I'm marking the advisory task won't fix and triaging this as a potential security hardening opportunity. In the past we've considered information leaking in DEBUG level logs to fit the B3 classification (a vulnerability in experimental or debugging features not intended for production use) in our report taxonomy: https://security.openstack.org/vmt-process.html#incident-report-taxonomy
I'm marking the advisory task won't fix and triaging this as a potential security hardening opportunity. In the past we've considered information leaking in DEBUG level logs to fit the B3 classification (a vulnerability in experimental or debugging features not intended for production use) in our report taxonomy: https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy