Debian Patches

Status for mistral/20.0.0-2+deb13u1

Patch Description Author Forwarded Bugs Origin Last update
install-missing-files.patch Install missing files Thomas Goirand <zigo@debian.org> not-needed 2018-02-25
cve-2026-41283-stable-2025.1.patch [PATCH 1/8] Restrict publicize policies to admin only
The publicize policy for workflows, actions, and event triggers
was using admin_or_owner which allowed any project member to make
resources public. This changes all publicize policies to admin_only.

Also adds missing publicize enforcement on event triggers (update),
and introduces a consistent event_triggers:publicize policy replacing
the former event_triggers:create:public.
Arnaud Morin <arnaud.morin@gmail.com> no 2026-03-30
OSSN-0098_Strip_sensitive_info_from_workflow_execution_context.patch [PATCH] Strip sensitive info from workflow execution context Remove the Keystone auth_token and service_catalog from the openstack
data stored in the workflow execution context. This prevents the token
from being persisted in the database, exposed to workflow authors via
$.openstack.auth_token YAQL expressions, and leaked in error log
messages.
.
Actions are not affected as they receive their token through the RPC context.

===================================================================
Arnaud Morin <arnaud.morin@gmail.com> yes debian upstream upstream, https://review.opendev.org/c/openstack/mistral/+/991391 2026-06-05

All known versions for source package 'mistral'

Links