Hi, I'd like you to take a look at this patch for potential SecurityImpact. https://review.openstack.org/255067 Log: commit 378b35efd265b28167895b30d15819876aac7ea5 Author: Kota Tsuyuzaki <tsuyuzaki.kota at lab.ntt.co.jp> Date: Wed Nov 25 14:16:06 2015 -0800 Fix date validation According to [1] when an Authorization header is specified, either a Date or x-amz-date header needs to be specified, with the x-amz-date header taking precedence. Now, the x-amz-date header is validated first, and if both headers are missing, an AccessDenied error should be returned. This should prevent replay attacks occurring on valid requests that are missing the Date header. [1] http://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders. html Closes-Bug: 1497424 SecurityImpact [CVE-2015-8466] Co-Authored-By: Darryl Tam <dtam at swiftstack.com> Change-Id: Ibeff8503fa147e1cf08c1b5374aecee7a4c0bee2