Hi all,
I'd like to propose the following exception to be included in the next Icehouse release: https://review.openstack.org/#/c/99536/
This is a security related fix, it fixes block device auth_password key get logged at debug level. It may be not critical because generally debug won't be enabled at production environment, but we can't assume all users follow the suggestion. It's better to get this fixed early than later.
The patch was already get approved but failed to merge duo to conflict now patch is updated and get a +2.
I am in favor of adding this one
From: Yaguang Tang <yaguang.tang@canonical.commailto:yaguang.tang@canonical.com> Date: Tuesday, August 5, 2014 at 5:19 AM To: "openstack-stable-maint@lists.openstack.orgmailto:openstack-stable-maint@lists.openstack.org" <openstack-stable-maint@lists.openstack.orgmailto:openstack-stable-maint@lists.openstack.org> Subject: [Openstack-stable-maint] [nova] Freeze exception
Hi all,
I'd like to propose the following exception to be included in the next Icehouse release: https://review.openstack.org/#/c/99536/
This is a security related fix, it fixes block device auth_password key get logged at debug level. It may be not critical because generally debug won't be enabled at production environment, but we can't assume all users follow the suggestion. It's better to get this fixed early than later.
The patch was already get approved but failed to merge duo to conflict now patch is updated and get a +2.
-- Tang Yaguang
Canonical Ltd. | www.ubuntu.comhttps://urldefense.proofpoint.com/v1/url?u=http://www.ubuntu.com/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=eH0pxTUZo8NPZyF6hgoMQu%2BfDtysg45MkPhCZFxPEq8%3D%0A&m=0tK6KUq%2BoH1PAsKptY8y%2FrPSTH5vECJnl0cThiqKcD8%3D%0A&s=ae414f57b543580acd2cd01ec05a03e4fefd2d9827462b6453c610441f30d665 | www.canonical.comhttps://urldefense.proofpoint.com/v1/url?u=http://www.canonical.com/&k=oIvRg1%2BdGAgOoM1BIlLLqw%3D%3D%0A&r=eH0pxTUZo8NPZyF6hgoMQu%2BfDtysg45MkPhCZFxPEq8%3D%0A&m=0tK6KUq%2BoH1PAsKptY8y%2FrPSTH5vECJnl0cThiqKcD8%3D%0A&s=599c288cbfb81ae280724d62d6292b8477dfc70b0d6e6018459710e9f8d3dc41 gpg key: 0x187F664F
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 05/08/14 04:19, Yaguang Tang wrote:
Hi all,
I'd like to propose the following exception to be included in the next Icehouse release: https://review.openstack.org/#/c/99536/
This is a security related fix, it fixes block device auth_password key get logged at debug level.
Do we need OSSA to be released for the issue?
It may be not critical because generally debug won't be enabled at production environment, but we can't assume all users follow the suggestion. It's better to get this fixed early than later.
I agree. Security related fixes *are* critical.
The patch was already get approved but failed to merge duo to conflict now patch is updated and get a +2.
Already approved by Alan.
/Ihar
participants (3)
-
Gary Kotton
-
Ihar Hrachyshka
-
Yaguang Tang