My tests[1] found those services using auth_token without "thread" patched: * Havana: glance-registry ({'socket': True, 'time': True})
* Icehouse ceilometer-api ({'socket': True}) swift
Nova in master is also vulnerable when "--remote_debug" switches are used: "# turn off thread patching to enable the remote debugger"
[1]: http://paste.openstack.org/show/72103/
My tests[1] found those services using auth_token without "thread" patched:
* Havana:
glance-registry ({'socket': True, 'time': True})
* Icehouse
ceilometer-api ({'socket': True})
swift
Nova in master is also vulnerable when "--remote_debug" switches are used: "# turn off thread patching to enable the remote debugger"
[1]: http:// paste.openstack .org/show/ 72103/