[release-announce] blazar-dashboard 1.3.1 (stein)
no-reply at openstack.org
no-reply at openstack.org
Tue Oct 6 15:04:02 UTC 2020
We are excited to announce the release of:
blazar-dashboard 1.3.1: Horizon plugin for the Blazar Reservation
Service for OpenStack
This release is part of the stein stable release series.
The source is available from:
https://opendev.org/openstack/blazar-dashboard
Download the package from:
https://tarballs.openstack.org/blazar-dashboard/
Please report issues through:
https://bugs.launchpad.net/blazar/+bugs
For more details, please see below.
1.3.1
^^^^^
Security Issues
* Uses "json.loads` instead of ``eval()" for JSON parsing, which
could allow users of the Blazar dashboard to trigger code execution
on the Horizon host as the user the Horizon service runs under.
Changes in blazar-dashboard 1.3.0..1.3.1
----------------------------------------
ee10b2c Use json.loads instead of eval for JSON parsing
17b53e9 OpenDev Migration Patch
f1b8b15 Update UPPER_CONSTRAINTS_FILE for stable/stein
f5e6a4e Update .gitreview for stable/stein
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 3 ++-
blazar_dashboard/api/client.py | 3 ++-
blazar_dashboard/content/hosts/forms.py | 7 ++++---
blazar_dashboard/content/hosts/workflows.py | 7 ++++---
blazar_dashboard/content/leases/forms.py | 7 ++++---
blazar_dashboard/test/test_data/blazar_data.py | 4 ++--
releasenotes/notes/remove-use-of-eval-ef359dec791c97cd.yaml | 6 ++++++
tox.ini | 6 +++---
8 files changed, 27 insertions(+), 16 deletions(-)
More information about the Release-announce
mailing list