Glance

  1. Bug #1489902
  2. Comment #2

Comment 2 for bug 1489902

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/218379
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=0a9611962d0fb6bdffa9c65c9021ff96972eda90
Submitter: Jenkins
Branch: master

commit 0a9611962d0fb6bdffa9c65c9021ff96972eda90
Author: Alexander Tivelkov <email address hidden>
Date: Fri Aug 28 19:10:04 2015 +0300

    Fixed non-owner write-access to artifacts

    There was no check for write-access priviledges during all the
    mutating operations with artifacts (updates, patches, deletes,
    actiovations etc), so any user who has an access to an artifact could
    modify it. Because of this, non-owners could modify public artifacts
    which was a major security issue.

    Now this is addressed and an appropriate set of tests added to
    prevent possible regressions.

    FastTrack
    Change-Id: I2f4c2d70b74ae39ababed2ba9b97559ef5ea6d6c
    Closes-bug: #1489902