On Thu, Mar 27, 2014 at 10:13 AM, Dolph Mathews <dolph.mathews at gmail.com>wrote: > Hello, everyone! > > python-keystoneclient 0.7.0 and 0.7.1 were both released in the past 24 > hours. > > v0.7.0 [1] contains a pair of critical fixes, one of which is security > related. The highlights include: > > - Fixed a critical security vulnerability (OSSA 2014-007 [2]) as detailed > in bug 1282865 [3] and patched in bug 1289074 [4]. Deploying > keystoneclient.middleware.auth_token with memcached as the caching backend > in an environment using an unpatched thread module (i.e. failing to call > `eventlet.patcher.monkey_patch(thread=True)`) no longer results in > authentication contexts being "confused" between simultaneous requests. > > - Fixed a race condition in keystoneclient.middleware.auth_token for PKI > deployments resulting in spurious 401 Unauthorized responses being returned > to end users (bug 1285833 [5]). > > - Fixed an issue that resulted in leaving hanging connections to keystone > (bug 1282089) > > v0.7.1 [6] includes a workaround to allow the v3 Python library to work > with deployments configured to advertise a v2.0-versioned identity endpoint > in their service catalogs. > > Upgrading to the latest client is *strongly* recommended. As always, the > latest client is available on PyPi [7]. > > Thanks! > I just noticed that I numbered most of the links in the original footer incorrectly, as there are two [2] links, resulting in the rest being off by one. The correct numbering as they correspond to the body: [1] https://launchpad.net/python-keystoneclient/+milestone/0.7.0 [2] http://lists.openstack.org/pipermail/openstack/2014-March/006237.html [3] https://bugs.launchpad.net/bugs/1282865 [4] https://bugs.launchpad.net/bugs/1289074 [5] https://bugs.launchpad.net/bugs/1285833 [6] https://launchpad.net/python-keystoneclient/+milestone/0.7.1 [7] https://pypi.python.org/pypi/python-keystoneclient/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140327/63b6605a/attachment.html>