Comment 7 for bug 1888309

>> bugs reported upstream as potential security issues <<

An upstream developer responded to the bugs reported - the code identified relates to the amphora agent which is internal to octavia, and requires communication from the main octavia control process to the HTTP server in the amphora agent to be TLS encrypted with mutual authentication of client certificates.

Upstream acknowledged the potential bug but described the risk of exploit as low due to this mitigating control.

The OpenStack Charms for Octavia setup the TLS encryption and authentication as described.