[Openstack-security] [openstack/neutron] SecurityImpact review request change I3a361d6590d1800b85791f23ac1cdfd79815341b
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Mar 11 01:20:32 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/144714
Log:
commit 4cdbefc202acc2499c253da625db48d6165b7c84
Author: abhishekkekane <abhishek.kekane at nttdata.com>
Date: Tue Oct 21 04:15:15 2014 -0700
Eventlet green threads not released back to pool
Presently, the wsgi server allows persist connections. Hence even after
the response is sent to the client, it doesn't close the client socket
connection. Because of this problem, the green thread is not released
back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
Icehouse backport note: socket_timeout was dropped, it was introduced
in 0.14[*] and Icehouse eventlet lower bound is 0.13
[*] https://github.com/eventlet/eventlet/commit/7d4916f01462de09cb58853d9de2e85777c2ad5b
DocImpact:
Added wsgi_keep_alive option (default=True).
SecurityImpact
Closes-Bug: #1361360
Change-Id: I3a361d6590d1800b85791f23ac1cdfd79815341b
(cherry picked from commit 8e7a0dbb12082f6159d98a4628fb8a6fcd05e95a)
More information about the Openstack-security
mailing list