Mirantis OpenStack

Horizon: security implication: not using triggers for .js updates

Bug #1462248 reported by Thomas Goirand
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Fix Committed
High
MOS Packaging Team
Mirantis OpenStack 6.1
6.1.x
Fix Committed
High
Vasyl Saienko
Mirantis OpenStack 6.1
7.0.x
Fix Released
High
MOS Packaging Team
Mirantis OpenStack 7.0

Bug Description

The package should be using trigger to re-do the offline compress after a javascript library is updated. Otherwise, after a security update of a libjs-* package, Horizon will continue to use an old version of said libjs files.

Have a look into the Debian package to see how it is done if you want an example.

ruhe (ruhe)
Changed in mos:
milestone: none → 7.0
assignee: nobody → MOS Deployment Team (mos-deployment)
ruhe (ruhe)
Changed in mos:
importance: Undecided → Medium
Vasyl Saienko (vsaienko)
Changed in mos:
assignee: MOS Deployment Team (mos-deployment) → Vasyl Saienko (vsaienko)
Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to openstack-build/horizon-build (openstack-ci/fuel-7.0/2015.1.0)

Fix proposed to branch: openstack-ci/fuel-7.0/2015.1.0
Change author: Vasyl Saienko <email address hidden>
Review: https://review.fuel-infra.org/7589

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to openstack-build/horizon-build (openstack-ci/fuel-6.1/2014.2)

Fix proposed to branch: openstack-ci/fuel-6.1/2014.2
Change author: Vasyl Saienko <email address hidden>
Review: https://review.fuel-infra.org/7616

Revision history for this message
Thomas Goirand (thomas-goirand) wrote :

FYI, it looks like to me (after investigation), that for 7.0, we'll have to make new (or based on Sid) python-xstatic packages for:
- angular_mock
- bootstrap_datepicker
- font_awesome
- hogan
- jquery_migrate

and of course their corresponding libjs* packages.

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to openstack-build/horizon-build (openstack-ci/fuel-6.1/2014.2)

Reviewed: https://review.fuel-infra.org/7616
Submitter: Igor Yozhikov <email address hidden>
Branch: openstack-ci/fuel-6.1/2014.2

Commit: a9266f1fed7669160f2471bd8f11aa5dcbe9305c
Author: Vasyl Saienko <email address hidden>
Date: Tue Jun 9 13:03:54 2015

Re-do offline compress after javascript lib or xstatic package is updated

  At the moment horizon compress static files once after install.
  Adding openstack-dashboard.triggers that will re-do offline compress
  if libjs-* or xstatic package is updated

Change-Id: I39ad62d9e21fa00f60c2398a7740891dec0bf876
Closes-Bug: #1462248

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Change abandoned on openstack-build/horizon-build (openstack-ci/fuel-7.0/2015.1.0)

Change abandoned by Vasyl Saienko <email address hidden> on branch: openstack-ci/fuel-7.0/2015.1.0
Review: https://review.fuel-infra.org/7589

Revision history for this message
Igor Yozhikov (iyozhikov) wrote :

https://review.fuel-infra.org/#/c/8945/

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.