
The built-in xml module has some vulnerabilities to several known XML attacks. While the chances of this are limited with the way it is being used by some of the volume drivers, it is still a security risk that has been identified and has a mostly painless way to be mitigated with the defusedxml package [1]. There are still some drivers performing XML parsing that are not covered by this patch. They need closer analysis to see how to best switch to the defusedxml equivalents. This patch covers the instances where it was a mostly drop in and replace from the native xml functionality to the defusedxml alternatives. [1] https://github.com/tiran/defusedxml/blob/master/README.md Change-Id: I083fc23eab6f712264919a250c6fb57cc0f6a11b Partial-bug: #1732155
Team and repository tags
CINDER
You have come across a storage service for an open cloud computing service. It has identified itself as Cinder. It was abstracted from the Nova project.
- Wiki: https://wiki.openstack.org/Cinder
- Developer docs: https://docs.openstack.org/cinder/latest/
Getting Started
If you'd like to run from the master branch, you can clone the git repo:
For developer information please see HACKING.rst
You can raise bugs here https://bugs.launchpad.net/cinder
Python client
https://git.openstack.org/cgit/openstack/python-cinderclient
Description
Languages
Python
99.7%
Smarty
0.3%