[Openstack-security] [Bug 1479523] Fix included in openstack/keystone 9.0.0.0b2
Thierry Carrez
thierry.carrez+lp at gmail.com
Thu Jan 21 13:26:56 UTC 2016
This issue was fixed in the openstack/keystone 9.0.0.0b2 development
milestone.
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1479523
Title:
Stop using debug for insecure responses
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
If you set debug=true in keystone.conf the server 1) logs at debug level, and 2) sends out insecure responses. Deployers might think that debug=true only does 1, not knowing about 2 since it's not documented in the sample config. The behaviors should be decoupled to improve security a bit.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1479523/+subscriptions
More information about the Openstack-security
mailing list