aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml')
-rw-r--r--keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml13
1 files changed, 13 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml b/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
new file mode 100644
index 00000000..0d5c2034
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
@@ -0,0 +1,13 @@
+---
+features:
+ - >
+ [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
+ Audit IDs are included in the token revocation list.
+security:
+ - >
+ [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
+ [`CVE-2015-7546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546>`_]
+ A bug is fixed where an attacker could avoid token revocation when the PKI
+ or PKIZ token provider is used. The complete remediation for this
+ vulnerability requires the corresponding fix in the keystonemiddleware
+ project.