| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| no-intersphinx.patch | No intersphinx. =================================================================== |
Thomas Goirand <zigo@debian.org> | not-needed | 2017-10-05 | ||
| CVE-2022-2447_Remove_cache_invalidation_when_using_expired_token.patch | Remove cache invalidation when using expired token This can create a race condition for long running services that reuse their token (eg. Kubernetes Cinder CSI plugin) in this case for example: . 1 [user] Asks nova to attach a volume to a server 2 ...the user's token expires 3 [user] Asks cinder if the volume has been attached 4 [nova] Asks cinder to attach the volume . In step 3 the token is marked as invalid in the cache and step 4 fails even if allow_expired is true diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py index 0feed6f..ddb2ddc 100644 |
Jorge Merlino <jorge.merlino@canonical.com> | yes | upstream | upstream, https://review.opendev.org/c/openstack/keystonemiddleware/+/860481 | 2022-10-05 |