keystonemiddleware

  1. Bug #1628031
  2. Comment #25

Comment 25 for bug 1628031

Revision history for this message
Jeremy Stanley (fungi) wrote : Re: keystonemiddleware logs token in stacktrace (CVE-2017-2592)

Based on our usual notification timeline ( https://security.openstack.org/vmt-process.html#embargoed-disclosure ) I propose we send a pre-OSSA within the next 19 hours with a target coordinated disclosure time of 15:00 UTC on Wednesday, January 25. Any objections? Will any Oslo core reviewers be around to quickly usher the corresponding changes through code review?