[Bug 1805690] Re: [MIR] python-django-debreach
Corey Bryant
corey.bryant at canonical.com
Fri Dec 7 13:12:12 UTC 2018
** Also affects: python-django-debreach (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: cloud-archive
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1805690
Title:
[MIR] python-django-debreach
Status in python-django-debreach package in Ubuntu:
New
Bug description:
[Availability]
Currently in NEW queue.
[Rationale]
This is a new dependency for the OpenStack horizon project.
[Security]
No security history.
[Quality Assurance]
Package works out of the box with no prompting. There are no major bugs in Ubuntu and there are no major bugs in Debian. Unit tests are run during build.
[Dependencies]
All are in main.
[Standards Compliance]
FHS and Debian Policy compliant.
[Maintenance]
Simple python package that the OpenStack Team will take care of.
[Background]
Basic/extra mitigation against the `BREACH attack <http://breachattack.com/>`_
for Django projects.
When combined with rate limiting in your web-server, or by using something
like `django-ratelimit <http://django-ratelimit.readthedocs.org/>`_, the
techniques here should provide at least some protection against the BREACH
attack.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-django-debreach/+bug/1805690/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list