Added Authors to Security Notes

All OSSN authors, added under the "Author:" metadata field

Change-Id: I81771dd3ec8d2c133ebc6ddf9f2c5f0f958d603a
Closes-Bug: #1599064

security-notes/OSSN-0001

@@ -37,6 +37,7 @@ The OSSG recommends against using LXC for enforcing secure separation of
 guests. Even with appropriate AppArmour policies applied.
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 Nova : http://docs.openstack.org/developer/nova/
 LXC : http://lxc.sourceforge.net/
 Libvirt : http://libvirt.org/

security-notes/OSSN-0002

@@ -30,6 +30,7 @@ Apache: HTTP Server Project
 Apache Config: http://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 This OSSN Bug: https://bugs.launchpad.net/ossn/+bug/1155566
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1098177
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0003

@@ -37,6 +37,7 @@ Ensure that in your deployment keystone.conf uses the most restrictive
 permissions that allow the system to continue proper operations.
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 This OSSN : https://bugs.launchpad.net/ossn/+bug/1168252
 Original LaunchPad Bug : https://bugs.launchpad.net/devstack/+bug/1168252
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0004

@@ -53,6 +53,7 @@ Despite this restriction in Horizon, it is recommended to leave the default
 directly without using Horizon to initiate a password change.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://bugs.launchpad.net/ossn/+bug/1237989
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1237989
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0005

@@ -47,6 +47,7 @@ enable_v1_api = False
 ---- end example glance-api.conf snippet ----
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://bugs.launchpad.net/ossn/+bug/1226078
 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1226078
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0006

@@ -57,6 +57,7 @@ authentication plugin can be created that uses the external username that
 contains an "@" character as-is.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://bugs.launchpad.net/ossn/+bug/1254619
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1254619
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0007

@@ -209,6 +209,7 @@ Please consult the documentation for your firewall software for
 instructions on configuring the appropriate firewall rules.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0007
 Original LaunchPad Bug : https://bugs.launchpad.net/openstack-manuals/+bug/1287194
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0008

@@ -43,6 +43,8 @@ Future OpenStack releases are looking to add the ability to restrict
 noVNC and SPICE console connections.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
+Author: Sriram Subramanian, CloudDon
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0008
 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1227575
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0009

@@ -39,6 +39,7 @@ tokens for other users by performing group deletion operations.  You
 should take caution with who you delegate these capabilities to.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0009
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1268751
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0010

@@ -40,6 +40,7 @@ IDs and consider it for applicability to your Keystone deployment:
 https://git.openstack.org/cgit/openstack/keystone/commit/?id=a2fa6a6f01a4884edf369cafa39946636af5cf1a
 
 ### Contacts / References ###
+Author: Jamie Finnigan, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0010
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1287219
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0011

@@ -138,6 +138,7 @@ security group references to ensure that the resulting network rules
 are as intended.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0011
 Original LaunchPad Bug : https://bugs.launchpad.net/heat/+bug/1291091
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0012

@@ -66,6 +66,8 @@ recommended that cloud administrators change any passwords, tokens, or
 other credentials that may have been communicated over SSL/TLS.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
+Author: Robert Clark, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0012
 OpenStack Security ML : openstack-security@lists.openstack.org
 OpenStack Security Group : https://launchpad.net/~openstack-ossg

security-notes/OSSN-0013

@@ -83,6 +83,7 @@ tested to ensure that CRUD actions are constrained in the way the administrator
 intended.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0013
 Original Launchpad Bug : https://bugs.launchpad.net/glance/+bug/1271426
 Original Report : http://lists.openstack.org/pipermail/openstack-dev/2014-January/024861.html

security-notes/OSSN-0014

@@ -65,6 +65,7 @@ alternatives such as applying mandatory access control policies
 to the files in order to minimize the possible exposure.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0014
 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1260679
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0015

@@ -40,6 +40,7 @@ restrict the ability to publicize images to users with the "admin" role
 in the Juno release of OpenStack.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0015
 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1313746
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0016

@@ -38,6 +38,7 @@ volume_clear option” <logfile>)
 
 
 ### Contacts / References ###
+Author: Doug Chivers, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0016
 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1322766
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0017

@@ -84,6 +84,7 @@ cookie is compromised, an attacker may assume all privileges of the
 user for as long as their session is valid.
 
