)]}'
{"releasenotes/notes/security-bug-2148319-49974afdcd38d9c0.yaml":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"9b0e9724a3577c89dde6ad9954c039f9c6598b27","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"security:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    A vulnerability was discovered in an minimally documented feature of"},{"line_number":5,"context_line":"    Ironic where an absolute path to a ``pxe_template`` override value could"},{"line_number":6,"context_line":"    be defined by an authenticated and privilged API user. The Ironic team has"},{"line_number":7,"context_line":"    chosen to immediately deprecate and remove this functionality. To provide"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"ef7992f9_8aeec337","line":4,"updated":"2026-06-03 15:48:59.000000000","message":"\"a minimally\"","commit_id":"e07527aa47e5e60725bea1efb041c426a294bf0f"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"9b0e9724a3577c89dde6ad9954c039f9c6598b27","unresolved":true,"context_lines":[{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    A vulnerability was discovered in an minimally documented feature of"},{"line_number":5,"context_line":"    Ironic where an absolute path to a ``pxe_template`` override value could"},{"line_number":6,"context_line":"    be defined by an authenticated and privilged API user. The Ironic team has"},{"line_number":7,"context_line":"    chosen to immediately deprecate and remove this functionality. To provide"},{"line_number":8,"context_line":"    an immediate security fix, this functionality is now disabled by default."},{"line_number":9,"context_line":"    The functionality can be re-enabled via the"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"7faab528_37086121","line":6,"updated":"2026-06-03 15:48:59.000000000","message":"\"privileged\"","commit_id":"e07527aa47e5e60725bea1efb041c426a294bf0f"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"9b0e9724a3577c89dde6ad9954c039f9c6598b27","unresolved":true,"context_lines":[{"line_number":13,"context_line":"    `bug 2148319 \u003chttps://bugs.launchpad.net/ironic/+bug/2148319\u003e`_."},{"line_number":14,"context_line":"fixes:"},{"line_number":15,"context_line":"  - |"},{"line_number":16,"context_line":"    Fixes a vulnerability (CVE-2026-44917) which was identified inhandling"},{"line_number":17,"context_line":"    of pxe_template overrides where an authenticated and authorized user"},{"line_number":18,"context_line":"    could request an override template via direct file path which would"},{"line_number":19,"context_line":"    bypass file URL handling guards introduced in OSSA-2025-001. This"}],"source_content_type":"text/x-yaml","patch_set":1,"id":"04f94974_14f1fdd0","line":16,"updated":"2026-06-03 15:48:59.000000000","message":"\"in handling\"","commit_id":"e07527aa47e5e60725bea1efb041c426a294bf0f"}]}