Public bug reported:
Bug #1354208 reported a security flaw in the way that we performed
substitution for catalog URLs. The immediate solution was to add a
whitelist of config fields that are safe to use with substitution. The
long term goal is to get rid of this feature and only allow tenant_id
and user_id to be used for substitution.
The first step for the Kilo release is to deprecate the feature.
** Affects: keystone
Importance: High
Assignee: David Stanek (dstanek)
Status: In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1383817
Title:
Deprecate catalog replacements and whitelists
Status in OpenStack Identity (Keystone):
In Progress
Bug description:
Bug #1354208 reported a security flaw in the way that we performed
substitution for catalog URLs. The immediate solution was to add a
whitelist of config fields that are safe to use with substitution. The
long term goal is to get rid of this feature and only allow tenant_id
and user_id to be used for substitution.
The first step for the Kilo release is to deprecate the feature.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1383817/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
