Comment 51 for bug 1274034

Formally: There is a security hole in Openstack and it will not be closed for the nearest half of the year and will not applied to existing supporting installation.

I do not understand why fix to _SECURITY_ bug is rejected because it will change behaviour? Obviously it will change behaviour, it will break ability for malicious user to break multitenancy in Openstack.

Please, care about malicious hackers, please do not port security fixes to the existing versions! Otherwise they would find that Openstack is no longer vulnerable.