---
security:
  - |
    `OSSA-2019-003`_: Nova Server Resource Faults Leak External Exception
    Details (CVE-2019-14433)

    This release contains a security fix for `bug 1837877`_ where users
    without the admin role can be exposed to sensitive error details in
    the server resource fault ``message``.

    There is a behavior change where non-nova exceptions will only record
    the exception class name in the fault ``message`` field which is exposed
    to all users, regardless of the admin role.

    The fault ``details``, which are only exposed to users with the admin role,
    will continue to include the traceback and also include the exception
    value which for non-nova exceptions is what used to be exposed in the
    fault ``message`` field. Meaning, the information that admins could see
    for server faults is still available, but the exception value may be in
    ``details`` rather than ``message`` now.

    .. _OSSA-2019-003: https://security.openstack.org/ossa/OSSA-2019-003.html
    .. _bug 1837877: https://bugs.launchpad.net/nova/+bug/1837877