[requirements][requests] security update for requests in stable branches
Matthew Thode
mthode at mthode.org
Fri Feb 15 14:35:31 UTC 2019
On 19-02-15 06:51:20, Boden Russell wrote:
> Just to confirm; the best way to test with this change is to submit a
> dummy patch that depends on 637124 in the respective project's
> stable/rocky branch?
>
>
> On 2/15/19 12:27 AM, Matthew Thode wrote:
> > Recently it was reported to us that requests had a recent release that
> > addressed a CVE (CVE-2018-18074). Requests has no stable branches so
> > the only way to update openstack stable branches is to update to 2.20.1
> > in this case. I wanted to pass this by people as requests is generally
> > a nasty library with nasty surprises. It's passed our cross and dvsm
> > gating though (for rocky) so indications look good. What I'm asking you
> > for is anything that could go wrong with updating (rocky in this case,
> > but possibly back to newton, depending on co-installability). Please
> > let me know any blockers to to update (in the review preferably).
> >
> > https://review.openstack.org/637124
> >
> > Thanks,
> >
Yes
--
Matthew Thode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190215/309b9bca/attachment.sig>
More information about the openstack-discuss
mailing list