[stable-em-only] Add CVE-2023-2088 warning

The Cinder project team does not intend to backport a fix for
CVE-2023-2088 to stable/wallaby, so add a warning to the README
so that consumers are aware of the vulnerability of this branch
of the cinder code.

Change-Id: I83b5232076250553650b8b97409cbf72e90c15b9
Related-bug: #2004555
This commit is contained in:
Brian Rosmaita 2023-06-07 18:01:12 -04:00
parent 36649bd714
commit 2fef6c41fa

View File

@ -7,6 +7,22 @@ OpenStack Cinder
.. Change things from this point on
.. warning::
The stable/wallaby branch of cinder does not contain a fix for
CVE-2023-2088_. Be aware that such a fix must span cinder, os-brick,
nova, and, depending on your deployment configuration, glance_store
and ironic. *The Cinder project team advises against using the code
in this branch unless a mitigation against CVE-2023-2088 is applied.*
.. _CVE-2023-2088: https://nvd.nist.gov/vuln/detail/CVE-2023-2088
References:
* https://nvd.nist.gov/vuln/detail/CVE-2023-2088
* https://bugs.launchpad.net/cinder/+bug/2004555
* https://security.openstack.org/ossa/OSSA-2023-003.html
* https://wiki.openstack.org/wiki/OSSN/OSSN-0092
OpenStack Cinder is a storage service for an open cloud computing service.
You can learn more about Cinder at: