Public bug reported: [Environment]
Xenial/Queens Horizon 13.0.3 > [Description] Horizon horizon (3:13.0.3-0ubuntu2) introduced patch CVE-2020-29565, which breaks X/Q clouds the reason is that the allowed_host argument was introduced in 1.11 (https://github.com/django/django/commit/f227b8d15d9d0e0c50eb6459cf4556bccc3fae53) but Xenial has 1.8.7 The regression is introduced by patch debian/patches/CVE-2020-29565.patch. Operations such as associating a floating ip via dashboard fails with the following traceback: [Thu May 06 20:28:40.715395 2021] [wsgi:error] [pid 227689:tid 139873006274304] Internal Server Error: /project/floating_ips/associate/ [Thu May 06 20:28:40.715463 2021] [wsgi:error] [pid 227689:tid 139873006274304] Traceback (most recent call last): [Thu May 06 20:28:40.715469 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response [Thu May 06 20:28:40.715474 2021] [wsgi:error] [pid 227689:tid 139873006274304] response = wrapped_callback(request, *callback_args, **callback_kwargs) [Thu May 06 20:28:40.715479 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec [Thu May 06 20:28:40.715483 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715488 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 52, in dec [Thu May 06 20:28:40.715492 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715497 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec [Thu May 06 20:28:40.715501 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715506 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 113, in dec [Thu May 06 20:28:40.715510 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715515 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 84, in dec [Thu May 06 20:28:40.715535 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715540 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 71, in view [Thu May 06 20:28:40.715545 2021] [wsgi:error] [pid 227689:tid 139873006274304] return self.dispatch(request, *args, **kwargs) [Thu May 06 20:28:40.715549 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 89, in dispatch [Thu May 06 20:28:40.715553 2021] [wsgi:error] [pid 227689:tid 139873006274304] return handler(request, *args, **kwargs) [Thu May 06 20:28:40.715557 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 155, in get [Thu May 06 20:28:40.715561 2021] [wsgi:error] [pid 227689:tid 139873006274304] context = self.get_context_data(**kwargs) [Thu May 06 20:28:40.715565 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 101, in get_context_data [Thu May 06 20:28:40.715569 2021] [wsgi:error] [pid 227689:tid 139873006274304] allowed_hosts=[self.request.get_host()]): [Thu May 06 20:28:40.715573 2021] [wsgi:error] [pid 227689:tid 139873006274304] TypeError: is_safe_url() got an unexpected keyword argument 'allowed_hosts' ** Affects: horizon Importance: Undecided Status: New ** Description changed: [Environment] Xenial/Queens Horizon 13.0.3 > [Description] - Horizon horizon (3:13.0.3-0ubuntu2) bionic-security; urgency=medium - introduced patch CVE-2020-29565, which breaks X/Q clouds the reason + Horizon horizon (3:13.0.3-0ubuntu2) introduced patch CVE-2020-29565, which breaks X/Q clouds the reason is that the allowed_host argument was introduced in 1.11 (https://github.com/django/django/commit/f227b8d15d9d0e0c50eb6459cf4556bccc3fae53) but Xenial has 1.8.7 The regression is introduced by patch debian/patches/CVE-2020-29565.patch. Operations such as associating a floating ip via dashboard fails with the following traceback: [Thu May 06 20:28:40.715395 2021] [wsgi:error] [pid 227689:tid 139873006274304] Internal Server Error: /project/floating_ips/associate/ [Thu May 06 20:28:40.715463 2021] [wsgi:error] [pid 227689:tid 139873006274304] Traceback (most recent call last): [Thu May 06 20:28:40.715469 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response [Thu May 06 20:28:40.715474 2021] [wsgi:error] [pid 227689:tid 139873006274304] response = wrapped_callback(request, *callback_args, **callback_kwargs) [Thu May 06 20:28:40.715479 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec [Thu May 06 20:28:40.715483 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715488 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 52, in dec [Thu May 06 20:28:40.715492 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715497 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec [Thu May 06 20:28:40.715501 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715506 