1 Errata patch for CVE-2015-3646 |
|
2 https://review.openstack.org/173034 |
|
3 git fetch https://review.openstack.org/openstack/keystone refs/changes/34/173034/2 && git checkout FETCH_HEAD |
|
4 Fixed upstream and in a future release. |
|
5 --- |
|
6 From 695153a523faa9310e2e20d0333c33a47334208a Mon Sep 17 00:00:00 2001 |
|
7 From: Eric Brown <[email protected]> |
|
8 Date: Mon, 13 Apr 2015 11:37:53 -0700 |
|
9 Subject: [PATCH] backend_argument should be marked secret |
|
10 |
|
11 Since the backend_argument can potentially contain a password, |
|
12 it should be marked secret to avoid leakage into the logs. |
|
13 |
|
14 Closes-Bug: #1443598 |
|
15 |
|
16 Change-Id: I55663db4cf2df84a66de8f64fba4b4f129ae827d |
|
17 (cherry picked from commit f9db1a65bd4d83d12c572ba4d5807845996ef410) |
|
18 --- |
|
19 keystone/common/config.py | 2 +- |
|
20 1 file changed, 1 insertion(+), 1 deletion(-) |
|
21 |
|
22 diff --git a/keystone/common/config.py b/keystone/common/config.py |
|
23 index d7f9dd8..d953e49 100644 |
|
24 --- a/keystone/common/config.py |
|
25 +++ b/keystone/common/config.py |
|
26 @@ -313,7 +313,7 @@ FILE_OPTIONS = { |
|
27 'deployments. Small workloads (single process) ' |
|
28 'like devstack can use the dogpile.cache.memory ' |
|
29 'backend.'), |
|
30 - cfg.MultiStrOpt('backend_argument', default=[], |
|
31 + cfg.MultiStrOpt('backend_argument', default=[], secret=True, |
|
32 help='Arguments supplied to the backend module. ' |
|
33 'Specify this option once per argument to be ' |
|
34 'passed to the dogpile.cache backend. Example ' |
|
35 -- |
|
36 1.9.1 |
|