openstack-attic/openstack-security-notes

Go to file

Robert Clark 407fb8f198 Adds OSSN-0013 This adds OSSN-0013 addressing an issue with the way Glance property protections are processed. In some deployments it is possible that a configuration will allow actions that the administrator had intended to restrict, unless permissions are defined in a careful order. Change-Id: Ib149f2559659702f21793c3394bd0791352e18b3 Closes-Bug: #1271426		2014-05-07 07:55:41 +01:00
notes	Adds OSSN-0013	2014-05-07 07:55:41 +01:00
templates	Modified templates to wrap lines at 72 characters	2014-03-06 18:51:31 -08:00
.gitreview	Add gitreview file	2014-04-01 16:53:46 -07:00
README.md	Add previously published security notes	2014-02-12 21:35:18 -08:00

README.md

OpenStack Security Notes (OSSN)

The OpenStack Security Group (OSSG) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.

Repository Layout

This repository contains published Security Notes and templates that should be used when creating new Security Notes.

notes - contains Security Notes in e-mail format (see the templates)
templates - contains e-mail and wiki format templates

Useful Links

A list of published Security Notes is available here:

https://wiki.openstack.org/wiki/Security_Notes

The process used to create new Security Notes is available here:

https://wiki.openstack.org/wiki/Security/Security_Note_Process