Object expiration in Swift header 'X-Remove-Delete-At'
Bug #1988310 reported by
Andrey Groshrev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
New
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
The documentation describes the ability to delete the "x-delete-at" header using a post request and the "X-Remove-
But there is not a line in the code responsible for this behavior.
Moreover, any custom header erases the "x-delete-at". There is a suspicion that it overwrites everything by default. It's not safe.
-------
Release: 2.30.1.dev6 on 2018-08-01 15:17:42
SHA: 933d3938aca74d3
Source: https:/
URL: https:/
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete
security advisory task has been added while the core security
reviewers for the affected project or projects confirm the bug and
discuss the scope of any vulnerability along with potential
solutions.