Comment 51 for bug 1274034
Revision history for this message
| George Shuklin (george-shuklin) wrote | #51 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Formally: There is a security hole in Openstack and it will not be closed for the nearest half of the year and will not applied to existing supporting installation.
I do not understand why fix to _SECURITY_ bug is rejected because it will change behaviour? Obviously it will change behaviour, it will break ability for malicious user to break multitenancy in Openstack.
Please, care about malicious hackers, please do not port security fixes to the existing versions! Otherwise they would find that Openstack is no longer vulnerable.