All memcache token incarnations for PKI tokens are affected. Since that code went in back in Folsom, that means Folsom, Grizzly and Havana.
The fix is a server side fix. We could also fix using the auth_token middleware, but that is probably suboptimal. It will slow down the revocation check, and it would require updating every component in an OS deployment. Server side fix is preferable and proper.
Deploying the fix will dump the revocation list, but since it was not checked before, it will be no worse than it was.
All memcache token incarnations for PKI tokens are affected. Since that code went in back in Folsom, that means Folsom, Grizzly and Havana.
The fix is a server side fix. We could also fix using the auth_token middleware, but that is probably suboptimal. It will slow down the revocation check, and it would require updating every component in an OS deployment. Server side fix is preferable and proper.
Deploying the fix will dump the revocation list, but since it was not checked before, it will be no worse than it was.