openstack/kolla-ansible
Code Issues Proposed changes
3b824a0a12
kolla-ansible/releasenotes/notes/add-horizon-limitrequestbody-4f79433fa2cf1f6d.yaml
Maksim Malchuk d907790fff Add LimitRequestBody configuration for Horizon 
Since CVE-2022-29404 is fixed [1,2] the default value for the
LimitRequestBody directive in the Apache HTTP Server has been changed
from 0 (unlimited) to 1 GiB. This limits the size of images (for
example) uploaded in Horizon. This change add the ability to
configure the limit.

1. https://access.redhat.com/articles/6975397
2. https://ubuntu.com/security/CVE-2022-29404

Closes-Bug: #2012588
Change-Id: I4cd9dd088cbcf38ff6f8d188ebcc56be7d9ea1c9
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2023-03-29 14:51:28 +03:00

10 lines
422 B
YAML
Raw Blame History

---
features:
- |
Since CVE-2022-29404 is fixed the default value for the LimitRequestBody
directive in the Apache HTTP Server has been changed from 0 (unlimited) to
1073741824 (1 GiB). This limits the size of images (for example) uploaded
in Horizon. Now this limit can be configured via
``horizon_httpd_limitrequestbody``.
`LP#2012588 <https://bugs.launchpad.net/kolla-ansible/+bug/2012588>`__
View Git Blame Copy Permalink