Bump requirements to add os-vif CVE fix
Commit I616992cac978aa4a9b2bcff27a37953ddbb194ca in requirements contains a fix for OSSA-2019-004 / CVE-2019-15753, which users of neutron linuxbridge plugin should apply immediately. Related-Bug: #1837252 Change-Id: I9e6246970c55305ae8d300d796dbd17f00777cc8
This commit is contained in:
parent
375dd34655
commit
fdabf04869
|
@ -31,7 +31,7 @@
|
|||
|
||||
## Global Requirements
|
||||
requirements_git_repo: https://opendev.org/openstack/requirements
|
||||
requirements_git_install_branch: 00df062c5811566268ee3e007254fdcf485ee06f # HEAD as of 08.09.2019
|
||||
requirements_git_install_branch: 238bb754fb637c9f548b03af964f4e882d806b75
|
||||
requirements_git_track_branch: stable/stein
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
The requirements version has bumped to pull in os-vif 1.15.2, which contains
|
||||
the fix for OSSA-2019-004 / CVE-2019-15753. Operators using linuxbridge
|
||||
networking (the default in openstack-ansible) should update immediately.
|
||||
The fixed package will be installed in the nova venv upon re-deployment
|
||||
of nova using the os-nova-install.yml playbook. Afterwards, verify that
|
||||
the ageing timer on neutron-controlled linux bridges displays as "300.00"
|
||||
raher than "0.00" using ``brctl showstp <bridge name>``.
|
Loading…
Reference in New Issue