[release-announce] blazar-dashboard 2.0.1 (train)
no-reply at openstack.org
no-reply at openstack.org
Tue Oct 6 15:28:01 UTC 2020
We are excited to announce the release of:
blazar-dashboard 2.0.1: Horizon plugin for the Blazar Reservation
Service for OpenStack
This release is part of the train stable release series.
The source is available from:
https://opendev.org/openstack/blazar-dashboard
Download the package from:
https://tarballs.openstack.org/blazar-dashboard/
Please report issues through:
https://bugs.launchpad.net/blazar/+bugs
For more details, please see below.
2.0.1
^^^^^
Security Issues
* Uses "json.loads` instead of ``eval()" for JSON parsing, which
could allow users of the Blazar dashboard to trigger code execution
on the Horizon host as the user the Horizon service runs under.
Changes in blazar-dashboard 2.0.0..2.0.1
----------------------------------------
63e9c5d Use json.loads instead of eval for JSON parsing
e39e27a Update TOX/UPPER_CONSTRAINTS_FILE for stable/train
75b32f1 Update .gitreview for stable/train
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 1 +
blazar_dashboard/api/client.py | 3 ++-
blazar_dashboard/content/hosts/forms.py | 7 ++++---
blazar_dashboard/content/hosts/workflows.py | 7 ++++---
blazar_dashboard/content/leases/forms.py | 7 ++++---
blazar_dashboard/test/test_data/blazar_data.py | 4 ++--
releasenotes/notes/remove-use-of-eval-ef359dec791c97cd.yaml | 6 ++++++
tox.ini | 6 +++---
8 files changed, 26 insertions(+), 15 deletions(-)
More information about the Release-announce
mailing list