We are gleeful to announce the release of: keystone 26.1.0 This release is part of the dalmatian release series. The source is available from: https://opendev.org/openstack/keystone Download the package from: https://tarballs.openstack.org/keystone/ Please report issues through: https://bugs.launchpad.net/keystone/+bugs For more details, please see below. 26.1.0 ^^^^^^ New Features ************ * A new module, "keystone.wsgi", has been added as a place to gather WSGI "application" objects. This is intended to ease deployment by providing a consistent location for these objects. For example, if using uWSGI then instead of: [uwsgi] wsgi-file = /bin/keystone-wsgi-public You can now use: [uwsgi] module = keystone.wsgi.api:application This also simplifies deployment with other WSGI servers that expect module paths such as gunicorn. Security Issues *************** * A potential security related issue is fixed where a token of the user from a read-only backend (i.e. LDAP) continues being accepted after the user is disabled in the backend. This is caused by the fact that Keystone does not receive any notification for that and is not able to revoke such tokens. See https://bugs.launchpad.net/keystone/+bug/2122615 for details. Changes in keystone 26.0.0..26.1.0 ---------------------------------- 489e170f8 Invalidate token of user disabled in readonly backend aea59e311 Add service user authentication to ec2 and s3 endpoints eaf73231a Add new keystone.wsgi module daaf698ba Ignore typing on the single import b6b480db9 Fix DB migrations after alembic integration 47891f4ae Update mod_openidc config for devstack 102821492 Update TOX_CONSTRAINTS_FILE for stable/2024.2 e3fa46811 Update .gitreview for stable/2024.2 Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + devstack/files/oidc/apache_oidc.conf | 8 +++-- httpd/keystone-uwsgi-admin.ini | 2 +- httpd/keystone-uwsgi-public.ini | 2 +- keystone/api/ec2tokens.py | 8 ++++- keystone/api/s3tokens.py | 7 ++++- keystone/cmd/cli.py | 2 +- keystone/common/policies/__init__.py | 4 +++ keystone/common/policies/ec2tokens.py | 34 ++++++++++++++++++++ keystone/common/policies/s3tokens.py | 36 ++++++++++++++++++++++ keystone/common/sql/upgrades.py | 17 ++++++++++ keystone/token/provider.py | 25 +++++++++++++++ keystone/wsgi/__init__.py | 0 keystone/wsgi/api.py | 22 +++++++++++++ .../add-keystone-wsgi-module-afae3f86df07eca9.yaml | 22 +++++++++++++ ...led-user-readonly-backend-5fa09c3e40e8d795.yaml | 8 +++++ tox.ini | 8 ++--- 24 files changed, 251 insertions(+), 29 deletions(-)