Horizon: security implication: not using triggers for .js updates

Bug #1462248 reported by Thomas Goirand on 2015-06-05
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
MOS Packaging Team
Vasyl Saienko
MOS Packaging Team

Bug Description

The package should be using trigger to re-do the offline compress after a javascript library is updated. Otherwise, after a security update of a libjs-* package, Horizon will continue to use an old version of said libjs files.

Have a look into the Debian package to see how it is done if you want an example.

Ruslan Kamaldinov (ruhe) on 2015-06-05
Changed in mos:
milestone: none → 7.0
assignee: nobody → MOS Deployment Team (mos-deployment)
Ruslan Kamaldinov (ruhe) on 2015-06-05
Changed in mos:
importance: Undecided → Medium
Vasyl Saienko (vsaienko) on 2015-06-05
Changed in mos:
assignee: MOS Deployment Team (mos-deployment) → Vasyl Saienko (vsaienko)

Fix proposed to branch: openstack-ci/fuel-7.0/2015.1.0
Change author: Vasyl Saienko <email address hidden>
Review: https://review.fuel-infra.org/7589

Fix proposed to branch: openstack-ci/fuel-6.1/2014.2
Change author: Vasyl Saienko <email address hidden>
Review: https://review.fuel-infra.org/7616

Thomas Goirand (thomas-goirand) wrote :

FYI, it looks like to me (after investigation), that for 7.0, we'll have to make new (or based on Sid) python-xstatic packages for:
- angular_mock
- bootstrap_datepicker
- font_awesome
- hogan
- jquery_migrate

and of course their corresponding libjs* packages.

Reviewed: https://review.fuel-infra.org/7616
Submitter: Igor Yozhikov <email address hidden>
Branch: openstack-ci/fuel-6.1/2014.2

Commit: a9266f1fed7669160f2471bd8f11aa5dcbe9305c
Author: Vasyl Saienko <email address hidden>
Date: Tue Jun 9 13:03:54 2015

Re-do offline compress after javascript lib or xstatic package is updated

  At the moment horizon compress static files once after install.
  Adding openstack-dashboard.triggers that will re-do offline compress
  if libjs-* or xstatic package is updated

Change-Id: I39ad62d9e21fa00f60c2398a7740891dec0bf876
Closes-Bug: #1462248

Change abandoned by Vasyl Saienko <email address hidden> on branch: openstack-ci/fuel-7.0/2015.1.0
Review: https://review.fuel-infra.org/7589

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers