diff --git a/mistraldashboard/api.py b/mistraldashboard/api.py
index 01125ce..f280538 100644
--- a/mistraldashboard/api.py
+++ b/mistraldashboard/api.py
@@ -42,7 +42,10 @@ def mistralclient(request):
             'OPENSTACK_ENDPOINT_TYPE',
             'internalURL'
         ),
-        service_type=SERVICE_TYPE
+        service_type=SERVICE_TYPE,
+        # We should not treat definition as file path or uri otherwise
+        # we allow access to contents in internal servers
+        enforce_raw_definition=False
     )
 
 
diff --git a/releasenotes/notes/bug-1931558-4674cdde721dfab8.yaml b/releasenotes/notes/bug-1931558-4674cdde721dfab8.yaml
new file mode 100644
index 0000000..303d331
--- /dev/null
+++ b/releasenotes/notes/bug-1931558-4674cdde721dfab8.yaml
@@ -0,0 +1,8 @@
+---
+security:
+  - |
+    `Bug #1931558 <https://launchpad.net/bugs/1931558>`_:
+    Previosuly Mistral Dashboard leaked contents of local files if a user put
+    in a local file path in definitions. Now Mistral Dashboard no longer treats
+    inputs as file path or URL but it always use the raw input as resource
+    definitions.
diff --git a/requirements.txt b/requirements.txt
index e831d1f..b9cb2b1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,6 +4,6 @@
 
 pbr!=2.1.0,>=2.0.0 # Apache-2.0
 iso8601>=0.1.11 # MIT
-python-mistralclient!=3.2.0,>=3.1.0 # Apache-2.0
+python-mistralclient>=4.3.0 # Apache-2.0
 PyYAML>=3.12 # MIT
 horizon>=17.1.0  # Apache-2.0