Merge "Update Keystone core to Mitaka."

author: Ruan HE <ruan.he@orange.com> 2016-06-09 08:12:34 +0000
committer: Gerrit Code Review <gerrit@172.30.200.206> 2016-06-09 08:12:34 +0000
commit: 4bc079a2664f9a407e332291f34d174625a9d5ea (patch)
tree: 7481cd5d0a9b3ce37c44c797a1e0d39881221cbe /keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
parent: 2f179c5790fbbf6144205d3c6e5089e6eb5f048a (diff)
parent: 2e7b4f2027a1147ca28301e4f88adf8274b39a1f (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml b/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
new file mode 100644
index 00000000..0d5c2034
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
@@ -0,0 +1,13 @@
+---
+features:
+  - >
+    [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
+    Audit IDs are included in the token revocation list.
+security:
+  - >
+    [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
+    [`CVE-2015-7546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546>`_]
+    A bug is fixed where an attacker could avoid token revocation when the PKI
+    or PKIZ token provider is used. The complete remediation for this
+    vulnerability requires the corresponding fix in the keystonemiddleware
+    project.
author	Ruan HE <ruan.he@orange.com>	2016-06-09 08:12:34 +0000
committer	Gerrit Code Review <gerrit@172.30.200.206>	2016-06-09 08:12:34 +0000
commit	4bc079a2664f9a407e332291f34d174625a9d5ea (patch)
tree	7481cd5d0a9b3ce37c44c797a1e0d39881221cbe /keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
parent	2f179c5790fbbf6144205d3c6e5089e6eb5f048a (diff)
parent	2e7b4f2027a1147ca28301e4f88adf8274b39a1f (diff)