2afad4dc30
oslo.log's "debug" option was co-opted to also indicate that the responses should include more information. A separate config option should be used instead so that deployers don't mistakenly expose themselves to security issues. The debug option still is used for what it does in oslo.log and how it works on all other projects -- if you're not using a log config file it sets the base logger to debug. SecurityImpact Change-Id: Icf8dd2f0b88abc89092d487bbcefb525960c4ec6 Closes-Bug: 1479523
8 lines
318 B
YAML
8 lines
318 B
YAML
---
|
|
upgrade:
|
|
- A new config option, ``insecure_debug``, is added to control whether debug
|
|
information is returned to clients. This used to be controlled by the
|
|
``debug`` option. If you'd like to return extra information to clients
|
|
set the value to ``true``. This extra information may help an attacker.
|
|
|