lp:ubuntu/saucy-security/horizon

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

61. By Jamie Strandboge on 2014-05-05

* SECURITY UPDATE: fix XSS in Heat template description and outputs
  parameters
  - LP: #1289033
  - CVE-2014-0157

60. By Jamie Strandboge on 2013-12-03

* SECURITY UPDATE: XSS in Volumes and Network Topology pages
  - debian/patches/CVE-2013-6406: html.escape() various items in
    volumes/tables.py and volume_snapshots/tables.py
  - CVE-2013-6406 (also referred to as CVE-2013-6858)
  - LP: #1247675

59. By Chuck Short on 2013-10-16

New upstream release candidate (LP: #1240665).

58. By Chuck Short on 2013-10-15

* New upstream release candidate. (#1239156)
* debian/README.compression: Updated documenation on how to
  refresh the static assets.

57. By James Page on 2013-10-04

* d/theme/css/ubuntu.css: Refresh Ubuntu theme against new Havana
  stylesheets, fixing network and chart layouts (LP: #1235249).
* d/openstack-dashboard.postinst: Allow horizon user to read and
  write data in /var/lib/openstack-dashboard inline with user and
  group permissions set in Apache configuration.

56. By James Page on 2013-10-03

[ James Page ]
* New upstream release candidate:
  - d/static: Refreshed static assets for 2013.2~rc1.
  - d/patches: Refreshed patches.

[ Chuck Short ]
* debian/control: Add python-lesscpy as a suggests to optionally
  support online compression of static assets (LP: #1226674).

55. By James Page on 2013-10-02

* Don't use /etc/openstack-dashboard for in-process generated data
  (LP: #1233752):
  - d/openstack-dashboard.{dirs,postinst}:
    + Create /var/lib/openstack-dashboard with restricted permissions,
      allowing www-data user to write a secret_key if need be.
    + Move /etc/openstack-dashboard/secret_key to correct location if
      it already exists.
  - d/p/ubuntu_settings.patch: Use /var/lib/openstack-dashboard for
    secret key storage instead of /etc/openstack-dashboard.

54. By Adam Gandelman on 2013-09-06

* New upstream release.
* debian/control: Minimum python-openstack-auth version >= 1.1.1.
* debian/control: Add python-troveclient.
* debian/static: Refresh static assets for 2013.2~b3.
* debian/patches: ubuntu_local_settings.patch -> ubuntu_settings.patch, also
  patch location of secret key in openstack_dashboard/settings.py

53. By Adam Gandelman on 2013-09-06

* debian/patches/ubuntu_local_settings.py: Set flexible
  default for ALLOWED_HOSTS that should be changed for production
  deployments (LP: #1214982).
* Fix (LP: #1216019):
  - debian/openstack-dashboard.{postinst, postrm}: Add/remove horizon
    user. Ensure /etc/openstack-dashbard ownership.
  - debian/openstack-dashboard.conf: Run WSGIDaemonProcess as user
    horizon, set WSGIProcessGroup to horizon.
  - debian/patches/ubuntu_local_settings.py: Generate and load secret
    key from /etc/openstack-dashboard/secret_key.

52. By James Page on 2013-09-02

* d/static/*: Refresh static assets for 2013.2~b2.
* d/rules: Tweak helper for refreshing static assets to link
  local_settings.py correctly.
* d/openstack-dashboard.p*: Fix typo in configuration file name,
  ensure consistent use of tabs/spaces.