OpenStack Identity (keystone)

  1. Bug #1100282
  2. Comment #51

Comment 51 for bug 1100282

Revision history for this message
Dan Prince (dan-prince) wrote : Re: DoS through XML entity expansion

ttx: Okay. Cinder patches are attached.

Also, I looked again and although Quantum calls minidom.parse... once in wsgi.py it doesn't appear to be used. Note: We will certainly need the etree fix to be added once this hits: https://review.openstack.org/#/c/19998/13/quantum/wsgi.py (upstream branch under review to add XML support for the Quantum V2 API).

I think olso can wait till after we disclose this right?