cinderclient logs sensitive info in http requests
Bug #1516689 reported by
Anna Sortland
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Cinder |
Invalid
|
High
|
Jose Porrua | ||
| python-cinderclient |
Fix Released
|
High
|
Jose Porrua | ||
Bug Description
cinderclient logs sensitive info in headers when logging http requests in debug mode.
This happens in a couple of places:
cinderclient/
cinderclient/
cinderclient should hash sensitive info in headers such as 'X-Auth-Token' and 'X-Subject-Token'.
For examples, see keystoneclient (https:/
| Changed in cinder: | |
| assignee: | nobody → Jose Porrua (jose-porrua) |
| Changed in cinder: | |
| status: | New → In Progress |
| Changed in python-cinderclient: | |
| status: | New → In Progress |
| Changed in python-cinderclient: | |
| assignee: | nobody → Jose Porrua (jose-porrua) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to python-cinderclient (master) | #1 |
| Changed in cinder: | |
| importance: | Undecided → High |
| Changed in python-cinderclient: | |
| importance: | Undecided → High |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix merged to python-cinderclient (master) | #2 |
| Changed in python-cinderclient: | |
| status: | In Progress → Fix Released |
| Changed in cinder: | |
| status: | In Progress → Invalid |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix included in openstack/python-cinderclient 1.6.0 | #3 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/