We exuberantly announce the release of: ironic-inspector 7.2.4: Hardware introspection for OpenStack Bare Metal This release is part of the queens stable release series. The source is available from: https://opendev.org/openstack/ironic-inspector Download the package from: https://tarballs.openstack.org/ironic-inspector/ Please report issues through: https://bugs.launchpad.net/ironic-inspector/+bugs For more details, please see below. 7.2.4 ^^^^^ Security Issues *************** * Fixes insufficient input filtering when looking up a node by information from the introspection data. It could potentially allow SQL injections via the "/v1/continue" API endpoint. See story 2005678 (https://storyboard.openstack.org/#!/story/2005678) for details. Bug Fixes ********* * Fix starting inspection of node having IPv6 BMC address. Inspection could not be initiated because v6 address was being considered as a hostname. Thus resolving incorrect hostname ended up with blocking error. Changes in ironic-inspector 7.2.3..7.2.4 ---------------------------------------- 17c796b Eliminate SQL injection vulnerability in node_cache a28fd20 OpenDev Migration Patch 4cdd6f0 Replace openstack.org git:// URLs with https:// 81c0e17 Fix lookup when ipmi_address is a hostname d934e9a Use getaddrinfo instead of gethostbyname while resolving BMC address Diffstat (except docs and test files) ------------------------------------- .gitreview | 2 +- ironic_inspector/common/ironic.py | 37 +++++++++++---- ironic_inspector/introspect.py | 5 +- ironic_inspector/node_cache.py | 15 +++--- ironic_inspector/plugins/discovery.py | 3 +- ironic_inspector/test/unit/test_common_ironic.py | 53 ++++++++++++++-------- ironic_inspector/test/unit/test_introspect.py | 40 +++++++++++++--- ironic_inspector/test/unit/test_node_cache.py | 5 ++ .../legacy/ironic-inspector-grenade-dsvm/run.yaml | 18 ++++---- .../run.yaml | 12 ++--- .../ironic-inspector-tempest-dsvm-python3/run.yaml | 10 ++-- ...find-node-input-filtering-e8ea529252e80739.yaml | 7 +++ ...-address-start-inspection-7a72794f25eb9f19.yaml | 7 +++ zuul.d/legacy-ironic-inspector-jobs.yaml | 4 +- 14 files changed, 151 insertions(+), 67 deletions(-)