Vitrage

Do not expose exception information in HTTP response

Bug #1776635 reported by Ivan Kolodyazhny on 2018-06-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Vitrage	Fix Released	Undecided	Unassigned

Bug Description

Vitrage API exposes exception tracebacks in HTTP responses. E.g. [1]. Exception information could contain private and sensitive data, so we shouldn't expose it to end users.

[1] https://github.com/openstack/vitrage/blob/8883c3f03b5b544b227308c08dd3cf5fc753697a/vitrage/api/controllers/v1/alarm.py#L60

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-06-18: Fix merged to vitrage (master)

Reviewed: https://review.openstack.org/575363
Committed: https://git.openstack.org/cgit/openstack/vitrage/commit/?id=6484eb0f9f1625a9bf485136d7bc0a807825f044
Submitter: Zuul
Branch: master

commit 6484eb0f9f1625a9bf485136d7bc0a807825f044
Author: Eyal <email address hidden>
Date: Thu Jun 14 11:20:46 2018 +0300

don't expose exception info on http response

    Change-Id: Ibd38f68895489b4da49477f7306e3019b406f288
    Closes-Bug: #1776635
    Depends-On: Ide6906ee477aa7df9ab0918d3b45a7001afdcf74

Changed in vitrage:
status:	New → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-08-09: Fix included in openstack/vitrage 3.1.0

This issue was fixed in the openstack/vitrage 3.1.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.