 9d5c340130
			
		
	
	9d5c340130
	
	
	
		
			
			While getting volume details, if the user is a non-admin then hide the host name. Change-Id: Iaf0ac52d9227f9a0efbf32b1faca78c8456a84ca Closes-Bug: #1740950
		
			
				
	
	
		
			27 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			27 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| ---
 | |
| upgrade:
 | |
|   - |
 | |
|     Due to the fix for `Bug #1740950
 | |
|     <https://bugs.launchpad.net/cinder/+bug/1740950>`_, the
 | |
|     ``host_name`` field in any object in the ``attachments``
 | |
|     array of the volume detail response is populated only when
 | |
|     the call is made in an administrative context.  Otherwise,
 | |
|     its value is the JSON ``null`` value.  This is consistent with
 | |
|     prior API behavior, as it has always been possible for the
 | |
|     value of that field to be ``null``.
 | |
| security:
 | |
|   - |
 | |
|     It was possible under certain circumstances for the host name
 | |
|     of an instance to be leaked in the volume detail response.  This
 | |
|     has been fixed in the current release.  The ``host_name`` field
 | |
|     in any object in the ``attachments`` array of the volume
 | |
|     detail response is populated only when the call is made in an
 | |
|     administrative context.  Otherwise, its value is the JSON ``null``
 | |
|     value.
 | |
| fixes:
 | |
|   - |
 | |
|     `Bug #1740950 <https://bugs.launchpad.net/cinder/+bug/1740950>`_:
 | |
|     the ``host_name`` field in any object in the ``attachments`` array
 | |
|     of the volume detail response is populated only when the call is
 | |
|     made in an administrative context.  Otherwise, its value is the
 | |
|     JSON ``null`` value. |