Hi, I'd like you to take a look at this patch for potential SecurityImpact. https://review.openstack.org/255067 Log: commit 08613ec46097917219e714fae08692ada6fcecd8 Author: Kota Tsuyuzaki <tsuyuzaki.kota at lab.ntt.co.jp> Date: Wed Nov 25 14:16:06 2015 -0800 Fix date validation According to [1] when an Authorization header is specified, either a Date or x-amz-date header needs to be specified, with the x-amz-date header taking precedence. Now, the x-amz-date header is validated first, and if both headers are missing, an AccessDenied error should be returned. This should prevent replay attacks occurring on valid requests that are missing the Date header. [1] http://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders. html N.B. This also fixes some pylint issues and dependencies Closes-Bug: 1497424 SecurityImpact [CVE-2015-8466] Co-Authored-By: Darryl Tam <dtam at swiftstack.com> Co-Authored-By: Tim Burke <tim.burke at gmail.com> Change-Id: Ibeff8503fa147e1cf08c1b5374aecee7a4c0bee2