[openstack-dev] [release][keystone] keystonemiddleware release 4.1.0 (mitaka)

doug at doughellmann.com doug at doughellmann.com
Wed Jan 13 17:21:17 UTC 2016


We are tickled pink to announce the release of:

keystonemiddleware 4.1.0: Middleware for OpenStack Identity

This release is part of the mitaka release series.

With source available at:

    http://git.openstack.org/cgit/openstack/keystonemiddleware

With package available at:

    https://pypi.python.org/pypi/keystonemiddleware

Please report issues through launchpad:

    http://bugs.launchpad.net/keystonemiddleware

For more details, please see below.

4.1.0
^^^^^


New Features
************

* [bug 1490804 (https://bugs.launchpad.net/keystone/+bug/1490804)]
  The auth_token middleware validates the token's audit IDs during
  offline token validation if the Identity server includes audit IDs
  in the token revocation list.


Security Issues
***************

* [bug 1490804 (https://bugs.launchpad.net/keystone/+bug/1490804)]
  [CVE-2015-7546 (http://cve.mitre.org/cgi-
  bin/cvename.cgi?name=CVE-2015-7546)] A bug is fixed where an
  attacker could avoid token revocation when the PKI or PKIZ token
  provider is used. The complete remediation for this vulnerability
  requires the corresponding fix in the Identity (keystone) project.


Bug Fixes
*********

* [bug 1523311
  (https://bugs.launchpad.net/keystonemiddleware/+bug/1523311)] Do not
  list deprecated opts in sample config.

* [bug 1333951
  (https://bugs.launchpad.net/keystonemiddleware/+bug/1333951)] Add
  support for parsing AWS v4 for ec2.

* [bug 1423973
  (https://bugs.launchpad.net/keystonemiddleware/+bug/1423973)] Use
  oslo.config choices for config options.


Changes in keystonemiddleware 4.0.0..4.1.0
------------------------------------------

45f3790 Add project_name to the auth_token fixture
9911497 Revert "Stop using private keystoneclient functions"
9d4077c create release notes for ksm 4.1.0
5ba3d06 Don't cache signed tokens
f27d7f7 Disable memory caching of tokens
bff30bc Updated from global requirements
39560c7 Use oslo_config choices support
96f6668 Stop using private keystoneclient functions
80fd21b Use fixture for mock patch
96ab58e auth_token verify revocation by audit_id
bc70346 Updated from global requirements
7585fec Deprecated tox -downloadcache option removed
4450baf Updated from global requirements
54cba09 Make BaseAuthProtocol public
698b00d Configuration is outdated
c14b80e Updated from global requirements
0a0721a Use keystoneauth for auth_token fixture
41baa73 Don't list deprecated opts in sample config
75d571b Updated from global requirements
ecc52be Put py34 first in the env order of tox
9390329 Adding parse of protocol v4 of AWS auth to ec2_token

Diffstat (except docs and test files)
-------------------------------------

examples/pki/cms/auth_token_scoped.json            |   5 +-
examples/pki/cms/auth_token_scoped.pem             | 148 ++++++++--------
examples/pki/cms/auth_token_scoped.pkiz            |   2 +-
examples/pki/cms/auth_v3_token_scoped.json         |   3 +
examples/pki/cms/auth_v3_token_scoped.pem          | 190 +++++++++++----------
examples/pki/cms/auth_v3_token_scoped.pkiz         |   2 +-
keystonemiddleware/auth_token/__init__.py          | 100 ++++++-----
keystonemiddleware/auth_token/_auth.py             |   5 +-
keystonemiddleware/auth_token/_cache.py            |  86 ++++++++--
keystonemiddleware/auth_token/_revocations.py      |  22 +++
keystonemiddleware/ec2_token.py                    | 155 +++++++++++++----
keystonemiddleware/fixture.py                      |  26 ++-
keystonemiddleware/openstack/__init__.py           |   0
keystonemiddleware/openstack/common/__init__.py    |   0
keystonemiddleware/openstack/common/memorycache.py |  97 -----------
.../unit/auth_token/test_auth_token_middleware.py  |  89 ++++++++--
openstack-common.conf                              |   1 -
.../notes/bug-1490804-87c0ff8e764945c1.yaml        |  15 ++
releasenotes/notes/ksm_4.1.0-3cd78446d8e63616.yaml |  11 ++
requirements.txt                                   |  10 +-
test-requirements.txt                              |   6 +-
tox.ini                                            |   5 +-
29 files changed, 886 insertions(+), 418 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index 1f5d396..e05c8f1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,2 +6,2 @@ Babel>=1.3
-keystoneauth1>=1.0.0
-oslo.config>=2.7.0 # Apache-2.0
+keystoneauth1>=2.1.0
+oslo.config>=3.2.0 # Apache-2.0
@@ -11 +11 @@ oslo.serialization>=1.10.0 # Apache-2.0
-oslo.utils>=2.8.0 # Apache-2.0
+oslo.utils>=3.2.0 # Apache-2.0
@@ -13 +13 @@ pbr>=1.6
-pycadf>=1.1.0
+pycadf!=2.0.0,>=1.1.0
@@ -15 +15 @@ python-keystoneclient!=1.8.0,>=1.6.0
-requests>=2.8.1
+requests!=2.9.0,>=2.8.1
diff --git a/test-requirements.txt b/test-requirements.txt
index 42da45d..5547a9d 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -13,3 +13,3 @@ oslotest>=1.10.0 # Apache-2.0
-oslo.messaging!=2.8.0,>2.6.1 # Apache-2.0
-reno>=0.1.1  # Apache2
-requests-mock>=0.6.0 # Apache-2.0
+oslo.messaging!=2.8.0,!=3.1.0,>2.6.1 # Apache-2.0
+reno>=0.1.1 # Apache2
+requests-mock>=0.7.0 # Apache-2.0





More information about the OpenStack-dev mailing list