openstack/os-brick
Code Issues Proposed changes
Files
ussuri-eol
os-brick/README.rst
Brian Rosmaita 2845871c87 [stable-em-only] Add CVE-2023-2088 warning 
The Cinder project team does not intend to backport a fix for
CVE-2023-2088 to stable/ussuri, so add a warning to the README
so that consumers are aware of the vulnerability of this branch
of the os-brick code.

Change-Id: Ie54cfc6697b4e54d37fd66dbad2ff20971399c00
Related-bug: #2004555
2023-06-07 18:36:02 -04:00

2.1 KiB
Raw Permalink Blame History

Team and repository tags

image

brick

Latest Version

Downloads

OpenStack Cinder brick library for managing local volume attaches

Warning

The stable/ussuri branch of os-brick does not contain a fix for CVE-2023-2088. Be aware that such a fix must span cinder, os-brick, nova, and, depending on your deployment configuration, glance_store and ironic. The Cinder project team advises against using the code in this branch unless a mitigation against CVE-2023-2088 is applied.

References:

Features

  • Discovery of volumes being attached to a host for many transport protocols.
  • Removal of volumes from a host.

Hacking

Hacking on brick requires python-gdbm (for Debian derived distributions), Python 2.7 and Python 3.4. A recent tox is required, as is a recent virtualenv (13.1.0 or newer).

If "tox -e py34" fails with the error "db type could not be determined", remove the .testrepository/ directory and then run "tox -e py34".

For any other information, refer to the developer documents:

https://docs.openstack.org/os-brick/latest/

OR refer to the parent project, Cinder:

https://docs.openstack.org/cinder/latest/

Release notes for the project can be found at:

https://docs.openstack.org/releasenotes/os-brick

View Git Blame Copy Permalink