)]}'
{"security-notes/OSSN-0100":[{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"52e82407b71680728c57d387d6889d1204fa3905","unresolved":true,"context_lines":[{"line_number":41,"context_line":"Apply the provided Ironic and Ironic-Python-Agent patches."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Evaluate your use cases; flip ``CONF.agent.enable_bios_bootloader_install``"},{"line_number":44,"context_line":"to ``False`` once confirming you are not using any partition images relying on"},{"line_number":45,"context_line":"a bootloader installation."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"#### Patches ####"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"151a434b_7687b34b","line":44,"updated":"2026-06-16 19:42:08.000000000","message":"Be specific: flip it to false /in the conductor/ once the patches are applied (the Ironic patches only exist for IPA configurating anyway)","commit_id":"0ba8e0241d44b130cd7c5c685306064f1001e2d0"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"95030fd7ca73233212dc1b8b6de216fa0890c641","unresolved":false,"context_lines":[{"line_number":41,"context_line":"Apply the provided Ironic and Ironic-Python-Agent patches."},{"line_number":42,"context_line":""},{"line_number":43,"context_line":"Evaluate your use cases; flip ``CONF.agent.enable_bios_bootloader_install``"},{"line_number":44,"context_line":"to ``False`` once confirming you are not using any partition images relying on"},{"line_number":45,"context_line":"a bootloader installation."},{"line_number":46,"context_line":""},{"line_number":47,"context_line":"#### Patches ####"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"965b35af_ce8dbb8e","line":44,"in_reply_to":"151a434b_7687b34b","updated":"2026-06-16 20:23:47.000000000","message":"Done","commit_id":"0ba8e0241d44b130cd7c5c685306064f1001e2d0"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"d2c13587521426995a2aeb0e610750a32f99f602","unresolved":true,"context_lines":[{"line_number":50,"context_line":"##### Ironic #####"},{"line_number":51,"context_line":"2026.2/hibiscus (development): https://review.opendev.org/c/openstack/ironic/+/990724"},{"line_number":52,"context_line":"2026.1/gazpacho: https://review.opendev.org/c/openstack/ironic/+/991179"},{"line_number":53,"context_line":"2025.2/flamingo:"},{"line_number":54,"context_line":"2025.1/epoxy:"},{"line_number":55,"context_line":"2024.1/caracal (unmaintained):"},{"line_number":56,"context_line":"2023.1/antelope (unmaintained):"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"e94ff1cb_3553d600","line":53,"updated":"2026-06-16 19:41:18.000000000","message":"need backports","commit_id":"0ba8e0241d44b130cd7c5c685306064f1001e2d0"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"937fdc3e00f985de4bd9347b87df0033669f17f4","unresolved":false,"context_lines":[{"line_number":50,"context_line":"##### Ironic #####"},{"line_number":51,"context_line":"2026.2/hibiscus (development): https://review.opendev.org/c/openstack/ironic/+/990724"},{"line_number":52,"context_line":"2026.1/gazpacho: https://review.opendev.org/c/openstack/ironic/+/991179"},{"line_number":53,"context_line":"2025.2/flamingo:"},{"line_number":54,"context_line":"2025.1/epoxy:"},{"line_number":55,"context_line":"2024.1/caracal (unmaintained):"},{"line_number":56,"context_line":"2023.1/antelope (unmaintained):"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"28993285_4b1bfa79","line":53,"in_reply_to":"e94ff1cb_3553d600","updated":"2026-06-16 20:32:39.000000000","message":"Done","commit_id":"0ba8e0241d44b130cd7c5c685306064f1001e2d0"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"24ed2f727bc3b7099e59222d3cd081ccd4699839","unresolved":false,"context_lines":[{"line_number":50,"context_line":"##### Ironic #####"},{"line_number":51,"context_line":"2026.2/hibiscus (development): https://review.opendev.org/c/openstack/ironic/+/990724"},{"line_number":52,"context_line":"2026.1/gazpacho: https://review.opendev.org/c/openstack/ironic/+/991179"},{"line_number":53,"context_line":"2025.2/flamingo:"},{"line_number":54,"context_line":"2025.1/epoxy:"},{"line_number":55,"context_line":"2024.1/caracal (unmaintained):"},{"line_number":56,"context_line":"2023.1/antelope (unmaintained):"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"d9fe7c7b_cb5b78bb","line":53,"in_reply_to":"e94ff1cb_3553d600","updated":"2026-06-16 20:36:24.000000000","message":"Done","commit_id":"0ba8e0241d44b130cd7c5c685306064f1001e2d0"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"174d883b7ecb16f12928ecda6d50ff51d2866dd4","unresolved":true,"context_lines":[{"line_number":16,"context_line":"IPA holds only an outdated agent_token and a heavily redacted node object."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Whole disk images are not affected and partition images that include their"},{"line_number":19,"context_line":"own EFI boot artifacts at /boot and /efi are not also affected as Ironic"},{"line_number":20,"context_line":"copies them without executing grub-install."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"### Affected Services / Software ###"}],"source_content_type":"application/octet-stream","patch_set":2,"id":"0d73af86_98bd8558","line":19,"range":{"start_line":19,"start_character":45,"end_line":19,"end_character":62},"updated":"2026-06-16 20:32:29.000000000","message":"nit: \"not affected as well since\"?\n\nor, \n\n\"also not affected\"","commit_id":"d95e8707cc28fe6f77e4a19271877c046378f690"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"a027e0a64f59df51d5e3d0d17f67790be2823c8e","unresolved":false,"context_lines":[{"line_number":16,"context_line":"IPA holds only an outdated agent_token and a heavily redacted node object."},{"line_number":17,"context_line":""},{"line_number":18,"context_line":"Whole disk images are not affected and partition images that include their"},{"line_number":19,"context_line":"own EFI boot artifacts at /boot and /efi are not also affected as Ironic"},{"line_number":20,"context_line":"copies them without executing grub-install."},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"### Affected Services / Software ###"}],"source_content_type":"application/octet-stream","patch_set":2,"id":"417c64d2_f64d811e","line":19,"range":{"start_line":19,"start_character":45,"end_line":19,"end_character":62},"in_reply_to":"0d73af86_98bd8558","updated":"2026-06-16 20:35:08.000000000","message":"Done","commit_id":"d95e8707cc28fe6f77e4a19271877c046378f690"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"174d883b7ecb16f12928ecda6d50ff51d2866dd4","unresolved":true,"context_lines":[{"line_number":32,"context_line":"to avoid breaking existing installations."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"The vulnerable code path has existed for the entirety of the history of Ironic"},{"line_number":35,"context_line":"Python Agent, however, there are safeguards in place to preent escalation of"},{"line_number":36,"context_line":"privledges from the provisioning network. Additionally, prior to Ironic"},{"line_number":37,"context_line":"17.0.0, only cloud administrators could supply images for deployment, limiting"},{"line_number":38,"context_line":"the impact of this issue."}],"source_content_type":"application/octet-stream","patch_set":2,"id":"4296c964_9c94718b","line":35,"updated":"2026-06-16 20:32:29.000000000","message":"prevent","commit_id":"d95e8707cc28fe6f77e4a19271877c046378f690"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"a027e0a64f59df51d5e3d0d17f67790be2823c8e","unresolved":false,"context_lines":[{"line_number":32,"context_line":"to avoid breaking existing installations."