On 19-02-15 06:51:20, Boden Russell wrote:

Just to confirm; the best way to test with this change is to submit a dummy patch that depends on 637124 in the respective project's stable/rocky branch?

On 2/15/19 12:27 AM, Matthew Thode wrote:

...

Recently it was reported to us that requests had a recent release that addressed a CVE (CVE-2018-18074). Requests has no stable branches so the only way to update openstack stable branches is to update to 2.20.1 in this case. I wanted to pass this by people as requests is generally a nasty library with nasty surprises. It's passed our cross and dvsm gating though (for rocky) so indications look good. What I'm asking you for is anything that could go wrong with updating (rocky in this case, but possibly back to newton, depending on co-installability). Please let me know any blockers to to update (in the review preferably).

https://review.openstack.org/637124

Thanks,

Yes -- Matthew Thode