 ### Contacts / References ###
+Author: Travis McPeak, Symantec
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0017
 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1327425
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0018

@@ -57,6 +57,7 @@ allow traffic coming from the running instances to services controlled
 by Nova - DHCP and DNS providers.
 
 ### Contacts / References ###
+Author: Stanislaw Pitucha, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0018
 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1316271
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0019

@@ -56,6 +56,7 @@ that could be used to impersonate a SAN host and enact an Man in the
 Middle attack.
 
 ### Contacts / References ###
+Author: Tim Kelsey, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0019
 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1320056
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0020

@@ -53,6 +53,7 @@ The Neutron development team plans to address this issue in a future
 version of Neutron.
 
 ### Contacts / References ###
+Author Priti Desai, Symantec
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0020
 Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1334926
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0021

@@ -63,6 +63,7 @@ In the future, operators will be able to use keystoneclient for a more
 convenient method of accessing and updating this information.
 
 ### Contacts / References ###
+Author: Stanislaw Pitucha, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0021
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1341849
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0022

@@ -51,6 +51,7 @@ boot <instance_id>" or reboot using "nova reboot --hard <instance_id>"
 to force the security group rules to be applied.
 
 ### Contacts / References ###
+Author: Doug Chivers, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0022
 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1316822
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0023

@@ -62,6 +62,7 @@ configured to switch to a customised log format using directive
 'access_log' only for requests matching location '/v2.0/tokens/...'.
 
 ### Contacts / References ###
+Author: Stanislaw Pitucha, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0023
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1348844
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0024

@@ -71,6 +71,7 @@ An alternate approach is to never run a production system with the log
 level in DEBUG mode.
 
 ### Contacts / References ###
+Author: Abu Shohel Ahmed, Ericsson
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0024
 Original Launchpad Bug: https://bugs.launchpad.net/python-keystoneclient/+bug/1004114
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1004114

security-notes/OSSN-0025

@@ -62,6 +62,7 @@ environment, so test configurations before deploying them in a
 production environment.
 
 ### Contacts / References ###
+Author: Nathaniel Dillon, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0025
 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1354512
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0026

@@ -50,6 +50,7 @@ plaintext credentials, can result from permissions which allow
 malicious users to view sensitive data (read access).
 
 ### Contacts / References ###
+Author: Travis McPeak, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0026
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1343657
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0027

@@ -64,6 +64,7 @@ The Neutron development team plan to address this issue in a future
 version
 
 ### Contacts / References ###
+Author: Tim Kelsey, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0027
 Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1274034
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0028

@@ -57,6 +57,7 @@ underlying compute node by it's serial number may wish to disable
 reporting of any sysinfo serial field at all by using the 'none' value.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0028
 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1337349
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0029

@@ -57,6 +57,7 @@ independently.
 This issue has been fixed in the Juno release of OpenStack.
 
 ### Contacts / References ###
+Author: Tim Kelsey, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0029
 Original LaunchPad Bug : https://bugs.launchpad.net/neutron/+bug/1365961
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0030

@@ -70,6 +70,7 @@ System logs should also be interrogated for any such strings as an
 indication of possible attacks.
 
