Queens Series Release Notes

17.0.4-15

Bug Fixes

  • The conditional that determines whether the sso_callback_template.html file is deployed for federated deployments has been fixed.

17.0.0

New Features

  • Extra headers can be added to Keystone responses by adding items to keystone_extra_headers. Example:

    keystone_extra_headers:
      - parameter: "Access-Control-Expose-Headers"
        value: "X-Subject-Token"
      - parameter: "Access-Control-Allow-Headers"
        value: "Content-Type, X-Auth-Token"
      - parameter: "Access-Control-Allow-Origin"
        value: "*"
    

Deprecation Notes

  • The variables keystone_memcached_servers and keystone_cache_backend_argument have been deprecated in favor of keystone_cache_servers, a list of servers for caching purposes.

Security Issues

  • The following headers were added as additional default (and static) values. X-Content-Type-Options nosniff, X-XSS-Protection “1; mode=block”, and Content-Security-Policy “default-src ‘self’ https: wss:;”. Additionally, the X-Frame-Options DENY header was added, defaulting to DENY. You may override the header via the keystone_x_frame_options variable.