)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"cc076ddabbc2ae97d4d9600d6039c5be4e9596ea","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"0ea523e3_c9c07539","updated":"2026-06-03 15:16:14.000000000","message":"self-merge, we are 16 minutes already on announcement","commit_id":"688a44d968e1e53846cd27e463bc6b2b815ccda4"}],"ossa/OSSA-2026-018.yaml":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"4e034f456a053e5e10853e4f074b82b9de65323c","unresolved":true,"context_lines":[{"line_number":14,"context_line":"  exploited to perform path traversal and overwrite files on the target disk"},{"line_number":15,"context_line":"  during deployment."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"  Any Ironic user who has access to deploy nodes using a virtual media-based"},{"line_number":18,"context_line":"  boot interface or the anaconda deploy interface can exploit this issue."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"affected-products:"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"2b0300b2_04b4334f","line":17,"range":{"start_line":17,"start_character":49,"end_line":17,"end_character":76},"updated":"2026-06-03 15:09:53.000000000","message":"configuration drive patching is another vector if a user submits a configuration drive with invalid content and we attempt to rebuild it from the VIF records. In other words, any user who has deploy access could leverage this issue regardless of the deployment interface if their Ironic is new enough.","commit_id":"10120023e1fef4c03294e6af5ec8cc6abe9fea29"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"8720e434f72b15c037466f7c19932ed307d92b63","unresolved":false,"context_lines":[{"line_number":14,"context_line":"  exploited to perform path traversal and overwrite files on the target disk"},{"line_number":15,"context_line":"  during deployment."},{"line_number":16,"context_line":""},{"line_number":17,"context_line":"  Any Ironic user who has access to deploy nodes using a virtual media-based"},{"line_number":18,"context_line":"  boot interface or the anaconda deploy interface can exploit this issue."},{"line_number":19,"context_line":""},{"line_number":20,"context_line":"affected-products:"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"68468eaa_96d6706a","line":17,"range":{"start_line":17,"start_character":49,"end_line":17,"end_character":76},"in_reply_to":"2b0300b2_04b4334f","updated":"2026-06-03 15:12:23.000000000","message":"Done","commit_id":"10120023e1fef4c03294e6af5ec8cc6abe9fea29"}],"ossa/OSSA-2026-019.yaml":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"f3a80852fdc898254b2a5a7ddccecc8cd8579c54","unresolved":true,"context_lines":[{"line_number":13,"context_line":"  then place this \"template file\" into a TFTP or HTTP server for netbooting,"},{"line_number":14,"context_line":"  where it can be fetched by anything with network access to the conductor."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"  Ironic has removed this feature from our master (Hibiscus) branch and"},{"line_number":17,"context_line":"  has provided patches to disallow use of this feature in supported releases."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"affected-products:"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"61c3fad1_b4a58727","line":16,"range":{"start_line":16,"start_character":2,"end_line":16,"end_character":71},"updated":"2026-06-03 15:10:23.000000000","message":"We haven\u0027t actually posted the removal patch yet.","commit_id":"10120023e1fef4c03294e6af5ec8cc6abe9fea29"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"8720e434f72b15c037466f7c19932ed307d92b63","unresolved":false,"context_lines":[{"line_number":13,"context_line":"  then place this \"template file\" into a TFTP or HTTP server for netbooting,"},{"line_number":14,"context_line":"  where it can be fetched by anything with network access to the conductor."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"  Ironic has removed this feature from our master (Hibiscus) branch and"},{"line_number":17,"context_line":"  has provided patches to disallow use of this feature in supported releases."},{"line_number":18,"context_line":""},{"line_number":19,"context_line":"affected-products:"}],"source_content_type":"text/x-yaml","patch_set":2,"id":"22432fb9_9a77b096","line":16,"range":{"start_line":16,"start_character":2,"end_line":16,"end_character":71},"in_reply_to":"61c3fad1_b4a58727","updated":"2026-06-03 15:12:23.000000000","message":"Done","commit_id":"10120023e1fef4c03294e6af5ec8cc6abe9fea29"}]}