Comment 8 for bug 1463698

I agree with Christian's position on this. I don't think either Horizon or Swift should be limiting the content that the owner of the account can upload into a container by default (though having an optional feature to filter either when storing or serving seems reasonable). Pretty sure this falls somewhere between classes D and E in our report taxonomy, and so we wouldn't publish a security advisory for this nor recommend it for backporting to existing stable release versions. https://security.openstack.org/vmt-process.html#incident-report-taxonomy