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"The vulnerable code path has existed for the entirety of the history of Ironic"},{"line_number":35,"context_line":"Python Agent, however, there are safeguards in place to preent escalation of"},{"line_number":36,"context_line":"privledges from the provisioning network. Additionally, prior to Ironic"},{"line_number":37,"context_line":"17.0.0, only cloud administrators could supply images for deployment, limiting"},{"line_number":38,"context_line":"the impact of this issue."}],"source_content_type":"application/octet-stream","patch_set":2,"id":"f745de81_93770090","line":35,"in_reply_to":"4296c964_9c94718b","updated":"2026-06-16 20:35:08.000000000","message":"Done","commit_id":"d95e8707cc28fe6f77e4a19271877c046378f690"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"174d883b7ecb16f12928ecda6d50ff51d2866dd4","unresolved":true,"context_lines":[{"line_number":33,"context_line":""},{"line_number":34,"context_line":"The vulnerable code path has existed for the entirety of the history of Ironic"},{"line_number":35,"context_line":"Python Agent, however, there are safeguards in place to preent escalation of"},{"line_number":36,"context_line":"privledges from the provisioning network. Additionally, prior to Ironic"},{"line_number":37,"context_line":"17.0.0, only cloud administrators could supply images for deployment, limiting"},{"line_number":38,"context_line":"the impact of this issue."},{"line_number":39,"context_line":""}],"source_content_type":"application/octet-stream","patch_set":2,"id":"42f1e511_de6eb4f9","line":36,"range":{"start_line":36,"start_character":0,"end_line":36,"end_character":10},"updated":"2026-06-16 20:32:29.000000000","message":"typo","commit_id":"d95e8707cc28fe6f77e4a19271877c046378f690"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"a027e0a64f59df51d5e3d0d17f67790be2823c8e","unresolved":false,"context_lines":[{"line_number":33,"context_line":""},{"line_number":34,"context_line":"The vulnerable code path has existed for the entirety of the history of Ironic"},{"line_number":35,"context_line":"Python Agent, however, there are safeguards in place to preent escalation of"},{"line_number":36,"context_line":"privledges from the provisioning network. Additionally, prior to Ironic"},{"line_number":37,"context_line":"17.0.0, only cloud administrators could supply images for deployment, limiting"},{"line_number":38,"context_line":"the impact of this issue."},{"line_number":39,"context_line":""}],"source_content_type":"application/octet-stream","patch_set":2,"id":"dfa7bb83_6efd2d10","line":36,"range":{"start_line":36,"start_character":0,"end_line":36,"end_character":10},"in_reply_to":"42f1e511_de6eb4f9","updated":"2026-06-16 20:35:08.000000000","message":"Done","commit_id":"d95e8707cc28fe6f77e4a19271877c046378f690"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"174d883b7ecb16f12928ecda6d50ff51d2866dd4","unresolved":true,"context_lines":[{"line_number":62,"context_line":"2026.2/hibiscus (development): https://review.opendev.org/c/openstack/ironic-python-agent/+/987391"},{"line_number":63,"context_line":"2026.1/gazpacho: https://review.opendev.org/c/openstack/ironic-python-agent/+/993016"},{"line_number":64,"context_line":"2025.2/flamingo: https://review.opendev.org/c/openstack/ironic-python-agent/+/993020"},{"line_number":65,"context_line":"2025.1/epoxy: https://review.opendev.org/c/openstack/ironic-python-agent/+/993024"},{"line_number":66,"context_line":"2024.1/caracal (unmaintained): https://review.opendev.org/c/openstack/ironic-python-agent/+/993025"},{"line_number":67,"context_line":"2023.1/antelope (unmaintained): https://review.opendev.org/c/openstack/ironic-python-agent/+/993025"},{"line_number":68,"context_line":"bugfix/11.3: https://review.opendev.org/c/openstack/ironic-python-agent/+/993464"},{"line_number":69,"context_line":"bugfix/11.4: https://review.opendev.org/c/openstack/ironic-python-agent/+/993463"},{"line_number":70,"context_line":"bugfix/11.6: IPA 11.6.0 is not vulnerable."