16 lines
677 B
YAML
16 lines
677 B
YAML
---
|
|
features:
|
|
- >
|
|
[`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
|
|
The auth_token middleware validates the token's audit IDs during offline
|
|
token validation if the Identity server includes audit IDs in the token
|
|
revocation list.
|
|
security:
|
|
- >
|
|
[`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
|
|
[`CVE-2015-7546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546>`_]
|
|
A bug is fixed where an attacker could avoid token revocation when the PKI
|
|
or PKIZ token provider is used. The complete remediation for this
|
|
vulnerability requires the corresponding fix in the Identity (keystone)
|
|
project.
|