lp:~yolanda.robla/horizon/precise-security

Created by Yolanda Robla on 2013-04-24 and last modified on 2013-04-24
Get this branch:
bzr branch lp:~yolanda.robla/horizon/precise-security
Only Yolanda Robla can upload to this branch. If you are Yolanda Robla please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Yolanda Robla
Project:
OpenStack Dashboard (Horizon)
Status:
Development

Recent revisions

30. By Yolanda Robla on 2013-04-24

updated changelog

29. By Yolanda Robla on 2013-04-24

* Resynchronize with stable/essex (LP: #1089488)
  - [7e651d7] stable/essex horizon installs unusable version of glance
    (LP: #1057125)
  - [35eada8] open redirect / phishing attack via "next" parameter
    (LP: #1039077)
  - [8889311] TypeError when trying to delete an unnamed volume via dashboard
    (LP: #1031291)
  - [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
  - [9b22d68] When adding ICMP rule, the type/code is being validated as
    from/to ports (LP: #997669)
  - [52bbba1] Added --only-selenium option in run_tests.sh
* Dropped patches, superseeded by new snapshot:
  - debian/patches/CVE-2012-3540.patch [35eada8]

28. By Yolanda Robla on 2013-04-24

New upstream release.

27. By Steve Beattie on 2012-08-30

* SECURITY UPDATE: open redirect / phishing attack via "next"
  parameter (LP: #1039077)
  - debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
    other than the same origin
  - CVE-2012-3540

26. By Jamie Strandboge on 2012-05-02

* SECURITY UPDATE: fix XSS when refreshing logs
  - debian/patches/CVE-2012-2094.patch: interpret logs as text
  - CVE-2012-2094
* SECURITY UPDATE: fix session fixation and reuse
  - debian/patches/CVE-2012-2144.patch: properly verify existing session and
    also log user out on error
  - CVE-2012-2144

25. By Dave Walker on 2012-04-25

* debian/control: Added memcached as a Recommends of python-django-horizon,
  to ensure a memcached is running and can be used via default install.
  - LP: #988435

24. By Dave Walker on 2012-04-25

debian/patches/use-memcache.patch: Use memcache for session engine by
default to avoid frequent logouts, as sessions are not shared across
workers. LP: #968850

23. By Adam Gandelman on 2012-04-24

[ Adam Gandelman ]
* debian/openstack-dashboard.links: Create symlink to horizon's static js
  files. (LP: #987535)

[ Jamie Strandboge ]
* debian/control: don't Build-Depends on python-cherrypy3. It is used by
  only the dashboard tests and they are disabled in Ubuntu builds

22. By Dave Walker on 2012-04-23

[ Adam Gandelman ]
* debian/patches/turn-off-debug.patch: Enable again
* debian/openstack-dashboard.conf: Add an Alias mapping '/static'
  to '/usr/share/opensack-dashboard/openstack_dashboard/static/'
  (LP: #980787)
* debian/patches/allow_alternate_css.patch: Allow loading of ubuntu.css
  and favicon if they exists
* debian/control: Drop libjs-jquery dependencies

[ Dave Walker (Daviey) ]
* debian/control: Drop duplicate depends python-cloudfiles.

21. By Chuck Short on 2012-04-13

debian/patches/turn-off-debug.patch; Reverted, breaks CSS templates.
(LP: #980787)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers