On 2015-03-26 14:29:03 -0400 (-0400), Lars Kellogg-Stedman wrote: [...] > The solution, of course, is to make sure that the value of > novncproxy_base_url is set explicitly where the nova-novncproxy > service is running. This is a bit of a hack, since the service > *really* only cares about the protocol portion of the URL, > suggesting that maybe a new configuration option would have been a > less intrusive solution. [...]
Thanks for the heads up. The developers working to backport security fixes to stable branches try to come up with ways to have them automatically applicable without configuration changes on the part of the deployers consuming them. Sometimes it's possible, sometimes it's not, and sometimes they think it is but turn out in retrospect to have introduced an unintended behavior change. Unfortunately I think that last possibility is what happened for this bug[1]. It's worth bringing this to the attention of the Nova developers who implemented the original fix to see if there's a better stable solution which achieves the goal of protecting deployments where operators aren't likely to update their configuration while still maintaining consistent behavior. To that end, I'm Cc'ing the openstack-dev list, setting MFT and tagging the subject accordingly. [1] https://launchpad.net/bugs/1409142 -- Jeremy Stanley _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
