We are thrilled to announce the release of: openstack-ansible-os_keystone 16.0.4: os_keystone for OpenStack Ansible This release is part of the pike release series. Download the package from: https://tarballs.openstack.org/openstack-ansible-os_keystone/ For more details, please see below. 16.0.4 ^^^^^^ Security Issues * The following headers were added as additional default (and static) values. *X-Content-Type-Options nosniff*, *X-XSS-Protection "1; mode=block"*, and *Content-Security-Policy "default-src 'self' https: wss:;"*. Additionally, the *X-Frame-Options DENY* header was added, defaulting to DENY. You may override the header via the *keystone_x_frame_options* variable. Changes in openstack-ansible-os_keystone 16.0.3..16.0.4 ------------------------------------------------------- 51288a1 Updated from OpenStack Ansible Tests bb64d2b Add security headers to web accessable services. 0acd951 Remove unified queue from gate pipeline cf7cef7 Bypass web server during service setup ad377d2 Initial OSA zuul v3 role jobs Diffstat (except docs and test files) ------------------------------------- .../add-security-headers-e46c205b42b9598b.yaml | 8 ++++ tasks/keystone_service_setup.yml | 27 ++++-------- templates/keystone-httpd.conf.j2 | 6 +++ templates/keystone_nginx.conf.j2 | 5 +++ vars/suse-42.yml | 2 + vars/ubuntu-16.04.yml | 2 + zuul.d/jobs.yaml | 48 ++++++++++++++++++++++ zuul.d/project.yaml | 37 +++++++++++++++++ 10 files changed, 143 insertions(+), 38 deletions(-)