openstack/keystone
Code Issues Proposed changes
863fdf21c5
keystone/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
Brant Knudson d5378f173d Add audit IDs to revocation events 
The revoked tokens' audit ID is now included in the data returned in
the revocation list.

Closes-Bug: 1490804
Change-Id: Ifcf88f1158bebddc4f927121fbf4136fb53b659f
2015-12-17 10:46:23 -06:00

14 lines
559 B
YAML
Raw Blame History

---
features:
- >
[`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
Audit IDs are included in the token revocation list.
security:
- >
[`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
[`CVE-2015-7546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546>`_]
A bug is fixed where an attacker could avoid token revocation when the PKI
or PKIZ token provider is used. The complete remediation for this
vulnerability requires the corresponding fix in the keystonemiddleware
project.
View Git Blame Copy Permalink