The new Cinder patch changes our approach to reject the dangerous requests with 409 error and also protects the volume action REST API endpoint that has 2 operations that could be used for the attack.
The commit message has more details.
The new Cinder patch changes our approach to reject the dangerous requests with 409 error and also protects the volume action REST API endpoint that has 2 operations that could be used for the attack.
The commit message has more details.