Glance

Location information still showing in calls to HEAD|GET /images/<ID>

Bug #860862 reported by Jay Pipes on 2011-09-27

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Glance	Fix Released	High	Jay Pipes	Glance 2012.1 "essex"
	Diablo	Fix Released	Undecided	Unassigned	Glance 2011.3.1

X-Image-Meta-Location header is still leaking security creds for the show() and meta() methods of the images controller!

Tags:

Jay Pipes (jaypipes) on 2011-10-13

Changed in glance:
status:	In Progress → Fix Committed

Jay Pipes (jaypipes) on 2012-01-01

Changed in glance:
status:	Fix Committed → Fix Released

Jay Pipes (jaypipes) on 2012-01-11

security vulnerability:	yes → no
visibility:	private → public

Thierry Carrez (ttx) on 2012-01-12

security vulnerability:

no → yes

Thierry Carrez (ttx) on 2012-04-05

Changed in glance:
milestone:	essex-1 → 2012.1

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.