Ironic

  1. Bug #1425206
  2. Comment #22

Comment 22 for bug 1425206

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ceilometer (master)

Reviewed: https://review.openstack.org/159591
Committed: https://git.openstack.org/cgit/openstack/ceilometer/commit/?id=b2a21fba08df7da1f7c82fd41e54797e38f2fd53
Submitter: Jenkins
Branch: master

commit b2a21fba08df7da1f7c82fd41e54797e38f2fd53
Author: Jim Rollenhagen <email address hidden>
Date: Tue Feb 24 21:56:53 2015 +0000

    Do not default pecan_debug to CONF.debug

    Pecan's debug mode can be terribly insecure; 500 errors return a
    Python traceback, the full list of environment variables, and a
    button to replay the request with a breakpoint.

    Deployers often run OpenStack services in debug mode; doing so should
    not open the service up to these flaws. Defaulting pecan_debug to
    CONF.debug makes this easy to accidentally do. So, default it to False
    rather than riding on top of CONF.debug.

    Change-Id: I70f9c9807d16aa50df4d5e16ba2a29575f8b165e
    Closes-Bug: #1425206
    DocImpact