Opened 4 years ago

Last modified 3 years ago

#3374 new defect

Whitelist config keys exposed in the config endpoint

Reported by: dustin Owned by:
Priority: critical Milestone: 0.9.+
Version: 0.9.0b4 Keywords:
Cc:

Description

master/buildbot/www/config.py currently exposes all of c['www'] with a few exceptions. It'd be nice, instead, to only expose what must be exposed, so that any secrets added to other keys don't end up on the Internet.

Change History (2)

comment:1 Changed 4 years ago by dustin

  • Milestone changed from 0.9.0 to 0.9.+
Note: See TracTickets for help on using tickets.