stable branches

Matthew Thode mthode at mthode.org
Fri Feb 15 07:27:49 UTC 2019


Recently it was reported to us that requests had a recent release that
addressed a CVE (CVE-2018-18074).  Requests has no stable branches so
the only way to update openstack stable branches is to update to 2.20.1
in this case.  I wanted to pass this by people as requests is generally
a nasty library with nasty surprises.  It's passed our cross and dvsm
gating though (for rocky) so indications look good.  What I'm asking you
for is anything that could go wrong with updating (rocky in this case,
but possibly back to newton, depending on co-installability).  Please
let me know any blockers to to update (in the review preferably).

https://review.openstack.org/637124

Thanks,

-- 
Matthew Thode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190215/b49b27ec/attachment.sig>


More information about the openstack-discuss mailing list