From d445898b3cbf59c264e875a33be34241fbd82e27 Mon Sep 17 00:00:00 2001
From: Mateus Nascimento <mateus.soaresdonascimento@windriver.com>
Date: Mon, 8 Sep 2025 14:41:50 -0300
Subject: [PATCH] Update Werkzeug minor version

This change aims to update the version for Werkzeug from 3.0.1 to
3.0.6. This is necessary due to CVE's related to the 3.0.1 version
and this update contains the fixes required for each of them.

Affected images:

  - stx-fm-rest-api
  - stx-glance
  - stx-heat
  - stx-keystone
  - stx-neutron
  - stx-nova
  - stx-placement

CVE's that will be fixed:

CVE-2024-49767: https://nvd.nist.gov/vuln/detail/CVE-2024-49767
CVE-2024-34069: https://nvd.nist.gov/vuln/detail/CVE-2024-34069
CVE-2024-49766: https://nvd.nist.gov/vuln/detail/CVE-2024-49766
CVE-2023-46136: https://nvd.nist.gov/vuln/detail/CVE-2023-46136
CVE-2023-25577: https://nvd.nist.gov/vuln/detail/CVE-2023-25577
CVE-2023-23934: https://nvd.nist.gov/vuln/detail/CVE-2023-23934

TEST PLAN

StarlingX build:
PASS: Build pkgs (build-pkgs --all)
PASS: Build wheels tarball
       (build-wheel-tarball.sh --keep-image --os debian)
PASS: Build base image
       (build-stx-base.sh --local --version <version>)
PASS: Build docker images
       (build-stx-images.sh --base <base image> \
        --no-pull-base --wheels <wheels tarball> )

Openstack:
PASS - build openstack
PASS - build affected images.
PASS - apply openstack
PASS - Pods healthy
PASS - Pod-to-pod connection
PASS - Pod-to-service connection
PASS - Host swact
PASS - Lock/unlock standby controller
PASS - Host reboot
PASS - create vm's
PASS - vm-to-vm connection

Closes-Bug: 2121699

Change-Id: Ibaf7792e3fb4d2f135372b91671e3b1ffa8f3e04
Signed-off-by: Mateus Nascimento <mateus.soaresdonascimento@windriver.com>
---
 .../debian/openstack-requirements/caracal/upper-constraints.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build-tools/build-wheels/debian/openstack-requirements/caracal/upper-constraints.txt b/build-tools/build-wheels/debian/openstack-requirements/caracal/upper-constraints.txt
index e07a143e..6812f559 100644
--- a/build-tools/build-wheels/debian/openstack-requirements/caracal/upper-constraints.txt
+++ b/build-tools/build-wheels/debian/openstack-requirements/caracal/upper-constraints.txt
@@ -527,7 +527,7 @@ os-vif===3.5.0
 hyperlink===21.0.0
 mitba===1.1.1
 python-masakariclient===8.4.0
-Werkzeug===3.0.1
+Werkzeug===3.0.6
 pyasn1-modules===0.3.0
 APScheduler===3.10.4
 xmlschema===2.5.1