CVE-2020-1699 (https://nvd.nist.gov/vuln/detail/CVE-2020-1699): improper URL checking leads to information disclosure
PR (patches): https://github.com/ceph/ceph/pull/30445 Earliest upstream release fixed: 15.1.0
15.1.0 is an alpha release, we cannot pull that in. We should wait for a backport in to the 14.2 series.
(In reply to Patrick McLean from comment #2) > 15.1.0 is an alpha release, we cannot pull that in. > > We should wait for a backport in to the 14.2 series. Sorry for the confusion, there is a backport to Nautilus which I believe is the stable series 14.2.x: https://github.com/ceph/ceph/pull/31413 It is included in 14.2.5 (https://tracker.ceph.com/issues/41980).
14.2.5 Not in tree. 14.2.7 is current stable version. GLSA Vote: No Thank you all for you work. Closing as [noglsa].