[Openstack-security] [openstack/manila] SecurityImpact review request change If9241e6f6ba10592a64ca312cb479e8cea929913
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Jul 23 11:22:10 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/204705
Log:
commit e2278d030de44f011d9b3782add42d2b5e5652c2
Author: Valeriy Ponomaryov <vponomaryov at mirantis.com>
Date: Wed Jul 22 20:30:42 2015 +0300
Eventlet green threads not released back to pool
Presently, the wsgi server allows persist connections hence even after the
response is sent to the client, it doesn't close the client socket connection.
Because of this problem, the green thread is not released back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
DocImpact:
Added wsgi_keep_alive option (default=True).
In order to maintain the backward compatibility, setting wsgi_keep_alive
as True by default. Recommended is set it to False.
This is port of Cinder change - [1]
[1] Ic57b2aceb136e8626388cfe4df72b2f47cb0661c
SecurityImpact
Closes-Bug: #1361360
Change-Id: If9241e6f6ba10592a64ca312cb479e8cea929913
More information about the Openstack-security
mailing list