We are excited to announce the release of: blazar-dashboard 1.3.1: Horizon plugin for the Blazar Reservation Service for OpenStack This release is part of the stein stable release series. The source is available from: https://opendev.org/openstack/blazar-dashboard Download the package from: https://tarballs.openstack.org/blazar-dashboard/ Please report issues through: https://bugs.launchpad.net/blazar/+bugs For more details, please see below. 1.3.1 ^^^^^ Security Issues * Uses "json.loads` instead of ``eval()" for JSON parsing, which could allow users of the Blazar dashboard to trigger code execution on the Horizon host as the user the Horizon service runs under. Changes in blazar-dashboard 1.3.0..1.3.1 ---------------------------------------- ee10b2c Use json.loads instead of eval for JSON parsing 17b53e9 OpenDev Migration Patch f1b8b15 Update UPPER_CONSTRAINTS_FILE for stable/stein f5e6a4e Update .gitreview for stable/stein Diffstat (except docs and test files) ------------------------------------- .gitreview | 3 ++- blazar_dashboard/api/client.py | 3 ++- blazar_dashboard/content/hosts/forms.py | 7 ++++--- blazar_dashboard/content/hosts/workflows.py | 7 ++++--- blazar_dashboard/content/leases/forms.py | 7 ++++--- blazar_dashboard/test/test_data/blazar_data.py | 4 ++-- releasenotes/notes/remove-use-of-eval-ef359dec791c97cd.yaml | 6 ++++++ tox.ini | 6 +++--- 8 files changed, 27 insertions(+), 16 deletions(-)