Execution plan logging may reveal sensitive information
Bug #1706059 reported by
Gerry Buteau
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Murano |
Fix Released
|
Undecided
|
Gerry Buteau | ||
Bug Description
Execution plans are logged when received in the murano-agent if debug is enabled. Plans may contain sensitive information (passwords, security tokens, etc...). They should be sanitized before being logged.
Since murano-agent uses oslo_logging, we should use the built-in utility, oslo_utils/
| Changed in murano: | |
| assignee: | nobody → Gerry Buteau (gerry.buteau) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to murano-agent (master) | #1 |
| Changed in murano: | |
| status: | New → In Progress |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to murano-agent (master) | #2 |
| Changed in murano: | |
| status: | In Progress → Fix Released |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/murano-agent 3.3.0 | #3 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/