)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":6282,"name":"Wu Wenxiang","email":"wu.wenxiang@algoblu.com","username":"wu-wenxiang"},"change_message_id":"d8e128769097d9982160ac4c897fbcd486b4d707","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"32fc4ca2_02e59dcf","updated":"2023-06-07 10:35:03.000000000","message":"if hacker change time_expire cookie, then this behavior just like browser use keystone token to request OpenStack API from CLI tools. This patch It\u0027s not a","commit_id":"9c4f5e5e74753ec830d7b9721e452547edf17365"},{"author":{"_account_id":6282,"name":"Wu Wenxiang","email":"wu.wenxiang@algoblu.com","username":"wu-wenxiang"},"change_message_id":"3d0c880194383b87f1d92e98b66f585891f53fbb","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"29afa2a4_0d609e4c","in_reply_to":"32fc4ca2_02e59dcf","updated":"2023-06-07 10:38:06.000000000","message":"This patch is not a security patch, but a UE improvement to avoid user sent request to OpenStack API directly after JWT token expired. If hacker can change time_expire cookie, he also could retrieve Keystone token to send request, so would not lead a security issue.","commit_id":"9c4f5e5e74753ec830d7b9721e452547edf17365"}]}