DEBUG = True #1
Description
URS311871 is being rescinded because KSDB is running with Django's DEBUG = True enabled, which is a security violation. Cybersecurity reviewed the application and discovered the risk (information disclosure, arbitrary command execution).
Once this is fixed, the URS may be resubmitted.
This is a high priority issue.
Note that I attempted to resolve this myself by putting DEBUG = False in settings.py, however, this made every interaction with KSDB return 400 Bad Request. I'll leave it to the expert to figure this out! 😁
Metadata
Metadata
Assignees
Labels
No labels