OpenStack Compute (nova)

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1409142
Comment #38

Comment 38 for bug 1409142

Revision history for this message

Jeremy Stanley (fungi) wrote on 2015-02-11: Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259)

#38

Our stable branch guidelines are a little vague on this point, and mainly discourage introducing backward-incompatible configuration changes. https://wiki.openstack.org/wiki/StableBranch#Appropriate_Fixes The bigger concern is backporting a significant behavior change or a change in default values of existing configuration options, I think.

Prior art involving security advisories where configuration options were added in backports: bug 1336207, bug 1354208