[Bug 1805690] [NEW] [MIR] python-django-debreach

Corey Bryant corey.bryant at canonical.com
Wed Nov 28 19:27:05 UTC 2018 

Public bug reported:

[Availability]
Currently in NEW queue.

[Rationale]
This is a new dependency for the OpenStack horizon project.

[Security]
No security history.

[Quality Assurance]
Package works out of the box with no prompting. There are no major bugs in Ubuntu and there are no major bugs in Debian. Unit tests are run during build.

[Dependencies]
All are in main.

[Standards Compliance]
FHS and Debian Policy compliant.

[Maintenance]
Simple python package that the OpenStack Team will take care of.

[Background]
Basic/extra mitigation against the `BREACH attack <http://breachattack.com/>`_ 
for Django projects. 

When combined with rate limiting in your web-server, or by using something
like `django-ratelimit <http://django-ratelimit.readthedocs.org/>`_, the 
techniques here should provide at least some protection against the BREACH 
attack.

** Affects: cloud-archive
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1805690

Title:
  [MIR] python-django-debreach

Status in Ubuntu Cloud Archive:
  New

Bug description:
  [Availability]
  Currently in NEW queue.

  [Rationale]
  This is a new dependency for the OpenStack horizon project.

  [Security]
  No security history.

  [Quality Assurance]
  Package works out of the box with no prompting. There are no major bugs in Ubuntu and there are no major bugs in Debian. Unit tests are run during build.

  [Dependencies]
  All are in main.

  [Standards Compliance]
  FHS and Debian Policy compliant.

  [Maintenance]
  Simple python package that the OpenStack Team will take care of.

  [Background]
  Basic/extra mitigation against the `BREACH attack <http://breachattack.com/>`_ 
  for Django projects. 

  When combined with rate limiting in your web-server, or by using something
  like `django-ratelimit <http://django-ratelimit.readthedocs.org/>`_, the 
  techniques here should provide at least some protection against the BREACH 
  attack.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1805690/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list