Actions
Bug #41990
closedFeature #47765: mgr/dashboard: security improvements
mgr/dashboard: hide Python tracebacks in response errors
% Done:
0%
Source:
Community (dev)
Tags:
security
Backport:
nautilus
Regression:
No
Severity:
2 - major
Reviewed:
Description
Currently all errors handled by Cherrypy tools result in Python traceback including sensitive context information (Python version, file locations, packages, etc).
This does not only pose a security risk, but also pollutes logs with traceback lines, which makes it really hard to find where an unexpected traceback happened.
This could be easily fixed by setting Cherrypy environment to production
Updated by Ernesto Puerta over 4 years ago
- Status changed from New to Fix Under Review
- Pull request ID set to 30522
Updated by Tatjana Dehler over 4 years ago
- Status changed from Fix Under Review to Resolved
Updated by Tatjana Dehler over 4 years ago
- Status changed from Resolved to Pending Backport
- Target version deleted (
v14.2.4)
Updated by Nathan Cutler over 4 years ago
- Copied to Backport #42294: nautilus: mgr/dashboard: hide Python tracebacks in response errors added
Updated by Nathan Cutler about 4 years ago
- Status changed from Pending Backport to Resolved
While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".
Updated by Ernesto Puerta about 4 years ago
- Has duplicate Feature #38280: mgr/dashboard: add DEBUG mode added
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 146 to General - Back-end
Actions