Public bug reported:
Description
===
The console proxies (VNC, SPICE, etc) currently don't allow the allowed
TLS ciphers and protocol versions to be configurable. This results in
the defaults being used from the underlying system (or even compiled
defaults in OpenSSL), which may not be
This issue has been published as OSSN-0063 on the mailing lists and
wiki:
https://wiki.openstack.org/wiki/OSSN/OSSN-0063
** Changed in: ossn
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed
This has been published as OSSN-0060:
https://wiki.openstack.org/wiki/OSSN/OSSN-0060
** Changed in: ossn
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
This issue has been published as OSSN-0061:
https://wiki.openstack.org/wiki/OSSN/OSSN-0061
** Changed in: ossn
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
This issue has been published as OSSN-0062:
https://wiki.openstack.org/wiki/OSSN/OSSN-0062
** Changed in: ossn
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
This has been published as OSSN-0059:
https://wiki.openstack.org/wiki/OSSN/OSSN-0059
** Changed in: ossn
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
This has been published as OSSN-0049:
https://wiki.openstack.org/wiki/OSSN/OSSN-0049
** Changed in: ossn
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
ute is 'uniquemember', users are listed as not enabled.
** Affects: keystone
Importance: Undecided
Assignee: Nathan Kinder (nkinder)
Status: New
** Changed in: keystone
Assignee: (unassigned) => Nathan Kinder (nkinder)
--
You received this bug notification because you are a
This has been published as OSSN-0057:
https://wiki.openstack.org/wiki/OSSN/OSSN-0057
** Changed in: ossn
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
This has been published as OSSN-0053:
https://wiki.openstack.org/wiki/OSSN/OSSN-0053
** Changed in: ossn
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
This has been published as OSSN-0055:
https://wiki.openstack.org/wiki/OSSN/OSSN-0055
** Changed in: ossn
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
This has been published as OSSN-0054:
https://wiki.openstack.org/wiki/OSSN/OSSN-0054
** Changed in: ossn
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard
This has been published as OSSN-0047:
https://wiki.openstack.org/wiki/OSSN/OSSN-0047
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
Importance: Undecided
Assignee: Nathan Kinder (nkinder)
Status: In Progress
** Changed in: keystone
Assignee: (unassigned) = Nathan Kinder (nkinder)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https
Public bug reported:
When using the websso feature in keystone, the identity provider is
looked up based on the value of the 'remote_id_attribute' environment
variable provided by the SAML assertion (or claim in the case of OpenID
Connect). Logic would dictate that the 'remote_id_attribute'
This should be marked as public now. As Tritan mentioned in comment#8,
it's already been disclosed (not to mention that we already wrote and
published an OSSN).
** Information type changed from Private Security to Public Security
** Also affects: ossn
Importance: Undecided
Status: New
This has been published as OSSN-0044:
https://wiki.openstack.org/wiki/OSSN/OSSN-0044
** Changed in: ossn
Status: New = Fix Released
** Changed in: ossn
Assignee: (unassigned) = Paul McMillan (paul-mcmillan)
--
You received this bug notification because you are a member of Yahoo!
This has been published as OSSN-0038 to the openstack and openstack-dev
mailing lists as well as the wiki:
https://wiki.openstack.org/wiki/OSSN/OSSN-0038
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
This was published as OSSN-0025:
https://wiki.openstack.org/wiki/OSSN/OSSN-0025
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
be allowed to view/show their own domain.
** Affects: keystone
Importance: Undecided
Assignee: Nathan Kinder (nkinder)
Status: In Progress
** Changed in: keystone
Assignee: (unassigned) = Nathan Kinder (nkinder)
--
You received this bug notification because you
: rule:admin_required,
identity:delete_mapping: rule:admin_required,
identity:update_mapping: rule:admin_required,
---
** Affects: keystone
Importance: Undecided
Assignee: Nathan Kinder (nkinder)
Status: New
** Changed
This issue has been published as OSSN-0028:
https://wiki.openstack.org/wiki/OSSN/OSSN-0028
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
://docs.openstack.org/;, type: text/html, rel: describedby}]}}
---
There's nothing really of interest in keystone.log with debug enabled.
** Affects: keystone
Importance: Undecided
Assignee: Nathan Kinder (nkinder)
Status
*** This bug is a duplicate of bug 1343579 ***
https://bugs.launchpad.net/bugs/1343579
** This bug has been marked a duplicate of bug 1343579
Versionless GET on keystone gives different answer with port 5000 and 35357
--
You received this bug notification because you are a member of
that is returned from LDAP, leading to accounts being
inadvertently disabled. This code needs to handle converting a str type
to bool before inverting the value.
