--- a/components/openstack/glance/files/glance-api.conf Mon Oct 19 13:13:17 2015 -0700
+++ b/components/openstack/glance/files/glance-api.conf Mon Oct 19 16:07:51 2015 -0700
@@ -184,6 +184,9 @@
#sqlalchemy_debug = True
# Pass the user's token through for API requests to the registry.
+# WARNING: DO NOT CHANGE THIS VALUE. Setting use_user_token to False
+# allows for unintended privilege escalation within the Glance API server.
+# See https://wiki.openstack.org/wiki/OSSN/OSSN-0060
# Default: True
#use_user_token = True