 ### Contacts / References ###
+Author: Tim Kelsey, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0030
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1374055
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0031

@@ -27,6 +27,7 @@ is a requirement without a full verifiable boot chain and network
 hardware.
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0031
 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1174153
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0032

@@ -35,6 +35,7 @@ NOTE: Flushing Memcached can result in losing token revocation
 information as addressed in https://bugs.launchpad.net/ossn/+bug/1182920
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0032
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1179955
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0033

@@ -37,6 +37,7 @@ mentioned in the 'References' section of this note to see if the
 projects they require have updated.
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0033
 Launchpad Bugs :
 

security-notes/OSSN-0034

@@ -38,6 +38,7 @@ suggest you consider using an on-disk DB such as MySQL / PostgreSQL or
 perhaps look into Memcachedb.
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0034
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1182920
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0035

@@ -50,6 +50,7 @@ As always, test these configuration settings before deploying them to
 production in order to catch any bugs or errors.
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0035
 SSL Strip : http://www.thoughtcrime.org/software/sslstrip
 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1191050

security-notes/OSSN-0036

@@ -22,6 +22,7 @@ true as described in the Django documentation:
   https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SESSION_COOKIE_SECURE
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0036
 Related OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0035
 Original LaunchPad Bug : https://bugs.launchpad.net/horizon/+bug/1191051

security-notes/OSSN-0037

@@ -36,6 +36,7 @@ For Nginx, you can do this by disabling the gzip module:
   http://wiki.nginx.org/HttpGzipModule
 
 ### Contacts / References ###
+Author: Robert Clark, HP
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0037
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1209250
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0038

@@ -43,6 +43,7 @@ the cache should ascertain whether or not their vendor shipped suds package
 is susceptible and consider the above advice.
 
 ### Contacts / References ###
+Author: Tim Kelsey, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0038
 Original Launchpad Bug : https://bugs.launchpad.net/ossn/+bug/1341954
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0039

@@ -133,6 +133,7 @@ above to verify that each service is configured as expected.
 
 
 ### Contacts / References ###
+Author: Bryan D. Payne, Nebula
 This OSSN: https://wiki.openstack.org/wiki/OSSN/OSSN-0039
 Original Launchpad Bug: https://bugs.launchpad.net/ossn/+bug/1382270
 OpenStack Security ML: openstack-security@lists.openstack.org

security-notes/OSSN-0042

@@ -42,6 +42,7 @@ Concerned users are encouraged to read (OSSG member) Nathan Kinder's
 blog post on this issue and some of the potential future solutions.
 
 ### Contacts / References ###
+Author: Robert Clark, IBM
 Nathan Kinder on Token Scoping : https://blog-nkinder.rhcloud.com/?p=101
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0042
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1341816

security-notes/OSSN-0043

@@ -52,6 +52,7 @@ of places where these vulnerable functions are used, this effectively
 means that vulnerable systems must be restarted after updating glibc.
 
 ### Contacts / References ###
+Author: Doug Chivers, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0043
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1415416
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0044

@@ -30,6 +30,7 @@ Upstream patch:
 https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
 
 ### Contacts / References ###
+Author: Paul McMillan, Nebula
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0044
 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1420942
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0045

@@ -72,6 +72,7 @@ and are beyond the scope of this note. Some good starting places are
 provided below in the section: "Resources for configuring TLS options".
 
 ### Contacts / References ###
+Author: Travis McPeak, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0045
 Original LaunchPad Bug : N/A
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0046

@@ -33,6 +33,7 @@ using the debug configuration for affected services in production
 environments.
 
 ### Contacts / References ###
+Author: Robert Clark, IBM
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0046
 Original LaunchPad Bug : https://bugs.launchpad.net/ironic/+bug/1425206
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0047

@@ -113,6 +113,7 @@ identity provider specific 'Location' directives as described above in
 addition to using the new 'remote_ids' checking in the Kilo release.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0047
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1390124
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0048

@@ -56,6 +56,7 @@ deployments of glance should consider upgrading to the Juno 2014.2.4
 release.
 
 ### Contacts / References ###
+Author: Michael McCune, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0048
 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1414532
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0049

@@ -57,6 +57,7 @@ editted as follows:
     debug = False
 
 ### Contacts / References ###
+Author: Michael McCune, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0049
 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1451931
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0052

@@ -31,6 +31,7 @@ the `glance-api.conf` file:
     debug = false
 
 ### Contacts / References ###
+Author: Nathaniel Dillon, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0052
 Original LaunchPad Bug : https://bugs.launchpad.net/python-swiftclient/+bug/1470740
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0053

@@ -56,6 +56,7 @@ installations have increased token lifespans back to the old value of
 24 hours - increasing their exposure to this issue.
 
