Victoria Series Release Notes¶
4.0.0¶
Security Issues¶
Uses
json.loads
instead ofeval()
for JSON parsing, which could allow users of the Blazar dashboard to trigger code execution on the Horizon host as the user the Horizon service runs under.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.