The only problem with backporting https://review.openstack.org/#/c/19567/ is that it requires people to revise their pipelines in order to deploy the new middleware. The patch here definitely fixes a relatively narrow vulnerability specifically exposed on :5000.
+1 for moving MAX_PARAM_SIZE, etc, into keystone.conf; the appropriate values will vary among deployments and need to be controlled by the end user.
The only problem with backporting https:/ /review. openstack. org/#/c/ 19567/ is that it requires people to revise their pipelines in order to deploy the new middleware. The patch here definitely fixes a relatively narrow vulnerability specifically exposed on :5000.
+1 for moving MAX_PARAM_SIZE, etc, into keystone.conf; the appropriate values will vary among deployments and need to be controlled by the end user.