Re: [all][requirements][stable] requests version bump on stable brances {pike|queens} for CVE-2018-18074

Jean-Philippe Evrard jean-philippe at
Mon May 13 13:42:30 UTC 2019

> To extend on this, I thought that OSA had the ability to override
> certian constraints (meaning they could run the check and maintain the
> overrides on their end).

OSA does indeed. But this problem is not limited to OSA, AFAIK.
If I read Jesse's comment correctly, the point was to get a clear state of what we do as a community.
I agree with Jesse, we should do as much upstream as we can, so that the whole community benefits from it.
If things are updated on a best effort basis in u-c, more than a single project benefits from this.
If things are not updated on a best effort basis, then source based deployment projects should discuss together on making this a reality.
In all cases, this deserves documentation if it's not documented already (I totally missed that part of the documentation myself).


More information about the openstack-discuss mailing list