)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"44840aea60a4761eebbf5e3ba24063ed3dc97b84","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"9f79e348_62a0eac1","updated":"2026-04-27 16:49:48.000000000","message":"LGTM, thank you @jay@jvf.cc","commit_id":"44e778d7563be0faca4d498e306ab75664da7ed9"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"39231e99e2dee97db0bd1c325b5b0c028bb5ed3e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"bee6f6cc_035ec0f5","updated":"2026-04-27 16:49:06.000000000","message":"LGTM. Also checked affected-versions string, patch hyperlinks, and html rendering.","commit_id":"44e778d7563be0faca4d498e306ab75664da7ed9"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"e5e8481c9752fe2fee9146b159e0360feba8572b","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"803f15af_60c92fb6","updated":"2026-04-27 16:54:05.000000000","message":"Carrying over rosmaita\u0027s +2 since I only had whitespace changes and need this landed so I can announce.","commit_id":"bd62e8f11a24e6014a845d7c886b8451b7384e8b"}],"ossa/OSSA-2026-008.yaml":[{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"9e1be626b953882d8230f8fc6ff9b9d2a1a473df","unresolved":true,"context_lines":[{"line_number":5,"context_line":"title: Command Injection in Ironic IPMI Console Implementations"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"description: \u003e"},{"line_number":8,"context_line":"  Dmitry Tantsur and Tuomo Tanskanen from the Metal3.io Security Team "},{"line_number":9,"context_line":"  reported a vulnerability in Ironic\u0027s IPMI console backends. A"},{"line_number":10,"context_line":"  project manager for the project marked as a ``node.owner`` can inject"},{"line_number":11,"context_line":"  arbitrary commands which a conductor executes on console activation."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"1cd40abb_211a007c","line":8,"updated":"2026-04-27 16:40:51.000000000","message":"nit: trailing whitespace","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"44840aea60a4761eebbf5e3ba24063ed3dc97b84","unresolved":false,"context_lines":[{"line_number":5,"context_line":"title: Command Injection in Ironic IPMI Console Implementations"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"description: \u003e"},{"line_number":8,"context_line":"  Dmitry Tantsur and Tuomo Tanskanen from the Metal3.io Security Team "},{"line_number":9,"context_line":"  reported a vulnerability in Ironic\u0027s IPMI console backends. A"},{"line_number":10,"context_line":"  project manager for the project marked as a ``node.owner`` can inject"},{"line_number":11,"context_line":"  arbitrary commands which a conductor executes on console activation."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"251db7d0_abd69d73","line":8,"in_reply_to":"1cd40abb_211a007c","updated":"2026-04-27 16:49:48.000000000","message":"Done","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"fb6149422585897bc962d31cacfd9b3bda4cfdfb","unresolved":true,"context_lines":[{"line_number":5,"context_line":"title: Command Injection in Ironic IPMI Console Implementations"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"description: \u003e"},{"line_number":8,"context_line":"  Dmitry Tantsur and Tuomo Tanskanen from the Metal3.io Security Team "},{"line_number":9,"context_line":"  reported a vulnerability in Ironic\u0027s IPMI console backends. A"},{"line_number":10,"context_line":"  project manager for the project marked as a ``node.owner`` can inject"},{"line_number":11,"context_line":"  arbitrary commands which a conductor executes on console activation."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"b1d65723_e9e2b4f5","line":8,"in_reply_to":"1cd40abb_211a007c","updated":"2026-04-27 16:50:40.000000000","message":"wtf, I deleted it?!","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"e5e8481c9752fe2fee9146b159e0360feba8572b","unresolved":false,"context_lines":[{"line_number":5,"context_line":"title: Command Injection in Ironic IPMI Console Implementations"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"description: \u003e"},{"line_number":8,"context_line":"  Dmitry Tantsur and Tuomo Tanskanen from the Metal3.io Security Team "},{"line_number":9,"context_line":"  reported a vulnerability in Ironic\u0027s IPMI console backends. A"},{"line_number":10,"context_line":"  project manager for the project marked as a ``node.owner`` can inject"},{"line_number":11,"context_line":"  arbitrary commands which a conductor executes on console activation."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"3d00e7bc_063f0ff6","line":8,"in_reply_to":"b1d65723_e9e2b4f5","updated":"2026-04-27 16:54:05.000000000","message":"Done","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"a7726dce43cceae706fd2dd81511c79ff74cc117","unresolved":false,"context_lines":[{"line_number":5,"context_line":"title: Command Injection in Ironic IPMI Console Implementations"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"description: \u003e"},{"line_number":8,"context_line":"  Dmitry Tantsur and Tuomo Tanskanen from the Metal3.io Security Team "},{"line_number":9,"context_line":"  reported a vulnerability in Ironic\u0027s IPMI console backends. A"},{"line_number":10,"context_line":"  project manager for the project marked as a ``node.owner`` can inject"},{"line_number":11,"context_line":"  arbitrary commands which a conductor executes on console activation."