I'm not sure what to think about this one as it's been around for years and we unfortunately have another INFO log exposure [1] of the console auth token that occurred relatively recently [2]:
This one, I don't yet know how to suppress because this logging is coming from the underlying websockify third-party code, not nova code.
So, given that the recent fix doesn't get us out of the woods, I'm not sure whether an advisory at this stage would be useful. I'm not opposed to one though.
I'm not sure what to think about this one as it's been around for years and we unfortunately have another INFO log exposure [1] of the console auth token that occurred relatively recently [2]:
INFO nova.console. websocketproxy [-] 10.209.96.111 - - [04/Dec/2019 03:29:50] 10.209.96.111: 3e631f39- b5c7-4bba- a5c2-8c76359e71 d9'
Path: '?token=
This one, I don't yet know how to suppress because this logging is coming from the underlying websockify third-party code, not nova code.
So, given that the recent fix doesn't get us out of the woods, I'm not sure whether an advisory at this stage would be useful. I'm not opposed to one though.
[1] https:/ /zuul.opendev. org/t/openstack /build/ c32904d9d1424e5 79a21513cfc66bd 7d/log/ controller/ logs/screen- n-novnc- cell1.txt. gz#11 /review. opendev. org/649372
[2] https:/