Comment 51 for bug 1873290
Revision history for this message
| Jeremy Stanley (fungi) wrote Re: [Bug 1873290] Re: [OSSA-2020-005] OAuth1 request token authorize silently ignores roles parameter (CVE-2020-12690) | #51 |
On 2020-07-10 03:02:14 -0000 (-0000), jichenjc wrote:
[...]
> we are still maintaining internal newton code which is before the
> refactory will that be affect by this issue or not? can you help
> to comment? THanks
You may find it much easier to backport the fix from the stable/pike
branch:
https:/
Checking out the newton-eol tag, `git cherry-pick 7653847` applies
cleanly for me with no conflicts. Note I have not tested this patch
on Newton, and you might want additional feedback from Keystone devs
as to whether this is safe (or even necessary) on Newton.
--
Jeremy Stanley