[requirements][requests] security update for requests in stable branches

Matthew Thode mthode at mthode.org
Fri Feb 15 14:35:31 UTC 2019


On 19-02-15 06:51:20, Boden Russell wrote:
> Just to confirm; the best way to test with this change is to submit a
> dummy patch that depends on 637124 in the respective project's
> stable/rocky branch?
> 
> 
> On 2/15/19 12:27 AM, Matthew Thode wrote:
> > Recently it was reported to us that requests had a recent release that
> > addressed a CVE (CVE-2018-18074).  Requests has no stable branches so
> > the only way to update openstack stable branches is to update to 2.20.1
> > in this case.  I wanted to pass this by people as requests is generally
> > a nasty library with nasty surprises.  It's passed our cross and dvsm
> > gating though (for rocky) so indications look good.  What I'm asking you
> > for is anything that could go wrong with updating (rocky in this case,
> > but possibly back to newton, depending on co-installability).  Please
> > let me know any blockers to to update (in the review preferably).
> > 
> > https://review.openstack.org/637124
> > 
> > Thanks,
> > 

Yes

-- 
Matthew Thode
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190215/309b9bca/attachment.sig>


More information about the openstack-discuss mailing list