 ### Contacts / References ###
+Author: Michael McCune, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0053
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1455582
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0054

@@ -41,6 +41,7 @@ If possible, affected users should upgrade to the Kilo or newer release
 of Horizon, allowing them to use the fixed version of Django.
 
 ### Contacts / References ###
+Author: Robert Clark, IBM
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0054
 Django fix : https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
 Django CVE : CVE-2015-5143

security-notes/OSSN-0055

@@ -50,6 +50,7 @@ unexpectedly.  In particular, pay attention to unusual IPs using the
 service account.
 
 ### Contacts / References ###
+Author: Travis McPeak, HPE and Brant Knudson, IBM
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0055
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1464750
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0056

@@ -43,6 +43,8 @@ time. If this is unacceptable, reduce the cache time to reduce the
 attack window or disable token caching entirely.
 
 ### Contacts / References ###
+Author: Shellee Arnold, HPE
+Author: Dough Chivers, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0056
 Original LaunchPad Bug : https://bugs.launchpad.net/python-keystoneclient/+bug/1287301
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0057

@@ -49,6 +49,7 @@ Adding image metadata... add_image_metadata
 ---- end example glance-api.log snippet ----
 
 ### Contacts / References ###
+Author: Eric Brown, VMware
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0057
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1401170
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0058

@@ -50,6 +50,7 @@ the nodes exposing the volumes to only allow traffic through port 3260
 from nodes that will need to attach volumes.
 
 ### Contacts / References ###
+Author: Michael McCune, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0058
 Original LaunchPad Bug : https://bugs.launchpad.net/cinder/+bug/1329214
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0059

@@ -31,6 +31,7 @@ secure boot with trusted boot. At the same time, Nova team has
 discussed deprecating Trusted Filter.
 
 ### Contacts / References ###
+Author: Michael Xin, Rackspace
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0059
 Original LaunchPad Bug : https://bugs.launchpad.net/nova/+bug/1456228
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0060

@@ -43,6 +43,7 @@ it is recommended that all users ensure that `use_user_token` is left
 at the default setting (`True`) or commented out.
 
 ### Contacts / References ###
+Author: Travis McPeak, HPE
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0060
 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1493448
 OpenStack Security Documentation : https://security.openstack.org

security-notes/OSSN-0061

@@ -35,6 +35,7 @@ A specification for a fix has been proposed by the Glance development
 team and is targeted for the Mitaka release.
 
 ### Contacts / References ###
+Author: Robert Clark, IBM
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0061
 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1516031
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0062

@@ -65,6 +65,7 @@ cloud is vulnerable to this issue and you should switch to a different
 token provider.
 
 ### Contacts / References ###
+Author: Nathan Kinder, Red Hat
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0062
 Original LaunchPad Bug : https://bugs.launchpad.net/keystone/+bug/1490804
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0063

@@ -42,6 +42,7 @@ Nova and Cinder. Additionally these patches have been backported to
 stable/kilo and stable/liberty.
 
 ### Contacts / References ###
+Author: Dave McCowan, Cisco
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0063
 Original LaunchPad Bug : https://bugs.launchpad.net/glance/+bug/1523646
 OpenStack Security ML : openstack-security@lists.openstack.org

security-notes/OSSN-0064

@@ -65,6 +65,7 @@ from the API pipelines in keystone-paste.ini.
 ---- end good keystone-paste.ini snippet ----
 
 ### Contacts / References ###
+Author: Robert Clark, IBM
 This OSSN : https://wiki.openstack.org/wiki/OSSN/OSSN-0064
 Original LaunchPad Bug : https://bugs.launchpad.net/ossn/+bug/1545789
 Mailing list [Security] tag on : openstack-dev@lists.openstack.org