According to the OpenStack Vulnerability Management Team's Report Taxonomy, leaks of sensitive information into logs at debug logging level are handled as security hardening opportunities (Class B3), and can be discussed and fixed in public. No security advisory will be issued, though if anyone feels a security note about this is warranted they're free to submit one.
Thanks for reporting this!
According to the OpenStack Vulnerability Management Team's Report Taxonomy, leaks of sensitive information into logs at debug logging level are handled as security hardening opportunities (Class B3), and can be discussed and fixed in public. No security advisory will be issued, though if anyone feels a security note about this is warranted they're free to submit one.
https:/ /security. openstack. org/vmt- process. html#report- taxonomy