Hi, I'd like you to take a look at this patch for potential SecurityImpact. https://review.openstack.org/255067 Log: commit 97ab609a34a0f6a66d7e1089058b97720e1cc1de Author: Kota Tsuyuzaki <tsuyuzaki.kota at lab.ntt.co.jp> Date: Wed Nov 25 14:16:06 2015 -0800 Fix date validation According to [1] when an Authorization header is specified, either a Date or x-amz-date header needs to be specified, with the x-amz-date header taking precedence. Now, the x-amz-date header is validated first, and if both headers are missing, an AccessDenied error should be returned. This should prevent replay attacks occurring on valid requests that are missing the Date header. [1] http://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders. html Closes-Bug: 1497424 SecurityImpact [CVE-2015-8466] Co-Authored-By: Darryl Tam <dtam at swiftstack.com> Change-Id: Ibeff8503fa147e1cf08c1b5374aecee7a4c0bee2