)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"081f9988ff178427ed8f1ccea1eca9534c461145","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"fef786b0_f4b336bd","updated":"2026-04-28 05:01:37.000000000","message":"While we wait on the horizon team to finalize the fix and backport, we could start reviewing this OSSA.","commit_id":"8ebeb0621a51651d35264d3ebbed8142666898dd"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d9eb3e6ad710b7d2e55d1bbf7f6c678b96c1782b","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"0add4f01_4d0c9235","updated":"2026-05-04 20:15:57.000000000","message":"Agree with the issues from Rosmaita. Let\u0027s fix them?","commit_id":"0f699c26ddddfbc34aad4c4ce6999c7a977079b1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"0f28c55c10430d2304bf0efb2f19478658b64f48","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"c0ef097d_92ecb686","updated":"2026-05-04 19:57:45.000000000","message":"Two nits noted inline; otherwise text reads well, hyperlinks work, and it renders well in HTML.","commit_id":"0f699c26ddddfbc34aad4c4ce6999c7a977079b1"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"35de295d6e2f661b4ae4df48846e2a7ed4cc8ee1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"b49aabef_d6e191a7","in_reply_to":"0add4f01_4d0c9235","updated":"2026-05-04 20:33:25.000000000","message":"Done","commit_id":"0f699c26ddddfbc34aad4c4ce6999c7a977079b1"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"35de295d6e2f661b4ae4df48846e2a7ed4cc8ee1","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"7923ebcc_fea35357","updated":"2026-05-04 20:33:25.000000000","message":"Thank you both, addressed the feedback in PS5","commit_id":"8e8f9a98b78a61f55d6b7dc425b395397b5548e6"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"de9f19984db7166a6aa3e3be189fecd4bf916991","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"c927c697_f5069c99","updated":"2026-05-04 20:44:12.000000000","message":"Revisions LGTM.","commit_id":"745ceb402a6afc8fa51badde91911c375d7b1341"}],"ossa/OSSA-2026-009.yaml":[{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"0f28c55c10430d2304bf0efb2f19478658b64f48","unresolved":true,"context_lines":[{"line_number":12,"context_line":"  request without a session cookie triggers a new persistent session"},{"line_number":13,"context_line":"  entry, an attacker can exhaust the session storage backend"},{"line_number":14,"context_line":"  (Memcached, Redis, or database) by sending repeated requests to"},{"line_number":15,"context_line":"  /auth/login/?next\u003dURL. When the backend reaches capacity, legitimate"},{"line_number":16,"context_line":"  sessions are evicted, logging out administrators and preventing them"},{"line_number":17,"context_line":"  from accessing the dashboard. This is a regression of CVE-2014-8124."},{"line_number":18,"context_line":"  Deployments running Horizon from the 2026.1 (Gazpacho) release"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"ff03f6ba_106bc584","line":15,"range":{"start_line":15,"start_character":2,"end_line":15,"end_character":23},"updated":"2026-05-04 19:57:45.000000000","message":"nit: you might want to put this in double-backticks so it will render in monospace in HTML.","commit_id":"0f699c26ddddfbc34aad4c4ce6999c7a977079b1"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"35de295d6e2f661b4ae4df48846e2a7ed4cc8ee1","unresolved":false,"context_lines":[{"line_number":12,"context_line":"  request without a session cookie triggers a new persistent session"},{"line_number":13,"context_line":"  entry, an attacker can exhaust the session storage backend"},{"line_number":14,"context_line":"  (Memcached, Redis, or database) by sending repeated requests to"},{"line_number":15,"context_line":"  /auth/login/?next\u003dURL. When the backend reaches capacity, legitimate"},{"line_number":16,"context_line":"  sessions are evicted, logging out administrators and preventing them"},{"line_number":17,"context_line":"  from accessing the dashboard. This is a regression of CVE-2014-8124."},{"line_number":18,"context_line":"  Deployments running Horizon from the 2026.1 (Gazpacho) release"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"5d26f652_712fc2e4","line":15,"range":{"start_line":15,"start_character":2,"end_line":15,"end_character":23},"in_reply_to":"ff03f6ba_106bc584","updated":"2026-05-04 20:33:25.000000000","message":"Done","commit_id":"0f699c26ddddfbc34aad4c4ce6999c7a977079b1"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"0f28c55c10430d2304bf0efb2f19478658b64f48","unresolved":true,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"affected-products:"},{"line_number":23,"context_line":"  - product: horizon"},{"line_number":24,"context_line":"    version: \u0027\u003e\u003d25.6.0 \u003c\u003d25.7.2\u0027"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"vulnerabilities:"},{"line_number":27,"context_line":"  - cve-id: CVE-2026-43002"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"f8bcaa5a_700d8b68","line":24,"range":{"start_line":24,"start_character":23,"end_line":24,"end_character":31},"updated":"2026-05-04 19:57:45.000000000","message":"nit: since 2019 we\u0027ve been using strictly less than for the upper bound, though I can\u0027t remember why exactly.  So if you want to continue that tradition, this would be \u003c25.7.3","commit_id":"0f699c26ddddfbc34aad4c4ce6999c7a977079b1"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"35de295d6e2f661b4ae4df48846e2a7ed4cc8ee1","unresolved":false,"context_lines":[{"line_number":21,"context_line":""},{"line_number":22,"context_line":"affected-products:"},{"line_number":23,"context_line":"  - product: horizon"},{"line_number":24,"context_line":"    version: \u0027\u003e\u003d25.6.0 \u003c\u003d25.7.2\u0027"},{"line_number":25,"context_line":""},{"line_number":26,"context_line":"vulnerabilities:"},{"line_number":27,"context_line":"  - cve-id: CVE-2026-43002"}],"source_content_type":"text/x-yaml","patch_set":3,"id":"7e6d7115_477f2407","line":24,"range":{"start_line":24,"start_character":23,"end_line":24,"end_character":31},"in_reply_to":"f8bcaa5a_700d8b68","updated":"2026-05-04 20:33:25.000000000","message":"Done","commit_id":"0f699c26ddddfbc34aad4c4ce6999c7a977079b1"}]}