)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"7b0a6feb84e00a50bcb96d91019519eb86ef53f3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"a9694a89_e14882cc","updated":"2022-04-08 15:29:17.000000000","message":"LGTM","commit_id":"251fab17b51f99f1f0c1cce4985693993d8fb957"}],"releasenotes/notes/fix-remote-code-execution-on-amphora-3eb3adedcd696433.yaml":[{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"1dd32b9c642aa2df2eade167846e1185230563dc","unresolved":true,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"security:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fix potential remote execution issue with the HAProxy configuration on the amphora."},{"line_number":5,"context_line":"    Octavia API no longer accepts unencoded whitespace characters in url_path values"},{"line_number":6,"context_line":"    in update requests for healthmonitors."},{"line_number":7,"context_line":"    "}],"source_content_type":"text/x-yaml","patch_set":1,"id":"c4308b69_7346bd28","line":4,"updated":"2022-03-29 22:29:59.000000000","message":"Is this really an remote execution issue, or just a haproxy config issue?\nIf it\u0027s really a remote execution you will need to open a CVE, etc.\n\nYou have to be authenticated and own the load balancer to do this, so I\u0027m not convinced this is really a \"remote execution\" level issue.","commit_id":"a678edc0bdf75884c6d3420a37854ae4580ea8cc"},{"author":{"_account_id":34429,"name":"Tom Weininger","email":"dienste@weinimo.de","username":"tweining"},"change_message_id":"64a1d1436589cdd498eb8ce9002bd9a9741a5ab1","unresolved":false,"context_lines":[{"line_number":1,"context_line":"---"},{"line_number":2,"context_line":"security:"},{"line_number":3,"context_line":"  - |"},{"line_number":4,"context_line":"    Fix potential remote execution issue with the HAProxy configuration on the amphora."},{"line_number":5,"context_line":"    Octavia API no longer accepts unencoded whitespace characters in url_path values"},{"line_number":6,"context_line":"    in update requests for healthmonitors."},{"line_number":7,"context_line":"    "}],"source_content_type":"text/x-yaml","patch_set":1,"id":"8466d408_d4a9e917","line":4,"in_reply_to":"c4308b69_7346bd28","updated":"2022-03-30 09:35:49.000000000","message":"Well, I guess technically it is a remote execution issue, but because you need to be authorized and authenticated it is far less critical than it sounds. I will change it to \"potential security issue\". To me it is the HAProxy program execution feature[1] that makes it problematic nevertheless.\n\n[1] https://www.haproxy.com/documentation/hapee/latest/configuration/config-sections/program/","commit_id":"a678edc0bdf75884c6d3420a37854ae4580ea8cc"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"1dd32b9c642aa2df2eade167846e1185230563dc","unresolved":true,"context_lines":[{"line_number":4,"context_line":"    Fix potential remote execution issue with the HAProxy configuration on the amphora."},{"line_number":5,"context_line":"    Octavia API no longer accepts unencoded whitespace characters in url_path values"},{"line_number":6,"context_line":"    in update requests for healthmonitors."},{"line_number":7,"context_line":"    "}],"source_content_type":"text/x-yaml","patch_set":1,"id":"f990f49c_f5c7cdfc","line":7,"updated":"2022-03-29 22:29:59.000000000","message":"Extra whitespace here","commit_id":"a678edc0bdf75884c6d3420a37854ae4580ea8cc"},{"author":{"_account_id":34429,"name":"Tom Weininger","email":"dienste@weinimo.de","username":"tweining"},"change_message_id":"64a1d1436589cdd498eb8ce9002bd9a9741a5ab1","unresolved":false,"context_lines":[{"line_number":4,"context_line":"    Fix potential remote execution issue with the HAProxy configuration on the amphora."},{"line_number":5,"context_line":"    Octavia API no longer accepts unencoded whitespace characters in url_path values"},{"line_number":6,"context_line":"    in update requests for healthmonitors."},{"line_number":7,"context_line":"    "}],"source_content_type":"text/x-yaml","patch_set":1,"id":"0b28c22b_f4b69f41","line":7,"in_reply_to":"f990f49c_f5c7cdfc","updated":"2022-03-30 09:35:49.000000000","message":"Done","commit_id":"a678edc0bdf75884c6d3420a37854ae4580ea8cc"}]}