blazar-dashboard 3.0.1 (ussuri)
We are stoked to announce the release of:
blazar-dashboard 3.0.1: Horizon plugin for the Blazar Reservation Service for OpenStack
This release is part of the ussuri stable release series.
The source is available from:
https://opendev.org/openstack/blazar-dashboard
Download the package from:
https://tarballs.openstack.org/blazar-dashboard/
Please report issues through:
https://bugs.launchpad.net/blazar/+bugs
For more details, please see below.
3.0.1 ^^^^^
Security Issues
* Uses "json.loads` instead of ``eval()" for JSON parsing, which could allow users of the Blazar dashboard to trigger code execution on the Horizon host as the user the Horizon service runs under.
Changes in blazar-dashboard 3.0.0..3.0.1 ----------------------------------------
168b4ae Use json.loads instead of eval for JSON parsing 1c2fc55 Update TOX_CONSTRAINTS_FILE for stable/ussuri 70c77cc Update .gitreview for stable/ussuri
Diffstat (except docs and test files) -------------------------------------
.gitreview | 1 + blazar_dashboard/api/client.py | 3 ++- blazar_dashboard/content/hosts/forms.py | 7 ++++--- blazar_dashboard/content/hosts/workflows.py | 7 ++++--- blazar_dashboard/content/leases/forms.py | 7 ++++--- blazar_dashboard/test/test_data/blazar_data.py | 4 ++-- releasenotes/notes/remove-use-of-eval-ef359dec791c97cd.yaml | 6 ++++++ tox.ini | 8 ++++---- 8 files changed, 27 insertions(+), 16 deletions(-)
participants (1)
-
no-reply@openstack.org