[Openstack-security] [openstack/glance] SecurityImpact review request change I93aaca24935a4f3096210233097dd6b8c5440176
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Mar 11 10:40:49 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/162964
Log:
commit d569ed9db9dc1941ef74d38f85f8f67a85ff10b0
Author: abhishekkekane <abhishek.kekane at nttdata.com>
Date: Tue Oct 21 04:39:59 2014 -0700
Eventlet green threads not released back to pool
Presently, the wsgi server allows persist connections. Hence even after
the response is sent to the client, it doesn't close the client socket
connection. Because of this problem, the green thread is not released
back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
DocImpact:
Added http_keepalive option (default=True).
Conflicts:
doc/source/configuring.rst
etc/glance-api.conf
glance/common/wsgi.py
glance/tests/unit/test_opts.py
SecurityImpact
Closes-Bug: #1361360
Change-Id: I93aaca24935a4f3096210233097dd6b8c5440176
(cherry picked from commit 16a821e00d15520d2f6e940e184bd289b8782620)
More information about the Openstack-security
mailing list