-
Notifications
You must be signed in to change notification settings - Fork 694
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
The revoked tokens' audit ID is now included in the data returned in the revocation list. Closes-Bug: 1490804 Change-Id: Ifcf88f1158bebddc4f927121fbf4136fb53b659f
- Loading branch information
Brant Knudson
committed
Dec 17, 2015
1 parent
4c3071d
commit d5378f1
Showing
5 changed files
with
61 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- | ||
features: | ||
- > | ||
[`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_] | ||
Audit IDs are included in the token revocation list. | ||
security: | ||
- > | ||
[`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_] | ||
[`CVE-2015-7546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546>`_] | ||
A bug is fixed where an attacker could avoid token revocation when the PKI | ||
or PKIZ token provider is used. The complete remediation for this | ||
vulnerability requires the corresponding fix in the keystonemiddleware | ||
project. |