Reviewed: https://review.openstack.org/238007 Committed: https://git.openstack.org/cgit/openstack/ironic-inspector/commit/?id=7ca56201897d8288b1acaafeccd9469840f73dcf Submitter: Jenkins Branch: stable/1.1 commit 7ca56201897d8288b1acaafeccd9469840f73dcf Author: Dmitry Tantsur <dtantsur at redhat.com> Date: Wed Oct 21 13:56:34 2015 +0200 Never run Flask in debug mode, it poses a security risk Change-Id: I0c0c192bc75f42cfb070059f1764a0837ae956bb Closes-Bug: #1506419 -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1506419 Title: Running Flask server in debug mode may be a security issue Status in Ironic Inspector: Fix Committed Status in Ironic Inspector kilo series: Fix Committed Status in Ironic Inspector liberty series: Fix Released Status in Ironic Inspector mitaka series: Fix Committed Status in OpenStack Security Advisory: Won't Fix Bug description: A lot of people default to running their servers in debug mode. While handy for getting the full logs, in our case it will also allow access to Flask console, which may pose a security risk. We need a separate option for this. To manage notifications about this bug go to: https://bugs.launchpad.net/ironic-inspector/+bug/1506419/+subscriptions