Do not expose exception information in HTTP response
Bug #1776635 reported by
Ivan Kolodyazhny
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Vitrage |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Vitrage API exposes exception tracebacks in HTTP responses. E.g. [1]. Exception information could contain private and sensitive data, so we shouldn't expose it to end users.
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/575363 /git.openstack. org/cgit/ openstack/ vitrage/ commit/ ?id=6484eb0f9f1 625a9bf485136d7 bc0a807825f044
Committed: https:/
Submitter: Zuul
Branch: master
commit 6484eb0f9f1625a 9bf485136d7bc0a 807825f044
Author: Eyal <email address hidden>
Date: Thu Jun 14 11:20:46 2018 +0300
don't expose exception info on http response
Change-Id: Ibd38f68895489b 4da49477f7306e3 019b406f288 df9ab0918d3b45a 7001afdcf74
Closes-Bug: #1776635
Depends-On: Ide6906ee477aa7