)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":38907,"name":"Tim Shephard","display_name":"tshephard","email":"tshephard@gmail.com","username":"tshephard"},"change_message_id":"a219f1f72e2b2a7f41da2b68c1e580755bd39784","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"ac622b2a_b63a6ecb","updated":"2026-05-08 23:23:50.000000000","message":"@tburke@nvidia.com  Curious as to the status of this change.  These insecure pickles could enable lateral movement in the swift storage tier, correct?","commit_id":"eb667edd55640fe9a921b9ba144590046e8af811"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"0b3178b6cb5d7df73e8edbc048bc0d4d558c7a39","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":11,"id":"a296efc8_7e88939f","in_reply_to":"ac622b2a_b63a6ecb","updated":"2026-05-13 22:28:43.000000000","message":"Thanks for the nudge! Rebased to get this out of merge conflict; I\u0027ll see if I can get some eyes on it soon.\n\n\u003e These insecure pickles could enable lateral movement in the swift storage tier, correct?\n\nYeah, if one object-server gets compromised, the pickle payloads could allow the compromise to spread from server to server. Historically (for better or worse) we\u0027ve drawn our security boundaries assuming that all backend servers are \"safe\" -- it may be time for us to rethink that assumption.\n\nI\u0027ll start working on patches to shut down the old pickling path.","commit_id":"eb667edd55640fe9a921b9ba144590046e8af811"},{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"2152d6b9df2581a99389c88708db50db974d5872","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":13,"id":"3bb9cf29_a3d27c4f","updated":"2026-05-13 23:02:27.000000000","message":"Oh, this should probably also update [direct_client\u0027s `direct_get_suffix_hashes`](https://github.com/openstack/swift/blob/2.37.1/swift/common/direct_client.py#L590-L624) -- even if it\u0027s only really exercised by probe tests.","commit_id":"cdbbe1fd40be7e8c2b0070ebcf115a701cf6072f"}],"swift/obj/reconstructor.py":[{"author":{"_account_id":7233,"name":"Matthew Oliver","email":"matt@oliver.net.au","username":"mattoliverau"},"change_message_id":"7d48fde592e49a713d6975d5cce3ce0f8aa6943a","unresolved":true,"context_lines":[{"line_number":94,"context_line":"        }"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"def _sanitize_json_hashes_dict(d):"},{"line_number":98,"context_line":"    # json.loads doesn\u0027t allow non str keys, we expect a None key"},{"line_number":99,"context_line":"    # which when loaded from json comes out as \u0027null\u0027 so we sanitize this"},{"line_number":100,"context_line":"    # by turning it back into None"}],"source_content_type":"text/x-python","patch_set":7,"id":"006973d3_085d8bee","line":97,"updated":"2021-02-23 01:36:43.000000000","message":"yeah a module level makes sense, seeing as it can be static.","commit_id":"cce4d2752c7dfe0e75d8c0bcc5df740d5c2602de"}],"swift/obj/replicator.py":[{"author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"tag":"autogenerated:zuul:check","change_message_id":"cf92328d77668f7dde5395045139565206002161","unresolved":false,"context_lines":[{"line_number":673,"context_line":"                                                   node[\u0027device\u0027]))"},{"line_number":674,"context_line":"                            continue"},{"line_number":675,"context_line":"                        resp_body \u003d resp.read()"},{"line_number":676,"context_line":"                        if resp.headers.get(\u0027Content-Type\u0027) \u003d\u003d \u0027application/json\u0027:"},{"line_number":677,"context_line":"                            remote_hash \u003d json.loads(resp_body)"},{"line_number":678,"context_line":"                        else:"},{"line_number":679,"context_line":"                            remote_hash \u003d pickle.loads(resp_body)"}],"source_content_type":"text/x-python","patch_set":1,"id":"5f681702_f2cec181","line":676,"updated":"2020-10-17 06:17:43.000000000","message":"pep8: E501 line too long (82 \u003e 79 characters)","commit_id":"760fd8468b4f609c825ad065048def49e63cb8db"}]}
