Mirantis OpenStack

Session timed out notice in horizon after idle period

Series 7.0.x
Bug #1481494

Bug #1481494 reported by Fabrizio Soppelsa on 2015-08-04

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mirantis OpenStack	Invalid	High	MOS Maintenance	Mirantis OpenStack 7.0
6.0.x	Fix Released	High	Alex Ermolov	Mirantis OpenStack 6.0-mu-6
6.1.x	Invalid	High	Alex Ermolov	Mirantis OpenStack 6.1-updates
7.0.x	Invalid	High	MOS Maintenance	Mirantis OpenStack 7.0

Bug Description

"Session timed out" bug https://bugs.launchpad.net/horizon/+bug/1423615 fixed in upstream, can we backport the fix to 6.0(.1)?

Tags:

CVE References

2014-8124

Fabrizio Soppelsa (fsoppelsa) on 2015-08-04

tags:

added: customer-found

Timur Sufiev (tsufiev-x) on 2015-08-05

Changed in mos:
assignee:	MOS Horizon (mos-horizon) → MOS Sustaining (mos-sustaining)

Revision history for this message

Vitaly Sedelnik (vsedelnik) wrote on 2015-08-05:

Invalid for 7.0 as the fix is consumed from stable/kilo, Confirmed for juno-based versions of MOS (6.0 and 6.1)

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-08-21: Fix proposed to packages/precise/python-django-openstack-auth (6.0-updates)

Fix proposed to branch: 6.0-updates
Change author: Alex Ermolov <email address hidden>
Review: https://review.fuel-infra.org/10631

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-08-21: Fix proposed to packages/centos6/python-django-openstack-auth (6.0-updates)

Fix proposed to branch: 6.0-updates
Change author: Alex Ermolov <email address hidden>
Review: https://review.fuel-infra.org/10633

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-08-21: Fix merged to packages/precise/python-django-openstack-auth (6.0-updates)

Reviewed: https://review.fuel-infra.org/10631
Submitter: Vitaly Sedelnik <email address hidden>
Branch: 6.0-updates

Commit: 78291653fe64f5272ed8992ac008d1a91a94626a
Author: Alex Ermolov <email address hidden>
Date: Fri Aug 21 09:35:22 2015

add last_activity to session

Actually, the fix for CVE-2014-8124 included a regression, resulting
users had to log in a second time, after being logged out due to
inactivity.

Change-Id: If6a7f489058c80c969975dc0658e6f2ae979eca3
Closes-Bug: #1481494

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-08-25: Fix merged to packages/centos6/python-django-openstack-auth (6.0-updates)

Reviewed: https://review.fuel-infra.org/10633
Submitter: Vitaly Sedelnik <email address hidden>
Branch: 6.0-updates

Commit: 834737dffde25e70ce012173acb90f717524111a
Author: Alex Ermolov <email address hidden>
Date: Fri Aug 21 13:25:17 2015

add last_activity to session

Actually, the fix for CVE-2014-8124 included a regression, resulting
users had to log in a second time, after being logged out due to
inactivity.

Change-Id: If6a7f489058c80c969975dc0658e6f2ae979eca3
Closes-Bug: #1481494

Olena Logvinova (ologvinova) on 2015-09-09

tags:

added: 6.0 release-notes-done

Revision history for this message

Vitaly Gusev (vgusev) wrote on 2015-09-11:

Verified on 6.0 with packet python-openstack-auth_1.1.7-ubuntu6_all.deb from mirror http://172.18.82.150:82/ubuntu-fuel-6.0-updates-stable/ubuntu/all/

Revision history for this message

Alex Ermolov (aermolov) wrote on 2015-09-15:

Changed status to Invalid for 6.1.x. because the fix is already there.

Roman Rufanov (rrufanov) on 2015-09-17

tags:

added: support

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.