Author: Zuul
Author Date: 2026-06-03 14:03:32 UTC

Merge "pci: add OWNER_CYBORG constant and fix trait"

Author: sean mooney
Author Date: 2026-04-26 18:25:29 UTC

Require service token for bound ARQ operations

Users should not be able to directly delete or unbind ARQs
that are bound to instances. Only Nova, identified by a
valid service token, should perform these operations as
part of instance lifecycle.

Add is_service_request() check (following Cinder's
OSSA-2023-003 pattern) hardcoded in the API layer so it
cannot be bypassed via policy overrides. Unbound ARQs can
still be deleted by their owner without a service token.

Requires Nova [service_user] send_service_user_token=true
and Cyborg [keystone_authtoken]
service_token_roles_required=true.

CVE-2026-40214

Closes-Bug: #2144056
Generated-By: Cursor claude-opus-4.6
Signed-off-by: Sean Mooney <work@seanmooney.info>
Change-Id: I7ee74b61de044845756443fe7e2dc806b7a14f86
(cherry picked from commit 9e38e24905ae705c22fdbb66ba21464b4f397d6d)
(cherry picked from commit b8edfa06f10af19ec1d02c0ebf8e7e91b7be4817)
(cherry picked from commit 5c7bde4256b0e6fe4ba94fb5ba42a1c9116821af)

Author: sean mooney
Author Date: 2026-04-26 18:22:38 UTC

Require service token for bound ARQ operations

Users should not be able to directly delete or unbind ARQs
that are bound to instances. Only Nova, identified by a
valid service token, should perform these operations as
part of instance lifecycle.

Add is_service_request() check (following Cinder's
OSSA-2023-003 pattern) hardcoded in the API layer so it
cannot be bypassed via policy overrides. Unbound ARQs can
still be deleted by their owner without a service token.

Requires Nova [service_user] send_service_user_token=true
and Cyborg [keystone_authtoken]
service_token_roles_required=true.

CVE-2026-40214

Closes-Bug: #2144056
Generated-By: Cursor claude-opus-4.6
Signed-off-by: Sean Mooney <work@seanmooney.info>
Change-Id: I7ee74b61de044845756443fe7e2dc806b7a14f86
(cherry picked from commit 9e38e24905ae705c22fdbb66ba21464b4f397d6d)
(cherry picked from commit b8edfa06f10af19ec1d02c0ebf8e7e91b7be4817)

Author: sean mooney
Author Date: 2026-04-26 18:20:40 UTC

Require service token for bound ARQ operations

Users should not be able to directly delete or unbind ARQs
that are bound to instances. Only Nova, identified by a
valid service token, should perform these operations as
part of instance lifecycle.

Add is_service_request() check (following Cinder's
OSSA-2023-003 pattern) hardcoded in the API layer so it
cannot be bypassed via policy overrides. Unbound ARQs can
still be deleted by their owner without a service token.

Requires Nova [service_user] send_service_user_token=true
and Cyborg [keystone_authtoken]
service_token_roles_required=true.

CVE-2026-40214

Closes-Bug: #2144056
Generated-By: Cursor claude-opus-4.6
Signed-off-by: Sean Mooney <work@seanmooney.info>
Change-Id: I7ee74b61de044845756443fe7e2dc806b7a14f86
(cherry picked from commit 9e38e24905ae705c22fdbb66ba21464b4f397d6d)

Author: OpenStack Release Bot
Author Date: 2025-10-31 11:54:05 UTC

Update TOX_CONSTRAINTS_FILE for unmaintained/2024.1

Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.

Until the requirements repository has as unmaintained/2024.1 branch, tests will
continue to use the upper-constraints list on master.

Change-Id: Ia69e47e66a46b9b6047d82ae73acf912629ca17a
Signed-off-by: OpenStack Release Bot <infra-root@openstack.org>
Generated-By: openstack/project-config:roles/copy-release-tools-scripts/files/release-tools/functions

Author: OpenStack Release Bot
Author Date: 2024-11-12 16:59:08 UTC

Update .gitreview for unmaintained/2023.1

Change-Id: Ida3fe2b8560af3a2f67d898bc11161ec123356d9

Author: OpenStack Release Bot
Author Date: 2024-04-26 18:21:54 UTC

Update .gitreview for unmaintained/zed

Change-Id: I2cef21ebd3901de00a67a54979ea6486278b75cb

Author: Sundar Nadathur
Author Date: 2019-07-10 08:08:29 UTC

Merge remote-tracking branch 'origin/master' into merge-branch

Change-Id: Iac9a3845840950c59deac0967cb17231969cddca

Author: OpenDev Sysadmins
Author Date: 2019-04-19 19:39:22 UTC

OpenDev Migration Patch

This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.

Author: OpenDev Sysadmins
Author Date: 2019-04-19 19:39:22 UTC

OpenDev Migration Patch

This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.