Critical Vulnerability Information 6.0.3-5 - Security Issue Fixed insufficient input filtering issue: When looking up nodes via introspection data, this could lead to SQL injection through the API endpoint. See story 2005678 for details. 6.0.2 - Vulnerability Fix Fixed switch_id field issue: The field in could be set to a non-MAC address. If the processed LLDP value is not a MAC address (ChassisID), this violates the bare metal API requirements and results in an error. See bug 1748022 for details. 6.0.1 - Vulnerability Fix Fixed ipmi_address field priority issue: In introspection data, the old field no longer takes precedence over the new field. This could cause issues in MAC address-based lookup steps when the BMC address is . See bug 174944 for details. 6.0.0 - New Features and Vulnerability Fixes Added support for returning invert and multiple attributes in the ironic-inspector rules query API. Added disabled option to add_ports, allowing discovered nodes to be created without creating ports. Added checks in the link_local_connection plugin to use lldp_basic stored data, avoiding double parsing of LLDP packets. Added node status to the response data of the /introspection API GET method. Fixed issues related to hook dependencies and startup failures. Updated pxe_enabled field for both newly discovered and existing ports. Upgrade Notes Removed experimental IPMI credentials support, API version upgraded to 1.12. Synchronized default API version to match the current API version. Port creation logic moved to validate_interfaces hook, which may affect deployments that disable or replace this hook. Requires bare metal API version 1.19. Removed deprecated configuration options and rollback support for rules. Old status records are no longer removed by default. Deprecation Notes node_status_keep_time configuration option is deprecated; it can now be safely removed to avoid confusion when deleting node status information from ironic.