Given that analysis, it sounds highly likely we can't safely backport fixes to stable branches for such an issue and so would be a class B1 report per our report taxonomy: "A vulnerability that can only be fixed in master, security note for stable branches, e.g., default config value is insecure" https://security.openstack.org/vmt-process.html#incident-report-taxonomy
Given that analysis, it sounds highly likely we can't safely backport fixes to stable branches for such an issue and so would be a class B1 report per our report taxonomy: "A vulnerability that can only be fixed in master, security note for stable branches, e.g., default config value is insecure" https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy
Does that sounds right?