OpenStack Identity (keystone)

  1. Bug #1098307
  2. Comment #29

Comment 29 for bug 1098307

Revision history for this message
Dolph Mathews (dolph) wrote : Re: unauthenticated POST to /tokens can fill up disk/logs

The only problem with backporting https://review.openstack.org/#/c/19567/ is that it requires people to revise their pipelines in order to deploy the new middleware. The patch here definitely fixes a relatively narrow vulnerability specifically exposed on :5000.

+1 for moving MAX_PARAM_SIZE, etc, into keystone.conf; the appropriate values will vary among deployments and need to be controlled by the end user.