Comment 107 for bug 1409142

Revision history for this message
Andrew Laski (alaski) wrote : Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259)

I'm not seeing an updated patch...

There are no hard rules right now for what log level should be used, but we try to adhere to standard expectations for what should be logged at each level. Audit is something made up in Nova and is not a standard logging level so we've been moving away from it. But in this case the log level would be triggered by a user requesting a console type that isn't handled here, though I'm not sure the request would make it here if that actually happened. Since it could be considered a user error rather than a system error a warning would be more appropriate than an exception in my opinion.