Actions
Bug #41990
closedFeature #47765: mgr/dashboard: security improvements
mgr/dashboard: hide Python tracebacks in response errors
% Done:
0%
Source:
Community (dev)
Tags:
security
Backport:
nautilus
Regression:
No
Severity:
2 - major
Reviewed:
Description
Currently all errors handled by Cherrypy tools result in Python traceback including sensitive context information (Python version, file locations, packages, etc).
This does not only pose a security risk, but also pollutes logs with traceback lines, which makes it really hard to find where an unexpected traceback happened.
This could be easily fixed by setting Cherrypy environment to production
Actions