Dolph Mathews wrote: > Dan Prince also wrote a more specific fix for the same issue and > backported it to essex here: > https://bugs.launchpad.net/keystone/+bug/1098307 Indeed, we didn't backport the size-limiting middleware because we don't backport new features as part of security vulnerability fixes (following what distributions security teams accept). As mentioned in the advisory, the fix for CVE-2013-0270 in Essex is here: https://review.openstack.org/#/c/21216/ -- Thierry Carrez (ttx) Release Manager, OpenStack