[release-announce] [keystone] keystone 10.0.3 (newton)

no-reply at openstack.org no-reply at openstack.org
Wed Jul 26 04:55:12 UTC 2017


We exuberantly announce the release of:

keystone 10.0.3: OpenStack Identity

This release is part of the newton stable release series.

Download the package from:

    https://tarballs.openstack.org/keystone/

For more details, please see below.

10.0.3
^^^^^^


Security Issues
***************

* [bug 1703369 (https://bugs.launchpad.net/keystone/+bug/1703369)]
  There was a typo for the identity:get_identity_provider rule in the
  default "policy.json" file in previous releases. The default value
  for that rule was the same as the default value for the default rule
  (restricted to admin) so this typo was not readily apparent. Anyone
  customizing this rule should review their settings and confirm that
  they did not copy that typo. More context regarding the purpose of
  this backport can be found in the bug report.


Bug Fixes
*********

* [bug 1616424 (https://bugs.launchpad.net/keystone/+bug/1616424)]
  Python build-in exception was raised if create request token or
  access token request from client with invalid request parameters,
  invalid signature for example. The implementation is hardened by
  showing proper exception and displaying the failure reasons if
  existent.

* [bug 1689616 (https://bugs.launchpad.net/keystone/+bug/1649616)]
  Significant improvements have been made when performing a token
  flush on massive data sets.

* [bug 1687593 (https://bugs.launchpad.net/keystone/+bug/1687593)]
  Ensure that the URL used to make the request when creating OAUTH1
  request tokens is also the URL that verifies the request token.

* [bug 1571878 (https://bugs.launchpad.net/keystone/+bug/1571878)] A
  valid "mapping_id" is now required when creating or updating a
  federation protocol. If the "mapping_id" does not exist, a "400 -
  Bad Request" will be returned.

Changes in keystone 10.0.2..10.0.3
----------------------------------

bd49c3e fix identity:get_identity_providers typo
f20f442 Add a release note for bug 1687593
8d3758f Change url scheme passed to oauth signature verifier
48a5336 Handle token exception and use proper url for verification
058ea42 Fixing flushing tokens workflow
057d585 Validate mapping exists when creating/updating a protocol
8726573 Fix keystone-manage mapping_engine tester


Diffstat (except docs and test files)
-------------------------------------

.../v3-ext/federation/identity-provider/idp.inc    |   2 +
etc/policy.json                                    |   2 +-
etc/policy.v3cloudsample.json                      |   2 +-
keystone/cmd/cli.py                                |  84 ++++++----
keystone/federation/core.py                        |  16 ++
keystone/oauth1/controllers.py                     |  82 +++++++---
keystone/oauth1/validator.py                       |   6 +-
keystone/token/persistence/backends/sql.py         |  16 +-
.../api/identity/v3/test_identity_providers.py     |  20 ++-
.../notes/bug-1616424-c46ba773f7ac40ae.yaml        |   8 +
.../notes/bug-1649616-b835d1dac3401e8c.yaml        |   6 +
.../notes/bug-1687593-95e1568291ecd70b.yaml        |   6 +
.../notes/bug-1703369-9a901d627a1e0316.yaml        |  11 ++
...s-for-federation-protocol-1bcaea5337905af0.yaml |   7 +
20 files changed, 480 insertions(+), 73 deletions(-)







More information about the Release-announce mailing list