** Affects: keystone
Importance: Medium
Assignee: Nathan Kinder (nkinder)
Status: In Progress
** Tags: juno-rc-potential
This was published as OSSN-0027:
https://wiki.openstack.org/wiki/OSSN/OSSN-0027
** Changed in: ossn
Status: Fix Committed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
This was published as OSSN-0024:
https://wiki.openstack.org/wiki/OSSN/OSSN-0024
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
The security note for this issue has been published as OSSN-0029:
https://wiki.openstack.org/wiki/OSSN/OSSN-0029
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to
Public bug reported:
The sample policy.json files included in Keystone have the trust API
operations listed. For example:
identity:create_trust: user_id:%(trust.trustor_user_id)s,
identity:get_trust: rule:admin_or_owner,
identity:list_trusts: ,
identity:list_roles_for_trust: ,
This was published as OSSN-0023:
https://wiki.openstack.org/wiki/OSSN/OSSN-0023
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
This is already covered by published note OSSN-0026:
https://wiki.openstack.org/wiki/OSSN/OSSN-0026
** Changed in: ossn
Status: New = Fix Released
** Changed in: ossn
Assignee: (unassigned) = Travis McPeak (travis-mcpeak)
--
You received this bug notification because you are a
This was published as OSSN-0022:
https://wiki.openstack.org/wiki/OSSN/OSSN-0022
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
We should write an OSSN for this so people are aware of the fact that
passwords for users will be logged in Horizon if debug logging is
enabled. Now that a keystoneclient patch has been merged, we will soon
have a release that doesn't log passwords anymore. We should recommend
using the newer
Public bug reported:
During the OpenStack Security Group Juno midcycle, some threat modelling
work around Keystone trusts identified some threat scenarios that the
existing unit tests do not cover. It should be made clear that these
scenarios are handled correctly by Keystone form a security
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1316822
Title:
soft reboot of instance does not ensure
has no attribute 'lower'
-
** Affects: keystone
Importance: Undecided
Assignee: Nathan Kinder (nkinder)
Status: In Progress
** Changed in: keystone
Status: New = In Progress
** Changed in: keystone
Assignee
** Also affects: ossn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1334926
Title:
floatingip still working once connected even after it is
The new revision of OSSN-0013 has been published to the mailing lists
and the wiki:
https://wiki.openstack.org/wiki/OSSN/OSSN-0013
** Changed in: ossn
Status: In Progress = Fix Released
** Changed in: ossn
Assignee: Robert Clark (robert-clark) = Nathan Kinder (nkinder)
--
You
Published as OSSN-0015 on the wiki and the openstack and openstack-dev
mailing lists:
https://wiki.openstack.org/wiki/OSSN/OSSN-0015
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is
Reopening this OSSN bug. The workaround in the OSSN has been reported
to not work. Details from the reporter to come shortly.
** Changed in: ossn
Status: Fix Released = In Progress
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is
The OSSN for this is being handled in bug #1313746. Closing this as a
duplicate.
** Changed in: ossn
Status: New = Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1317314
This has been published as OSSN-0013 to the mailing lists (openstack and
openstack-dev), and the OpenStack wiki:
https://wiki.openstack.org/wiki/OSSN/OSSN-0013
** Changed in: ossn
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Published as OSSN-0010 to the following locations:
openst...@lists.openstack.org
openstack-...@lists.openstack.org
https://wiki.openstack.org/wiki/OSSN/OSSN-0010
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member
Public bug reported:
Keystone currently has code that hashes LDAP user passwords when
creating and updating users (using salted SHA-1). Keystone itself
should not be doing this hashing. The LDAP server itself is supposed to
receive the clear text userPassword attribute value so it can hash it
An OSSN on this issue has been published to the wiki, openstack-dev, and
openstack mailing lists:
http://git.openstack.org/cgit/openstack/openstack-security-
notes/commit/?id=5380798f052eaebc023271c90d65b8f6d6fa6331
https://wiki.openstack.org/w/index.php?title=OSSN/OSSN-0009action=editredlink=1
Public bug reported:
REQ to http://host.example.com:35357/v2.0/tokens:
{auth:{passwordCredentials:{username: admin, password:***},
tenant:admin}}
RESP:
Status Code: 500 Internal Server Error
Connection: keep-alive
Content-Length: 266
Content-Type: application/xml
Date: Wed,
I just attempted to reproduce this on a Havana install, and it seems to
report an appropriate response/error:
-
# curl -v -A -H Host: -H Accept: -H Content-Type: -d @/tmp/request.txt
I've adjusted the Summary section as suggested by Rob. I've gone
ahead and published the following OSSN to the following locations:
https://wiki.openstack.org/wiki/OSSN/OSSN-0008
openst...@lists.openstack.org
openstack-...@lists.openstack.org
Thanks everyone for the reviews and
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1240554
Title:
Insecure live migration with libvirt driver
to the
additional role assignments for the dumb member.
We should be filtering out the dumb member in
RoleApi.list_role_assignments(), as we already do inRoleApi.
get_role_assignments().
** Affects: keystone
Importance: Undecided
Assignee: Nathan Kinder (nkinder)
Status: In Progress
Published the following OSSN to the openstack and openstack-dev mailing
lists:
-
Keystone can allow user impersonation when using REMOTE_USER for
external authentication
---
### Summary ###
When external authentication is used with
Published on OpenStack and OpenStack-Dev mailing lists on 11 Dec 2013.
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1226078
Published on OpenStack and OpenStack-Dev mailing lists on 22 Nov 2013.
** Changed in: ossn
Status: In Progress = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
53 matches
Mail list logo