From 9e79b8f4be5b244b46c2315e80e2aef7d94f493d Mon Sep 17 00:00:00 2001
From: Jake Hutchinson <jake@assumptions.network>
Date: Wed, 26 Jun 2024 08:32:57 +0100
Subject: [PATCH 1/2] Bump Kolla images for CVE-2024-36039

---
 etc/kayobe/kolla-image-tags.yml                          | 9 +++------
 .../kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml      | 7 +++++++
 2 files changed, 10 insertions(+), 6 deletions(-)
 create mode 100644 releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml

diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml
index aa0cfb4a2..5278636b1 100644
--- a/etc/kayobe/kolla-image-tags.yml
+++ b/etc/kayobe/kolla-image-tags.yml
@@ -4,14 +4,14 @@
 # where the key is the OS distro and the value is the tag to deploy.
 kolla_image_tags:
   openstack:
+    rocky-9: 2023.1-rocky-9-20240621T104542
+    ubuntu-jammy: 2023.1-ubuntu-jammy-20240621T104542
+  bifrost_deploy:
     rocky-9: 2023.1-rocky-9-20240423T125905
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240423T125905
   cinder:
     rocky-9: 2023.1-rocky-9-20240701T123544
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240701T123544
-  cloudkitty:
-    rocky-9: 2023.1-rocky-9-20240509T111619
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T111619
   glance:
     rocky-9: 2023.1-rocky-9-20240701T123544
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240701T123544
@@ -21,9 +21,6 @@ kolla_image_tags:
   letsencrypt:
     rocky-9: 2023.1-rocky-9-20240509T102329
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T102329
-  magnum:
-    rocky-9: 2023.1-rocky-9-20240607T082105
-    ubuntu-jammy: 2023.1-ubuntu-jammy-20240607T082105
   nova:
     rocky-9: 2023.1-rocky-9-20240702T082319
     ubuntu-jammy: 2023.1-ubuntu-jammy-20240702T082319
diff --git a/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml b/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml
new file mode 100644
index 000000000..1877ebc62
--- /dev/null
+++ b/releasenotes/notes/kolla-bump-cve-2024-36039-07f18e18b5c86980.yaml
@@ -0,0 +1,7 @@
+---
+security:
+  - |
+    Addresses critical vulnerability CVE-2024-36039 by
+    bumping the PyMySQL library to 1.1.1 in all affected
+    Kolla images. This vulnerability allows SQL injection 
+    through untrusted JSON objects.

From 122a5f122567aed17a5fa8b56f28b27c87e6f2d3 Mon Sep 17 00:00:00 2001
From: Jake Hutchinson <jake@stackhpc.com>
Date: Thu, 4 Jul 2024 10:25:17 +0100
Subject: [PATCH 2/2] CI: Increase volume size to 40GB

---
 .github/workflows/stackhpc-all-in-one.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stackhpc-all-in-one.yml b/.github/workflows/stackhpc-all-in-one.yml
index 066c98377..5f8409a50 100644
--- a/.github/workflows/stackhpc-all-in-one.yml
+++ b/.github/workflows/stackhpc-all-in-one.yml
@@ -167,7 +167,7 @@ jobs:
           VM_NETWORK: ${{ inputs.vm_network }}
           VM_SUBNET: ${{ inputs.vm_subnet }}
           VM_INTERFACE: ${{ inputs.vm_interface }}
-          VM_VOLUME_SIZE: ${{ inputs.upgrade && '50' || '35' }}
+          VM_VOLUME_SIZE: ${{ inputs.upgrade && '50' || '40' }}
           VM_TAGS: '["skc-ci-aio", "PR=${{ github.event.number }}"]'
 
       - name: Terraform Plan