OpenStack Compute (Nova)
Go to file
Sean Mooney 8906552cfc address open redirect with 3 forward slashes
Ie36401c782f023d1d5f2623732619105dc2cfa24 was intended
to address OSSA-2021-002 (CVE-2021-3654) however after its
release it was discovered that the fix only worked
for urls with 2 leading slashes or more then 4.

This change adresses the missing edgecase for 3 leading slashes
and also maintian support for rejecting 2+.


NOTE(melwitt): The conflict and difference in from
the cherry picked change: HTTPStatus.BAD_REQUEST => 400 is due to the
fact that HTTPStatus does not exist in Python 2.7. The conflict in is because change
I23ac1cc79482d0fabb359486a4b934463854cae5 (Allow TLS ciphers/protocols
to be configurable for console proxies) is not in Train. The difference
in from the cherry picked change is due to a
difference in internal implementation [1] in Python < 3.6. See change
I546d376869a992601b443fb95acf1034da2a8f36 for reference.

[1] 34eeed4290

Change-Id: I95f68be76330ff09e5eabb5ef8dd9a18f5547866
co-authored-by: Matteo Pozza
Closes-Bug: #1927677
(cherry picked from commit 6fbd0b758d)
(cherry picked from commit 47dad4836a)
(cherry picked from commit 9588cdbfd4)
(cherry picked from commit 0997043f45)
2021-10-08 09:38:47 +00:00
api-guide/source Allow resizing server with port resource request 2019-09-12 10:35:22 -04:00
api-ref/source compute: Validate a BDMs disk_bus when provided 2020-09-03 15:24:37 +01:00
devstack Merge "Find instance in another cell during floating IP re-association" 2019-09-13 15:19:55 +00:00
doc Add config parameter 'live_migration_scheme' to live migration with tls guide 2021-03-24 05:38:06 +00:00
etc/nova Remove an unused file and a related description 2019-09-13 10:33:32 +09:00
gate [stable-only] gate: Pin CEPH_RELEASE to nautilus in LM hook 2021-03-11 15:38:12 +00:00
nova address open redirect with 3 forward slashes 2021-10-08 09:38:47 +00:00
playbooks Merge "Convert nova-lvm job to zuul v3" 2019-09-04 20:08:05 +00:00
releasenotes Reject open redirection in the console proxy 2021-10-08 09:38:09 +00:00
roles/run-post-test-hook Convert nova-next to a zuul v3 job 2019-07-23 11:32:35 -04:00
tools Move 'check-cherry-picks' test to gate, n-v check 2021-06-18 11:27:00 +01:00
.coveragerc Remove nova/openstack/* from .coveragerc 2016-10-12 16:20:49 -04:00
.gitignore Delete the placement code 2019-04-28 20:06:15 +00:00
.gitreview Update .gitreview for stable/train 2019-09-27 09:06:47 +00:00
.mailmap Add mailmap entry 2014-05-07 12:14:26 -07:00
.stestr.conf Finish stestr migration 2017-11-24 16:51:12 -05:00
.zuul.yaml Move 'check-cherry-picks' test to gate, n-v check 2021-06-18 11:27:00 +01:00
CONTRIBUTING.rst Update links in documents 2018-01-12 17:05:11 +08:00
HACKING.rst Remove descriptions of nonexistent hacking rules 2019-08-26 14:55:51 +09:00
LICENSE initial commit 2010-05-27 23:05:26 -07:00
MAINTAINERS Fix broken URLs 2017-09-07 15:42:31 +02:00
README.rst Update api-ref location 2019-07-22 19:17:28 +02:00
babel.cfg Get rid of distutils.extra. 2012-02-08 19:30:39 -08:00
bindep.txt Added openssh-client into bindep 2019-10-29 07:02:24 +00:00
lower-constraints.txt [stable-only] Cap bandit to 1.6.2 and raise hacking, flake8 and stestr 2020-12-23 11:15:08 +00:00
requirements.txt Merge "Tune up db.instance_get_all_uuids_by_hosts" 2019-09-23 19:58:43 +00:00
setup.cfg Rename 'nova.common.config' module to 'nova.middleware' 2019-08-16 00:53:03 +01:00 Updated from global requirements 2017-03-02 11:50:48 +00:00
test-requirements.txt [stable-only] Cap bandit to 1.6.2 and raise hacking, flake8 and stestr 2020-12-23 11:15:08 +00:00
tox.ini [stable-only] Pin virtualenv and setuptools 2021-10-05 21:39:56 +00:00


Team and repository tags


OpenStack Nova

OpenStack Nova provides a cloud computing fabric controller, supporting a wide variety of compute technologies, including: libvirt (KVM, Xen, LXC and more), Hyper-V, VMware, XenServer, OpenStack Ironic and PowerVM.

Use the following resources to learn more.


To learn how to use Nova's API, consult the documentation available online at:

For more information on OpenStack APIs, SDKs and CLIs in general, refer to:


To learn how to deploy and configure OpenStack Nova, consult the documentation available online at:

In the unfortunate event that bugs are discovered, they should be reported to the appropriate bug tracker. If you obtained the software from a 3rd party operating system vendor, it is often wise to use their own bug tracker for reporting problems. In all other cases use the master OpenStack bug tracker, available at:


For information on how to contribute to Nova, please see the contents of the CONTRIBUTING.rst.

Any new code must follow the development guidelines detailed in the HACKING.rst file, and pass all unit tests.

Further developer focused documentation is available at:

Other Information

During each Summit and Project Team Gathering, we agree on what the whole community wants to focus on for the upcoming release. The plans for nova can be found at: