Created by Yolanda Robla and last modified
Get this branch:
bzr branch lp:~yolanda.robla/horizon/precise-security
Only Yolanda Robla can upload to this branch. If you are Yolanda Robla please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Yolanda Robla
OpenStack Dashboard (Horizon)

Recent revisions

30. By Yolanda Robla

updated changelog

29. By Yolanda Robla

* Resynchronize with stable/essex (LP: #1089488)
  - [7e651d7] stable/essex horizon installs unusable version of glance
    (LP: #1057125)
  - [35eada8] open redirect / phishing attack via "next" parameter
    (LP: #1039077)
  - [8889311] TypeError when trying to delete an unnamed volume via dashboard
    (LP: #1031291)
  - [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
  - [9b22d68] When adding ICMP rule, the type/code is being validated as
    from/to ports (LP: #997669)
  - [52bbba1] Added --only-selenium option in run_tests.sh
* Dropped patches, superseeded by new snapshot:
  - debian/patches/CVE-2012-3540.patch [35eada8]

28. By Yolanda Robla

New upstream release.

27. By Steve Beattie

* SECURITY UPDATE: open redirect / phishing attack via "next"
  parameter (LP: #1039077)
  - debian/patches/CVE-2012-3540.patch: disallow redirects to anywhere
    other than the same origin
  - CVE-2012-3540

26. By Jamie Strandboge

* SECURITY UPDATE: fix XSS when refreshing logs
  - debian/patches/CVE-2012-2094.patch: interpret logs as text
  - CVE-2012-2094
* SECURITY UPDATE: fix session fixation and reuse
  - debian/patches/CVE-2012-2144.patch: properly verify existing session and
    also log user out on error
  - CVE-2012-2144

25. By Dave Walker

* debian/control: Added memcached as a Recommends of python-django-horizon,
  to ensure a memcached is running and can be used via default install.
  - LP: #988435

24. By Dave Walker

debian/patches/use-memcache.patch: Use memcache for session engine by
default to avoid frequent logouts, as sessions are not shared across
workers. LP: #968850

23. By Adam Gandelman

[ Adam Gandelman ]
* debian/openstack-dashboard.links: Create symlink to horizon's static js
  files. (LP: #987535)

[ Jamie Strandboge ]
* debian/control: don't Build-Depends on python-cherrypy3. It is used by
  only the dashboard tests and they are disabled in Ubuntu builds

22. By Dave Walker

[ Adam Gandelman ]
* debian/patches/turn-off-debug.patch: Enable again
* debian/openstack-dashboard.conf: Add an Alias mapping '/static'
  to '/usr/share/opensack-dashboard/openstack_dashboard/static/'
  (LP: #980787)
* debian/patches/allow_alternate_css.patch: Allow loading of ubuntu.css
  and favicon if they exists
* debian/control: Drop libjs-jquery dependencies

[ Dave Walker (Daviey) ]
* debian/control: Drop duplicate depends python-cloudfiles.

21. By Chuck Short

debian/patches/turn-off-debug.patch; Reverted, breaks CSS templates.
(LP: #980787)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.