}],"source_content_type":"application/octet-stream","patch_set":2,"id":"d8013862_7be4d0e5","line":67,"range":{"start_line":65,"start_character":81,"end_line":67,"end_character":99},"updated":"2026-06-16 20:32:29.000000000","message":"duplicate links","commit_id":"d95e8707cc28fe6f77e4a19271877c046378f690"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"a027e0a64f59df51d5e3d0d17f67790be2823c8e","unresolved":false,"context_lines":[{"line_number":62,"context_line":"2026.2/hibiscus (development): https://review.opendev.org/c/openstack/ironic-python-agent/+/987391"},{"line_number":63,"context_line":"2026.1/gazpacho: https://review.opendev.org/c/openstack/ironic-python-agent/+/993016"},{"line_number":64,"context_line":"2025.2/flamingo: https://review.opendev.org/c/openstack/ironic-python-agent/+/993020"},{"line_number":65,"context_line":"2025.1/epoxy: https://review.opendev.org/c/openstack/ironic-python-agent/+/993024"},{"line_number":66,"context_line":"2024.1/caracal (unmaintained): https://review.opendev.org/c/openstack/ironic-python-agent/+/993025"},{"line_number":67,"context_line":"2023.1/antelope (unmaintained): https://review.opendev.org/c/openstack/ironic-python-agent/+/993025"},{"line_number":68,"context_line":"bugfix/11.3: https://review.opendev.org/c/openstack/ironic-python-agent/+/993464"},{"line_number":69,"context_line":"bugfix/11.4: https://review.opendev.org/c/openstack/ironic-python-agent/+/993463"},{"line_number":70,"context_line":"bugfix/11.6: IPA 11.6.0 is not vulnerable."}],"source_content_type":"application/octet-stream","patch_set":2,"id":"b0442b17_de9c0100","line":67,"range":{"start_line":65,"start_character":81,"end_line":67,"end_character":99},"in_reply_to":"d8013862_7be4d0e5","updated":"2026-06-16 20:35:08.000000000","message":"Done","commit_id":"d95e8707cc28fe6f77e4a19271877c046378f690"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"2a291f7985a4c191991fa1ce4542f0166b2aa53b","unresolved":true,"context_lines":[{"line_number":32,"context_line":"to avoid breaking existing installations."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"The vulnerable code path has existed for the entirety of the history of Ironic"},{"line_number":35,"context_line":"Python Agent, however, there are safeguards in place to preent escalation of"},{"line_number":36,"context_line":"privledges from the provisioning network. Additionally, prior to Ironic"},{"line_number":37,"context_line":"17.0.0, only cloud administrators could supply images for deployment, limiting"},{"line_number":38,"context_line":"the impact of this issue."}],"source_content_type":"application/octet-stream","patch_set":3,"id":"9287502c_d03206d0","line":35,"updated":"2026-06-16 20:33:11.000000000","message":"prevent","commit_id":"ffba8f9d842d742fb0ddd75735597a0b3ee23a14"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"9d7f5b9333662b305a83bf7989058ab2156b1c5c","unresolved":false,"context_lines":[{"line_number":32,"context_line":"to avoid breaking existing installations."},{"line_number":33,"context_line":""},{"line_number":34,"context_line":"The vulnerable code path has existed for the entirety of the history of Ironic"},{"line_number":35,"context_line":"Python Agent, however, there are safeguards in place to preent escalation of"},{"line_number":36,"context_line":"privledges from the provisioning network. Additionally, prior to Ironic"},{"line_number":37,"context_line":"17.0.0, only cloud administrators could supply images for deployment, limiting"},{"line_number":38,"context_line":"the impact of this issue."}],"source_content_type":"application/octet-stream","patch_set":3,"id":"5696c34a_a9336d71","line":35,"in_reply_to":"9287502c_d03206d0","updated":"2026-06-16 20:33:57.000000000","message":"Done","commit_id":"ffba8f9d842d742fb0ddd75735597a0b3ee23a14"}]}