We are glad to announce the release of: ironic-inspector 8.2.1: Hardware introspection for OpenStack Bare Metal This release is part of the stein stable release series. The source is available from: https://opendev.org/openstack/ironic-inspector Download the package from: https://tarballs.openstack.org/ironic-inspector/ Please report issues through: https://storyboard.openstack.org/#!/project/944 For more details, please see below. 8.2.1 ^^^^^ Security Issues * Fixes insufficient input filtering when looking up a node by information from the introspection data. It could potentially allow SQL injections via the "/v1/continue" API endpoint. See story 2005678 (https://storyboard.openstack.org/#!/story/2005678) for details. Changes in ironic-inspector 8.2.0..8.2.1 ---------------------------------------- 67ff87e Eliminate SQL injection vulnerability in node_cache fbd3867 OpenDev Migration Patch bbd3894 Replace openstack.org git:// URLs with https:// 2ee155e Update UPPER_CONSTRAINTS_FILE for stable/stein 42900cc Update .gitreview for stable/stein Diffstat (except docs and test files) ------------------------------------- .gitreview | 3 ++- ironic_inspector/node_cache.py | 15 ++++++--------- ironic_inspector/test/unit/test_node_cache.py | 5 +++++ .../legacy/ironic-inspector-grenade-dsvm/run.yaml | 18 +++++++++--------- .../find-node-input-filtering-e8ea529252e80739.yaml | 7 +++++++ tox.ini | 2 +- zuul.d/ironic-inspector-jobs.yaml | 2 +- zuul.d/legacy-ironic-inspector-jobs.yaml | 4 ++-- 8 files changed, 33 insertions(+), 23 deletions(-)