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"9db5133b_314588fc","line":8,"in_reply_to":"b1d65723_e9e2b4f5","updated":"2026-04-27 16:53:20.000000000","message":"haha, no worries. rendered fine.","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"9e1be626b953882d8230f8fc6ff9b9d2a1a473df","unresolved":true,"context_lines":[{"line_number":54,"context_line":"notes:"},{"line_number":55,"context_line":"  - A CVE request was filed with MITRE on 2026-04-27."},{"line_number":56,"context_line":"  - Patches for unmaintained branches are provided as a courtesy."},{"line_number":57,"context_line":"  - The ``ipmitool-shellinbox`` console interface is already scheduled"},{"line_number":58,"context_line":"    for removal from Ironic for lack of security support for shellinabox."},{"line_number":59,"context_line":"    Security sensitive operators are strongly encouraged to stop use of this"},{"line_number":60,"context_line":"    console interace immediately."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"ae4425ce_aa239284","line":57,"range":{"start_line":57,"start_character":19,"end_line":57,"end_character":29},"updated":"2026-04-27 16:40:51.000000000","message":"typo?\n\n\"ipmitool-shellinabox\"","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"fb6149422585897bc962d31cacfd9b3bda4cfdfb","unresolved":false,"context_lines":[{"line_number":54,"context_line":"notes:"},{"line_number":55,"context_line":"  - A CVE request was filed with MITRE on 2026-04-27."},{"line_number":56,"context_line":"  - Patches for unmaintained branches are provided as a courtesy."},{"line_number":57,"context_line":"  - The ``ipmitool-shellinbox`` console interface is already scheduled"},{"line_number":58,"context_line":"    for removal from Ironic for lack of security support for shellinabox."},{"line_number":59,"context_line":"    Security sensitive operators are strongly encouraged to stop use of this"},{"line_number":60,"context_line":"    console interace immediately."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"37e4de4e_4750fb00","line":57,"range":{"start_line":57,"start_character":19,"end_line":57,"end_character":29},"in_reply_to":"ae4425ce_aa239284","updated":"2026-04-27 16:50:40.000000000","message":"Done","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"44840aea60a4761eebbf5e3ba24063ed3dc97b84","unresolved":false,"context_lines":[{"line_number":54,"context_line":"notes:"},{"line_number":55,"context_line":"  - A CVE request was filed with MITRE on 2026-04-27."},{"line_number":56,"context_line":"  - Patches for unmaintained branches are provided as a courtesy."},{"line_number":57,"context_line":"  - The ``ipmitool-shellinbox`` console interface is already scheduled"},{"line_number":58,"context_line":"    for removal from Ironic for lack of security support for shellinabox."},{"line_number":59,"context_line":"    Security sensitive operators are strongly encouraged to stop use of this"},{"line_number":60,"context_line":"    console interace immediately."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"94de2910_1106ec69","line":57,"range":{"start_line":57,"start_character":19,"end_line":57,"end_character":29},"in_reply_to":"ae4425ce_aa239284","updated":"2026-04-27 16:49:48.000000000","message":"Done","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"9e1be626b953882d8230f8fc6ff9b9d2a1a473df","unresolved":true,"context_lines":[{"line_number":57,"context_line":"  - The ``ipmitool-shellinbox`` console interface is already scheduled"},{"line_number":58,"context_line":"    for removal from Ironic for lack of security support for shellinabox."},{"line_number":59,"context_line":"    Security sensitive operators are strongly encouraged to stop use of this"},{"line_number":60,"context_line":"    console interace immediately."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"17f018c6_7f49ab53","line":60,"range":{"start_line":60,"start_character":12,"end_line":60,"end_character":20},"updated":"2026-04-27 16:40:51.000000000","message":"typo: interface","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"fb6149422585897bc962d31cacfd9b3bda4cfdfb","unresolved":false,"context_lines":[{"line_number":57,"context_line":"  - The ``ipmitool-shellinbox`` console interface is already scheduled"},{"line_number":58,"context_line":"    for removal from Ironic for lack of security support for shellinabox."},{"line_number":59,"context_line":"    Security sensitive operators are strongly encouraged to stop use of this"},{"line_number":60,"context_line":"    console interace immediately."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"1c256c8e_60704bd5","line":60,"range":{"start_line":60,"start_character":12,"end_line":60,"end_character":20},"in_reply_to":"17f018c6_7f49ab53","updated":"2026-04-27 16:50:40.000000000","message":"Done","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"44840aea60a4761eebbf5e3ba24063ed3dc97b84","unresolved":false,"context_lines":[{"line_number":57,"context_line":"  - The ``ipmitool-shellinbox`` console interface is already scheduled"},{"line_number":58,"context_line":"    for removal from Ironic for lack of security support for shellinabox."},{"line_number":59,"context_line":"    Security sensitive operators are strongly encouraged to stop use of this"},{"line_number":60,"context_line":"    console interace immediately."}],"source_content_type":"text/x-yaml","patch_set":1,"id":"374ac96d_0b2f25d8","line":60,"range":{"start_line":60,"start_character":12,"end_line":60,"end_character":20},"in_reply_to":"17f018c6_7f49ab53","updated":"2026-04-27 16:49:48.000000000","message":"Done","commit_id":"849f20f2791aa7a7161de6b9640934d25ea4323e"}]}