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 113, in dec [Thu May 06 20:28:40.715510 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715515 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 84, in dec [Thu May 06 20:28:40.715535 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715540 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 71, in view [Thu May 06 20:28:40.715545 2021] [wsgi:error] [pid 227689:tid 139873006274304] return self.dispatch(request, *args, **kwargs) [Thu May 06 20:28:40.715549 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 89, in dispatch [Thu May 06 20:28:40.715553 2021] [wsgi:error] [pid 227689:tid 139873006274304] return handler(request, *args, **kwargs) [Thu May 06 20:28:40.715557 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 155, in get [Thu May 06 20:28:40.715561 2021] [wsgi:error] [pid 227689:tid 139873006274304] context = self.get_context_data(**kwargs) [Thu May 06 20:28:40.715565 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 101, in get_context_data [Thu May 06 20:28:40.715569 2021] [wsgi:error] [pid 227689:tid 139873006274304] allowed_hosts=[self.request.get_host()]): [Thu May 06 20:28:40.715573 2021] [wsgi:error] [pid 227689:tid 139873006274304] TypeError: is_safe_url() got an unexpected keyword argument 'allowed_hosts' -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1929469 Title: Regression Xenial/Queens: caused by d/p/CVE-2020-29565.patch Status in OpenStack Dashboard (Horizon): New Bug description: [Environment] Xenial/Queens Horizon 13.0.3 > [Description] Horizon horizon (3:13.0.3-0ubuntu2) introduced patch CVE-2020-29565, which breaks X/Q clouds the reason is that the allowed_host argument was introduced in 1.11 (https://github.com/django/django/commit/f227b8d15d9d0e0c50eb6459cf4556bccc3fae53) but Xenial has 1.8.7 The regression is introduced by patch debian/patches/CVE-2020-29565.patch. Operations such as associating a floating ip via dashboard fails with the following traceback: [Thu May 06 20:28:40.715395 2021] [wsgi:error] [pid 227689:tid 139873006274304] Internal Server Error: /project/floating_ips/associate/ [Thu May 06 20:28:40.715463 2021] [wsgi:error] [pid 227689:tid 139873006274304] Traceback (most recent call last): [Thu May 06 20:28:40.715469 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response [Thu May 06 20:28:40.715474 2021] [wsgi:error] [pid 227689:tid 139873006274304] response = wrapped_callback(request, *callback_args, **callback_kwargs) [Thu May 06 20:28:40.715479 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec [Thu May 06 20:28:40.715483 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715488 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 52, in dec [Thu May 06 20:28:40.715492 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715497 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec [Thu May 06 20:28:40.715501 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715506 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 113, in dec [Thu May 06 20:28:40.715510 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715515 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 84, in dec [Thu May 06 20:28:40.715535 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs) [Thu May 06 20:28:40.715540 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 71, in view [Thu May 06 20:28:40.715545 2021] [wsgi:error] [pid 227689:tid 139873006274304] return self.dispatch(request, *args, **kwargs) [Thu May 06 20:28:40.715549 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 89, in dispatch [Thu May 06 20:28:40.715553 2021] [wsgi:error] [pid 227689:tid 139873006274304] return handler(request, *args, **kwargs) [Thu May 06 20:28:40.715557 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 155, in get [Thu May 06 20:28:40.715561 2021] [wsgi:error] [pid 227689:tid 139873006274304] context = self.get_context_data(**kwargs) [Thu May 06 20:28:40.715565 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 101, in get_context_data [Thu May 06 20:28:40.715569 2021] [wsgi:error] [pid 227689:tid 139873006274304] allowed_hosts=[self.request.get_host()]): [Thu May 06 20:28:40.715573 2021] [wsgi:error] [pid 227689:tid 139873006274304] TypeError: is_safe_url() got an unexpected keyword argument 'allowed_hosts' To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1929469/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp