[Openstack] python-keystoneclient 0.7.0 (and 0.7.1) released to PyPi

Dolph Mathews dolph.mathews at gmail.com
Thu Mar 27 15:13:49 UTC 2014


Hello, everyone!

python-keystoneclient 0.7.0 and 0.7.1 were both released in the past 24
hours.

v0.7.0 [1] contains a pair of critical fixes, one of which is security
related. The highlights include:

- Fixed a critical security vulnerability (OSSA 2014-007 [2]) as detailed
in bug 1282865 [3] and patched in bug 1289074 [4]. Deploying
keystoneclient.middleware.auth_token with memcached as the caching backend
in an environment using an unpatched thread module (i.e. failing to call
`eventlet.patcher.monkey_patch(thread=True)`) no longer results in
authentication contexts being "confused" between simultaneous requests.

- Fixed a race condition in keystoneclient.middleware.auth_token for PKI
deployments resulting in spurious 401 Unauthorized responses being returned
to end users (bug 1285833 [5]).

- Fixed an issue that resulted in leaving hanging connections to keystone
(bug 1282089)

v0.7.1 [6] includes a workaround to allow the v3 Python library to work
with deployments configured to advertise a v2.0-versioned identity endpoint
in their service catalogs.

Upgrading to the latest client is *strongly* recommended. As always, the
latest client is available on PyPi [7].

Thanks!

[1] https://launchpad.net/python-keystoneclient/+milestone/0.7.0
[2] http://lists.openstack.org/pipermail/openstack/2014-March/006237.html
[2] https://bugs.launchpad.net/bugs/1282865
[3] https://bugs.launchpad.net/bugs/1289074
[4] https://bugs.launchpad.net/bugs/1285833
[5] https://launchpad.net/python-keystoneclient/+milestone/0.7.1
[6] https://pypi.python.org/pypi/python-keystoneclient/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140327/5a666d67/attachment.html>


More information about the Openstack mailing list