Comment 28 for bug 2030976
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Related fix merged to oslo.messaging (master) | #28 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 1b315615e7dc61d
Author: Jay Faulkner <email address hidden>
Date: Thu Aug 10 11:28:32 2023 -0700
Only allow safe context fields in notifications
Publishing a fully hydrated context object in a notification would give
someone with access to that notification the ability to impersonate the
original actor through inclusion of sensitive fields.
Now, instead, we pare down the context object to the bare minimum before
passing it for serialization in notification workflows.
Related-bug: 2030976
Change-Id: Ic94323658c89df