Queens Series Release Notes¶
17.0.4-15¶
Bug Fixes¶
The conditional that determines whether the
sso_callback_template.html
file is deployed for federated deployments has been fixed.
17.0.0¶
New Features¶
Extra headers can be added to Keystone responses by adding items to
keystone_extra_headers
. Example:keystone_extra_headers: - parameter: "Access-Control-Expose-Headers" value: "X-Subject-Token" - parameter: "Access-Control-Allow-Headers" value: "Content-Type, X-Auth-Token" - parameter: "Access-Control-Allow-Origin" value: "*"
Deprecation Notes¶
The variables
keystone_memcached_servers
andkeystone_cache_backend_argument
have been deprecated in favor ofkeystone_cache_servers
, a list of servers for caching purposes.
Security Issues¶
The following headers were added as additional default (and static) values. X-Content-Type-Options nosniff, X-XSS-Protection “1; mode=block”, and Content-Security-Policy “default-src ‘self’ https: wss:;”. Additionally, the X-Frame-Options DENY header was added, defaulting to DENY. You may override the header via the keystone_x_frame_options variable.