diff options
Diffstat (limited to 'releasenotes/notes/token_expiration_to_match_application_credential-56d058355a9f240d.yaml')
| -rw-r--r-- | releasenotes/notes/token_expiration_to_match_application_credential-56d058355a9f240d.yaml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/releasenotes/notes/token_expiration_to_match_application_credential-56d058355a9f240d.yaml b/releasenotes/notes/token_expiration_to_match_application_credential-56d058355a9f240d.yaml new file mode 100644 index 000000000..d37073a9d --- /dev/null +++ b/releasenotes/notes/token_expiration_to_match_application_credential-56d058355a9f240d.yaml @@ -0,0 +1,10 @@ +--- +security: + - | + [`bug 1992183 <https://bugs.launchpad.net/keystone/+bug/1992183>`_] + [`CVE-2022-2447 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2447>`_] + Tokens issued with application credentials will now have their expiration + validated against that of the application credential. If the application + credential expires before the token the token's expiration will be set to + the same expiration as the application credential. Otherwise the token + will use the configured value. |