---
features:
  - >
    [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
    The auth_token middleware validates the token's audit IDs during offline
    token validation if the Identity server includes audit IDs in the token
    revocation list.
security:
  - >
    [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
    [`CVE-2015-7546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546>`_]
    A bug is fixed where an attacker could avoid token revocation when the PKI
    or PKIZ token provider is used. The complete remediation for this
    vulnerability requires the corresponding fix in the Identity (keystone)
    project.