Comment 107 for bug 1409142
Revision history for this message
| Andrew Laski (alaski) wrote Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259) | #107 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I'm not seeing an updated patch...
There are no hard rules right now for what log level should be used, but we try to adhere to standard expectations for what should be logged at each level. Audit is something made up in Nova and is not a standard logging level so we've been moving away from it. But in this case the log level would be triggered by a user requesting a console type that isn't handled here, though I'm not sure the request would make it here if that actually happened. Since it could be considered a user error rather than a system error a warning would be more appropriate than an exception in my opinion.