We are ecstatic to announce the release of: blazar-dashboard 4.0.0: Horizon plugin for the Blazar Reservation Service for OpenStack This release is part of the victoria release series. The source is available from: https://opendev.org/openstack/blazar-dashboard Download the package from: https://tarballs.openstack.org/blazar-dashboard/ Please report issues through: https://bugs.launchpad.net/blazar/+bugs For more details, please see below. 4.0.0 ^^^^^ Security Issues * Uses "json.loads` instead of ``eval()" for JSON parsing, which could allow users of the Blazar dashboard to trigger code execution on the Horizon host as the user the Horizon service runs under. Changes in blazar-dashboard 3.0.0..4.0.0 ---------------------------------------- 5c7608d Use json.loads instead of eval for JSON parsing 77d4edc Update TOX_CONSTRAINTS_FILE for stable/victoria 85a2a1a Update .gitreview for stable/victoria f494ec1 Cleanup for Refactor-error-messages 1bc2c22 drop mock from lower-constraints and requirements daf0e0d Stop to use the __future__ module. dd86bf5 Add Python3 victoria unit tests b3d4325 Update master for stable/ussuri d249b80 Switch to newer openstackdocstheme and reno versions 76040f4 Bump default tox env from py37 to py38 049594c Add py38 package metadata 98944bf Fix hacking min version to 3.0.1 4209178 Fix build of html docs Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 2 +- blazar_dashboard/api/client.py | 5 ++--- blazar_dashboard/content/hosts/forms.py | 9 +++++---- blazar_dashboard/content/hosts/workflows.py | 7 ++++--- blazar_dashboard/content/leases/forms.py | 11 ++++++----- blazar_dashboard/test/test_data/blazar_data.py | 4 ++-- lower-constraints.txt | 1 - releasenotes/notes/remove-use-of-eval-ef359dec791c97cd.yaml | 6 ++++++ releasenotes/source/conf.py | 9 +++++---- releasenotes/source/index.rst | 1 + releasenotes/source/ussuri.rst | 6 ++++++ setup.cfg | 1 + test-requirements.txt | 3 +-- tox.ini | 10 +++++----- 17 files changed, 55 insertions(+), 37 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index b993b1e..6ec717e 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -10 +10 @@ -hacking>=3.0,<3.1.0 # Apache-2.0 +hacking>=3.0.1,<3.1.0 # Apache-2.0 @@ -13 +12,0 @@ coverage!=4.4,>=4.0 # Apache-2.0 -mock>=2.0.0 # BSD