Hi, On Thu, Jan 15, 2026 at 03:32:46PM +0000, Jeremy Stanley wrote: > ==================================================================== > OSSA-2026-001: Privilege Escalation via Identity Headers in External > OAuth2 Tokens > ==================================================================== > > :Date: January 15, 2026 > :CVE: CVE-2026-22797 > > Affects > ~~~~~~~ > - Keystonemiddleware: >=10.0.0 <10.7.2, >=10.8.0 <10.9.1, >=10.10.0 <10.12.1
Just a small note here, the range might be adapted to something newer thatn 10.5.0, correct? AFAIU the code was only added in https://github.com/openstack/keystonemiddleware/commit/de15a610e160defb367b224258498727384d10a8 which landed in 10.5.0. is this correct? Regards, Salvatore
