[Openstack-security] [openstack/keystone] SecurityImpact review request change Icf8dd2f0b88abc89092d487bbcefb525960c4ec6
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Fri Oct 30 07:42:27 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/207226
Log:
commit 88f7a05ed241dba6cc3269178d80c1a96477d52d
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Wed Jul 29 16:29:42 2015 -0500
Config option for insecure responses
oslo.log's "debug" option was co-opted to also indicate that the
responses should include more information. A separate config
option should be used instead so that deployers don't mistakenly
expose themselves to security issues.
The debug option still is used for what it does in oslo.log and
how it works on all other projects -- if you're not using a log
config file it sets the base logger to debug.
SecurityImpact
Change-Id: Icf8dd2f0b88abc89092d487bbcefb525960c4ec6
Closes-Bug: 1479523
More information about the Openstack-security
mailing list