New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verbose log level leaks sensitive information #32

Closed

MarkRx opened this issue Apr 26, 2018 · 1 comment

Labels

3.5.0

MarkRx commented Apr 26, 2018

If the generated URI for a source/target has credentials in it they will be printed in the log if verbose logging is on.

Line in question: https://github.com/EMCECS/ecs-sync/blob/master/src/main/java/com/emc/ecs/sync/EcsSync.java#L293

The sensitive information should be masked.

twincitiesguy added the 3.4 label

twincitiesguy added 4.0 and removed 3.4 labels

twincitiesguy added 3.5.0 and removed 4.0 labels

Contributor

twincitiesguy commented Feb 1, 2022

Sensitive info scrubbing in the logs was added to 3.5.0. If we missed something, please let us know.

twincitiesguy closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment