Removed the OSSA task and marking invalid. ** Changed in: ossa Status: Incomplete => Invalid ** No longer affects: ossa ** Changed in: nova Status: Incomplete => Invalid -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1511541 Title: Possible incomplete fix for OSSA-2015-005 Status in OpenStack Compute (nova): Invalid Bug description: Multiple reports that the fix for [OSSA 2015-005] Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259) is incomplete. https://bugs.launchpad.net/nova/+bug/1409142/comments/146 https://bugs.launchpad.net/nova/+bug/1409142/comments/149 Further investigation is needed. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1511541/+subscriptions