OpenStack Security Advisory

  1. Bug #1998625
  2. Comment #5

Comment 5 for bug 1998625

Revision history for this message
clayg (clay-gerrard) wrote : Re: Arbitrary file access through custom S3 XML entities

it looks like `resolve_entities=False, no_network=True` is the real fix ... aside from the test, the rest of the diff is just plumbing for the logger

... which seems questionable to me because the logged warning sounds scary but isn't actually and there's nothing ops can do about it.

Let's drop the logging and land the fix so we can life the security embargo - then we can figure out what to do about the logger plumbing.