Fix proposed to branch: master Review: https://review.openstack.org/207226 ** Changed in: keystone Status: New => In Progress -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1479523 Title: Stop using debug for insecure responses Status in Keystone: In Progress Bug description: If you set debug=true in keystone.conf the server 1) logs at debug level, and 2) sends out insecure responses. Deployers might think that debug=true only does 1, not knowing about 2 since it's not documented in the sample config. The behaviors should be decoupled to improve security a bit. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1479523/+subscriptions