Comment 20 for bug 1628031
Revision history for this message
| Morgan Fainberg (mdrnstm) wrote Re: keystonemiddleware logs token in stacktrace | #20 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
@Steve,
I think we can get this into M, N, and O. Since this is a Class A vuln (with a Pending OSSA), it should be within scope of adding and potentially cutting another release if needed / freeze exception (I'd advocate for that for most security fixes)
Once we have the ok from oslo-coresec on the impact statement (#14) we can move forward with CVE request and move towards disclosure and submitting the patch to gerrit.
@Joshua, any additions/