← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1482301] Re: 'X-Openstack-Request-ID' lenght limited only by header size

 

** Changed in: glance
       Status: Fix Committed => Fix Released

** Changed in: glance
    Milestone: None => liberty-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1482301

Title:
  'X-Openstack-Request-ID' lenght limited only by header size

Status in Glance:
  Fix Released
Status in Glance juno series:
  New
Status in Glance kilo series:
  New
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  Glance accepts 'X-Openstack-Request-ID' header and includes the value
  in log-files. The length of the Request ID is limited only by
  max_header_line parameter that defaults to 16384. This opens
  possibility to flood the logs.

  Public as this vulnerability was already discussed today on Glance
  weekly meeting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1482301/+subscriptions


References