kolla-ansible

BREACH attack is fixed on horizon side, gzip could be enable when using tls

Bug #1827976 reported by Jeffrey Zhang
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
kolla-ansible
Fix Released
Medium
Jeffrey Zhang
kolla-ansible 9.0.0 "Train"
Stein
Fix Released
Medium
Jeffrey Zhang
Train
Fix Released
Medium
Jeffrey Zhang
kolla-ansible 9.0.0 "Train"
Revision history for this message
Mark Goddard (mgoddard) wrote :

https://review.opendev.org/#/c/657520/1

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/657520
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=06a8161a18df142be19b5030a970e7e002c68d81
Submitter: Zuul
Branch: master

commit 06a8161a18df142be19b5030a970e7e002c68d81
Author: Jeffrey Zhang <email address hidden>
Date: Tue May 7 11:28:06 2019 +0800

    Enable deflate when using tls for horizon

    deflate is disable because of breach attach[0] issue. But it has be
    fixed on horizon size through[1], so we cloud enable deflate all the
    time.

    compress application/json too in default.

    [0] https://wiki.openstack.org/wiki/OSSN/OSSN-0037
    [1] https://review.openstack.org/#/c/596549/

    Change-Id: I364c8a71633fac846dbaac8eaa0b78191e6d7d0e
    Closes-Bug: #1827976

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
Dincer Celik (dincercelik) wrote :

This should be backported to stable/rocky.

Revision history for this message
Mark Goddard (mgoddard) wrote : Re: [Bug 1827976] Re: BREACH attack is fixed on horizon side, gzip could be enable when using tls

Dincer, feel free to cherry pick the change to stable branches. The Gerrit
UI allows this.
Mark

On Fri, 28 Jun 2019, 18:21 Dincer Celik, <email address hidden> wrote:

> This should be backported to stable/rocky.
>
> --
> You received this bug notification because you are subscribed to kolla-
> ansible.
> Matching subscriptions: kolla-ansible firehose
> https://bugs.launchpad.net/bugs/1827976
>
> Title:
> BREACH attack is fixed on horizon side, gzip could be enable when
> using tls
>
> Status in kolla-ansible:
> Fix Released
> Status in kolla-ansible stein series:
> Fix Released
>
> Bug description:
> breach attack is fixed by https://review.openstack.org/#/c/596549/
> on horizon size, gzip cloud be enable when using tls.
>
> * http://breachattack.com/
> * https://wiki.openstack.org/wiki/OSSN/OSSN-0037
> * https://www.acunetix.com/blog/articles/breach-attack/
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/kolla-ansible/+bug/1827976/+subscriptions
>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/668237

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/668290

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/stein)

Reviewed: https://review.opendev.org/668290
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=6b77e5a92724af9b627c50d74c4c262ac6f95aa5
Submitter: Zuul
Branch: stable/stein

commit 6b77e5a92724af9b627c50d74c4c262ac6f95aa5
Author: Jeffrey Zhang <email address hidden>
Date: Tue May 7 11:28:06 2019 +0800

    Enable deflate when using tls for horizon

    deflate is disable because of breach attach[0] issue. But it has be
    fixed on horizon size through[1], so we cloud enable deflate all the
    time.

    compress application/json too in default.

    [0] https://wiki.openstack.org/wiki/OSSN/OSSN-0037
    [1] https://review.openstack.org/#/c/596549/

    Change-Id: I364c8a71633fac846dbaac8eaa0b78191e6d7d0e
    Closes-Bug: #1827976
    (cherry picked from commit 06a8161a18df142be19b5030a970e7e002c68d81)

tags: added: in-stable-stein
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 8.0.0.0rc2

This issue was fixed in the openstack/kolla-ansible 8.0.0.0rc2 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/rocky)

Reviewed: https://review.opendev.org/668237
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=5ed551c1fdcfba68e6e0ae9458fa7b5540fdc28e
Submitter: Zuul
Branch: stable/rocky

commit 5ed551c1fdcfba68e6e0ae9458fa7b5540fdc28e
Author: Jeffrey Zhang <email address hidden>
Date: Tue May 7 11:28:06 2019 +0800

    Enable deflate when using tls for horizon

    deflate is disable because of breach attach[0] issue. But it has be
    fixed on horizon size through[1], so we cloud enable deflate all the
    time.

    compress application/json too in default.

    [0] https://wiki.openstack.org/wiki/OSSN/OSSN-0037
    [1] https://review.openstack.org/#/c/596549/

    Change-Id: I364c8a71633fac846dbaac8eaa0b78191e6d7d0e
    Closes-Bug: #1827976
    (cherry picked from commit 06a8161a18df142be19b5030a970e7e002c68d81)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 7.1.2

This issue was fixed in the openstack/kolla-ansible 7.1.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 9.0.0.0rc1

This issue was fixed in the openstack/kolla-ansible 9.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.