Fix proposed to branch: master Review: https://review.openstack.org/528516 ** Changed in: cinder Status: New => In Progress ** Changed in: cinder Assignee: Jane Lee (lijing) => Sean McGinnis (sean-mcginnis) -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1732155 Title: bandit report: use defusedxml to avoid XML attack Status in Cinder: In Progress Status in OpenStack Security Advisory: Won't Fix Bug description: According to https://docs.openstack.org/bandit/latest/api/bandit.blacklists.html Using various XLM methods to parse untrusted XML data is known to be vulnerable to XML attacks. Methods should be replaced with their defusedxml equivalents. To manage notifications about this bug go to: https://bugs.launchpad.net/cinder/+bug/1732155/+subscriptions