| zigo | Hi. I'd like to upgrade openvswitch to upstream 3.1.4 to fix CVE-2023-3966 / #1063492 is it fine if I do that? | 11:44 |
|---|---|---|
| fungi | zigo: i expect it would work, though i don't know all that much about ovs. if they follow semver then it should be backward-compatible to what we've been testing with recently (3.1.2 according to the current constraints list) | 12:59 |
| fungi | i expect the only reason it's not got something more recent in openstack/requirements is that testing challenges have held back the blanket updates | 13:00 |
| fungi | you could try proposing a targeted constraints update for just ovs and see if testing passes | 13:01 |
| fungi | note that we've got a little over two weeks remaining for the requirements freeze for 2024.1/caracal, so it would be good to get it sorted out soon if possible | 13:03 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!