)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"00909aad9eb61b1e4d0839f8b80da251149315be","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"f329a6ed_446e4818","updated":"2026-05-07 15:26:28.000000000","message":"with my laymans reading of this it all appares to be correct to me\none of the bug links was still private but that has been fixed now so i think this is ok to proceed assuming it meets all the vmt expections","commit_id":"0d82b0c6e7b31f217cc3c7c558b20889ae655d33"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"bc6ffce5cf265d1d2c0d74533e62950bbb31879e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"ab74dd17_f8d82b6c","updated":"2026-05-07 16:29:25.000000000","message":"Text reads well, renders correctly in HTML, and the links are working.","commit_id":"177ddb6683be8b0a58866f96a7c191affcfe2f08"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"1e8336fc7e6062c4671b507564df5e8687723814","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"6ed037a3_d1169468","updated":"2026-05-07 17:17:29.000000000","message":"Apologies for the churn here; thanks for the guidance on how to construct the affected version string.","commit_id":"627f1f4fe4290a0cbaaf35913d2813adfe735b7f"},{"author":{"_account_id":5314,"name":"Brian Rosmaita","email":"rosmaita.fossdev@gmail.com","username":"brian-rosmaita"},"change_message_id":"00452c16122e4ac7364f266134fdaa2a39b93c49","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"6a09da4f_b5042e1e","updated":"2026-05-07 17:46:41.000000000","message":"Revision LGTM.","commit_id":"627f1f4fe4290a0cbaaf35913d2813adfe735b7f"}],"ossa/OSSA-2026-011.yaml":[{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"235dab3d4b7d1ccc6abd2ff700b89971112eab0a","unresolved":true,"context_lines":[{"line_number":18,"context_line":""},{"line_number":19,"context_line":"affected-products:"},{"line_number":20,"context_line":"  - product: cyborg"},{"line_number":21,"context_line":"    version: \u0027\u003e\u003d3.0.0, \u003c15.0.1\u0027"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"vulnerabilities:"},{"line_number":24,"context_line":"  - cve-id: CVE-2026-40213"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"7d6875ae_1625fd19","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":31},"updated":"2026-05-07 16:47:49.000000000","message":"This part of the OSSA drafting still confuses me. \n\nFor Cyborg, in the actively maintained branches:\n\n- 2025.1/epoxy \u003d 14.0.0\n- 2025.2/flamingo \u003d 15.0.0\n- 2026.1/gazpacho \u003d 16.0.0\n- 2026.2/hibiscus \u003d master (not yet released)\n\nSo would this be how we\u0027d write this:\n\n```  \n \u0027\u003e\u003d3.0.0, \u003c14.0.1, \u003e\u003d15.0.0, \u003c15.0.1, \u003e\u003d16.0.0, \u003c16.0.1\u0027\n```","commit_id":"177ddb6683be8b0a58866f96a7c191affcfe2f08"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"1c773a73f0145084d765e5bc23c278d73b821c5c","unresolved":true,"context_lines":[{"line_number":18,"context_line":""},{"line_number":19,"context_line":"affected-products:"},{"line_number":20,"context_line":"  - product: cyborg"},{"line_number":21,"context_line":"    version: \u0027\u003e\u003d3.0.0, \u003c15.0.1\u0027"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"vulnerabilities:"},{"line_number":24,"context_line":"  - cve-id: CVE-2026-40213"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"80a0987a_5a90ac65","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":31},"in_reply_to":"0a588149_61f3f3b2","updated":"2026-05-07 17:14:11.000000000","message":"Ack; i think this makes sense to me. thank you for explaining. I\u0027ll update this.","commit_id":"177ddb6683be8b0a58866f96a7c191affcfe2f08"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"b7c32002d4e67809d865e9eb502f5ed80a741a11","unresolved":true,"context_lines":[{"line_number":18,"context_line":""},{"line_number":19,"context_line":"affected-products:"},{"line_number":20,"context_line":"  - product: cyborg"},{"line_number":21,"context_line":"    version: \u0027\u003e\u003d3.0.0, \u003c15.0.1\u0027"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"vulnerabilities:"},{"line_number":24,"context_line":"  - cve-id: CVE-2026-40213"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"854cb5c3_dfe679e4","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":31},"in_reply_to":"7d6875ae_1625fd19","updated":"2026-05-07 17:09:14.000000000","message":"I should note \"15.0.1\" comes because 16.0.0 didn\u0027t exist when we began working on this bug..","commit_id":"177ddb6683be8b0a58866f96a7c191affcfe2f08"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"6575b15558c96699ed9df9e243dc30406f50ea7d","unresolved":true,"context_lines":[{"line_number":18,"context_line":""},{"line_number":19,"context_line":"affected-products:"},{"line_number":20,"context_line":"  - product: cyborg"},{"line_number":21,"context_line":"    version: \u0027\u003e\u003d3.0.0, \u003c15.0.1\u0027"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"vulnerabilities:"},{"line_number":24,"context_line":"  - cve-id: CVE-2026-40213"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"0a588149_61f3f3b2","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":31},"in_reply_to":"7d6875ae_1625fd19","updated":"2026-05-07 17:12:27.000000000","message":"Think about the version numbers that will exist post-release, and how to ensure they aren\u0027t considered \"impacted\". This is why we do tuples of (max, min) in the list, e.g.:\n\n\u0027\u003e\u003d3.0.0 \u003c14.0.1, \u003e\u003d15.0.0 \u003c15.0.1, \u003e\u003d16.0.0 \u003c16.0.1\u0027\n\n(note the comma placement: both the \u003e and the \u003c have to be combined to make a full statement)\n\nSo let\u0027s evaluate:\n14.0.0 is vulnerable, and matches the string. 14.0.1 will not be vuln and does not match.\n15.0.0 / 15.0.1 same\n16.0.0 / 16.0.1 same\n\nSo I think my proposed is the right statement.","commit_id":"177ddb6683be8b0a58866f96a7c191affcfe2f08"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"1e8336fc7e6062c4671b507564df5e8687723814","unresolved":false,"context_lines":[{"line_number":18,"context_line":""},{"line_number":19,"context_line":"affected-products:"},{"line_number":20,"context_line":"  - product: cyborg"},{"line_number":21,"context_line":"    version: \u0027\u003e\u003d3.0.0, \u003c15.0.1\u0027"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"vulnerabilities:"},{"line_number":24,"context_line":"  - cve-id: CVE-2026-40213"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"316d585b_267e8169","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":31},"in_reply_to":"80a0987a_5a90ac65","updated":"2026-05-07 17:17:29.000000000","message":"Done. Thanks again @jay@jvf.cc","commit_id":"177ddb6683be8b0a58866f96a7c191affcfe2f08"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"b4de8f41e7afa7b6af926c6520e2cda9a9c0868f","unresolved":true,"context_lines":[{"line_number":18,"context_line":""},{"line_number":19,"context_line":"affected-products:"},{"line_number":20,"context_line":"  - product: cyborg"},{"line_number":21,"context_line":"    version: \u0027\u003e\u003d3.0.0, \u003c15.0.1\u0027"},{"line_number":22,"context_line":""},{"line_number":23,"context_line":"vulnerabilities:"},{"line_number":24,"context_line":"  - cve-id: CVE-2026-40213"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"f0b45257_d4f6cfc9","line":21,"range":{"start_line":21,"start_character":0,"end_line":21,"end_character":31},"in_reply_to":"80a0987a_5a90ac65","updated":"2026-05-07 17:19:42.000000000","message":"i guess the upper bound the .1 in each case is the next release\n\nim hopign to do a release next week once all the mitigation are merged so i think that makes sense and aligns to \n\nhttps://github.com/openstack/releases/blob/master/deliverables/gazpacho/cyborg.yaml","commit_id":"177ddb6683be8b0a58866f96a7c191affcfe2f08"}]}