Our application is affected by this bug (https://github.com/celery/celery/issues/3802#issuecomment-415565936). It's causing failures for our users. We started receiving reports when EPEL7 was upgraded 2 days ago. We will do a better job of participating in the Karma process next time. I know this will require the entire Celery stack to be downgraded, but it's broken :/ Also I know that was part of a CVE fix in Pagure, but since the CVE isn't in Celery itself and this package is very widely used, downgrading until Celery can be fixed I feel is appropriate.
(In reply to Brian Bouterse from comment #0) > Our application is affected by this bug > (https://github.com/celery/celery/issues/3802#issuecomment-415565936). It's > causing failures for our users. We started receiving reports when EPEL7 was > upgraded 2 days ago. > > We will do a better job of participating in the Karma process next time. > > I know this will require the entire Celery stack to be downgraded, but it's > broken :/ > > Also I know that was part of a CVE fix in Pagure, but since the CVE isn't in > Celery itself and this package is very widely used, downgrading until Celery > can be fixed I feel is appropriate. Celery never existed in EPEL7 until it was introduced for Pagure. I do not know why you thought we had celery 4.0.x in EPEL. I would not consider downgrading celery unless there's no avenue at all to fix it. Moreover, your suggestion would not resolve the problem, since the issue is confirmed to exist in celery 4.0.2 (the version you are requesting to downgrade to) as well. Looking over the linked ticket, I'm a little concerned that the Pulp team seems to not be trying to help fix issues in a core component that they leverage. The upstream ticket is also marked as to be addressed as part of celery 4.3.x, since it has been identified as a regression. At this time, I do not think downgrading celery would do any good.
Also, I notice
Gah... Also, I notice that there doesn't seem to be much in the way of evidence to indicate Pulp supports any reasonably maintained version of celery. I do not think it would be wise for me to downgrade to an unmaintained version just for Pulp, who maintains their own repos for things anyway.
The Pulp upstream bug status is at NEW. Updating the external tracker on this bug.
The Pulp upstream bug priority is at Normal. Updating the external tracker on this bug.
So, I've discussed this with the Pulp team in #pulp-dev. This was a bit of a miscommunication and the Pulp team will take action separately for their software. Moreover, their next version of Pulp (v3.0.0) does not use celery, so this will not remain a concern for much longer. This issue is thus closed.
The Pulp upstream bug status is at CLOSED - CURRENTRELEASE. Updating the external tracker on this bug.