| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| fixed-horizon-MANIFEST.in.patch | Fixed horizon MANIFEST.in =================================================================== |
Thomas Goirand <zigo@debian.org> | not-needed | 2015-09-26 | ||
| fix-manage.py-sheebang.patch | Fix manage.py sheebang | Thomas Goirand <zigo@debian.org> | no | 2018-02-24 | ||
| Dont_load_user_role_assignment_or_groups_tabs_for_non-admins.patch | Don't load user role assignment or groups tabs for non-admins As a non admin user, navigate to Identity -> Users. Then click on the username of your user to go to the detail page. . Only the allowed Overview tab is visible. . The view shows three tabs: Overview, Role assignments, Groups. Click on either Role assignments or Groups. An error will appear, showing that the API call is unauthorised, and the table content will fail to load. . This change fixes the issue by conditionally loading the tabs based on policy. =================================================================== |
Mark Goddard <mark@stackhpc.com> | no | upstream, https://review.opendev.org/c/openstack/horizon/+/783547 | 2021-07-14 | |
| do-not-create-volume-by-default-when-launching-instance.patch | Do not create volume by default when launching instance By default, Horizon creates a volume and wants users to boot from it, which is not what a user should do by default. This patch restors sanity in the default behavior. =================================================================== |
Thomas Goirand <zigo@debian.org> | no | 2021-07-14 | ||
| relax-python-yaml-depends.patch | Relax pyaml requirements =================================================================== |
Thomas Goirand <zigo@debian.org> | not-needed | 2022-03-27 | ||
| django-4.x-csrf-reasons.patch | Django 4.x CSRF reasons =================================================================== |
no | debian | 2022-06-29 | ||
| Make-site_branding-tag-work-with-Django-4.0.patch | Make site_branding tag work with Django 4.0 A test for site_branding tag starts to fail with Django 4.0. It seems to happen as settings.SITE_BRANDING is _("Horizon") and a translation marker _() is no longer evaluated during rendering. . As a solution, this commit changes the implementation of site_branding tag to use "simple_tag" method as django.template.Library.simple_tag() [1] seems to handle an i18n-ed string properly. . [1] https://docs.djangoproject.com/en/4.0/howto/custom-template-tags/#simple-tags diff --git a/horizon/templatetags/branding.py b/horizon/templatetags/branding.py index 3c208fd..23771b9 100644 |
Akihiro Motoki <amotoki@gmail.com> | yes | upstream | upstream, https://review.opendev.org/c/openstack/horizon/+/851262 | 2022-07-28 |
| remove-test_rbac_panels.patch | Remove test_rbac_panels() This unit test fails in autopkgtest. My previous attempt to blacklist this test in d/tests/unittests failed, so I'm taking the easy path, by simply completely removing this test. Further investigation needed. |
Thomas Goirand <zigo@debian.org> | not-needed | 2022-10-14 | ||
| CVE-2022-45582_Fix_success_url_parameter_issue_for_Edit_Snapshot.patch | CVE-2022-45582 Fix success_url parameter issue for Edit Snapshot The "success_url" param is used when updating the project snapshot [1] and it lacks sanitizing the input URL that allows an attacker to redirect the user to another website. This patch update 'Updateview' class to not use the "sucess_url" method. diff --git a/openstack_dashboard/dashboards/project/snapshots/views.py b/openstack_dashboard/dashboards/project/snapshots/views.py index 7efc4a8..faf7279 100644 |
manchandavishal <manchandavishal143@gmail.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/horizon/+/862899 | 2023-09-05 |