[Openstack-security] [openstack/cinder] SecurityImpact review request change Ic57b2aceb136e8626388cfe4df72b2f47cb0661c
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Dec 2 13:37:00 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/138365
Log:
commit 4041d30611baa476d33627f5078d5bcc12ef50eb
Author: abhishekkekane <abhishek.kekane at nttdata.com>
Date: Tue Oct 21 02:31:15 2014 -0700
Eventlet green threads not released back to pool
Presently, the wsgi server allows persist connections hence even after
the response is sent to the client, it doesn't close the client socket
connection.
Because of this problem, the green thread is not released back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
DocImpact:
Added wsgi_keep_alive option (default=True).
In order to maintain the backward compatibility, setting wsgi_keep_alive
as True by default. Recommended is set it to False.
Conflicts:
cinder/wsgi.py
etc/cinder/cinder.conf.sample
SecurityImpact
Closes-Bug: #1361360
Change-Id: Ic57b2aceb136e8626388cfe4df72b2f47cb0661c
(cherry picked from commit fc87da7eeb3451e139ee71b31095d0b9093332ce)
More information about the Openstack-security
mailing list