I would use "Potential context confusion in Keystone middleware" as the title.
Also : "...that is fixed if the process used eventlet..." -> "...that is avoided if the calling process already used eventlet..."
-> the issue is not fixed if the process already monkey-patched 'thread', it is not vulnerable in the first place
-> "calling" process makes it IMHO clearer that we are talking about the server project using the middleware.
If we precisely analyze the grizzly/havana affected server software, we could end with something like: "In Grizzly and Havana, only Glance and Ceilometer were found to be affected. Also note that only keystone middleware setups using auth_token with memcache are vulnerable."
I would use "Potential context confusion in Keystone middleware" as the title.
Also : "...that is fixed if the process used eventlet..." -> "...that is avoided if the calling process already used eventlet..."
-> the issue is not fixed if the process already monkey-patched 'thread', it is not vulnerable in the first place
-> "calling" process makes it IMHO clearer that we are talking about the server project using the middleware.
If we precisely analyze the grizzly/havana affected server software, we could end with something like: "In Grizzly and Havana, only Glance and Ceilometer were found to be affected. Also note that only keystone middleware setups using auth_token with memcache are vulnerable."