Adding a "won't fix" state for security advisory publication, as the vulnerability management team considers information leaks in DEBUG level logs as "a vulnerability in experimental or debugging features not intended for production use" (class B3 in the report taxonomy): https://security.openstack.org/vmt-process.html#incident-report-taxonomy -- You received this bug notification because you are a member of OpenStack Security SIG, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1761054 Title: nova log expose password when swapvolume Status in OpenStack Compute (nova): Fix Released Status in OpenStack Security Advisory: Won't Fix Bug description: http://logs.openstack.org/50/557150/6/check/tempest- full/1f9c9f2/controller/logs/screen-n-cpu.txt.gz#_Mar_30_08_37_13_371323 u'auth_password': u'8KigD3KKykJkJixs', u'auth_username': u'6m4wAHCZVqFfTQaF4eZu', To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1761054/+subscriptions