Horizon: security implication: not using triggers for .js updates

Bug #1462248 reported by Thomas Goirand on 2015-06-05
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
High
MOS Packaging Team
6.1.x
High
Vasyl Saienko
7.0.x
High
MOS Packaging Team

Bug Description

The package should be using trigger to re-do the offline compress after a javascript library is updated. Otherwise, after a security update of a libjs-* package, Horizon will continue to use an old version of said libjs files.

Have a look into the Debian package to see how it is done if you want an example.

Ruslan Kamaldinov (ruhe) on 2015-06-05
Changed in mos:
milestone: none → 7.0
assignee: nobody → MOS Deployment Team (mos-deployment)
Ruslan Kamaldinov (ruhe) on 2015-06-05
Changed in mos:
importance: Undecided → Medium
Vasyl Saienko (vsaienko) on 2015-06-05
Changed in mos:
assignee: MOS Deployment Team (mos-deployment) → Vasyl Saienko (vsaienko)

Fix proposed to branch: openstack-ci/fuel-7.0/2015.1.0
Change author: Vasyl Saienko <email address hidden>
Review: https://review.fuel-infra.org/7589

Fix proposed to branch: openstack-ci/fuel-6.1/2014.2
Change author: Vasyl Saienko <email address hidden>
Review: https://review.fuel-infra.org/7616

Thomas Goirand (thomas-goirand) wrote :

FYI, it looks like to me (after investigation), that for 7.0, we'll have to make new (or based on Sid) python-xstatic packages for:
- angular_mock
- bootstrap_datepicker
- font_awesome
- hogan
- jquery_migrate

and of course their corresponding libjs* packages.

Reviewed: https://review.fuel-infra.org/7616
Submitter: Igor Yozhikov <email address hidden>
Branch: openstack-ci/fuel-6.1/2014.2

Commit: a9266f1fed7669160f2471bd8f11aa5dcbe9305c
Author: Vasyl Saienko <email address hidden>
Date: Tue Jun 9 13:03:54 2015

Re-do offline compress after javascript lib or xstatic package is updated

  At the moment horizon compress static files once after install.
  Adding openstack-dashboard.triggers that will re-do offline compress
  if libjs-* or xstatic package is updated

Change-Id: I39ad62d9e21fa00f60c2398a7740891dec0bf876
Closes-Bug: #1462248

Change abandoned by Vasyl Saienko <email address hidden> on branch: openstack-ci/fuel-7.0/2015.1.0
Review: https://review.fuel-infra.org/7589

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers