New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
plug_cowboy logger translator stopped working after upgrading to elixir version 1.15 #13510
Comments
I cannot reproduce it on Elixir v1.16, so I suggest trying the latest Elixir v1.15 or latest Elixir v1.16. |
I still don't get the {Plug.Cowboy.Translator, :translate} on my logger config on version: Elixir 1.16.2 (compiled with Erlang/OTP 24) |
I don't know if that's the right place to be looking at, but logs started looking weird and leaking information that it shouldn't after I upgrade to elixir version 1.15. Just like plug_cowboy config isn't sticking. |
Can you provide steps to precisely reproduce this issue then? If I run |
Yes, here's what I did:
My point is that after upgrading my apps to elixir version 1.15 or greater, the plug_cowboy logger translator doesn't format the logs as it used to on version 1.14, which could cause some sensitive information to be leaked into the logs, like the request headers and token. I tried multiple approaches to get around this, like trying to specify a default_formatter, default_handler, and nothing seemed to work. The only thing that worked was to manually call Could you please help me figure out why is that the case? |
Hey @josevalim , I just wanted to follow up and check if you had a chance to look at the above or had any idea on what might be happening. Thank you for your time |
Thank you, this has been fixed in Elixir and it will be part of the upcoming v1.16.x patch release as well. |
Fixed in b378a2d. |
Awesome, thanks a lot for looking into this! |
@josevalim any chance we can get a 1.15 release? this is likely a risk for security concerns as they are a lot of stuff in the conn struct... And upgrading to 1.16 require fixing some hard deprecation for some of us. Feels like enough securityish concerns maybe to get a 1.15 patch too? what do you think? |
Assuming folks are using releases in production, I don’t believe the issue manifests inside a release, does it? |
let s say not everyone uses mix release 😭 sometime people inherit things prior to use release and is a big undertaking but I am can see on a service that uses it maybe if that s an issue |
@josevalim so the few we have are not yet in 1.15 :/ this feels still security patch related because other people may have translator that think that works . the patch is only few line and might be easy to add to 1.15 ? |
Elixir and Erlang/OTP versions
Erlang/OTP 26 [erts-14.1] [source] [64-bit] [smp:10:10] [ds:10:10:10] [async-threads:1]
Elixir 1.15.0 (compiled with Erlang/OTP 24)
Operating system
Sonoma 14.0
Current behavior
Logger translator doesn't seem to be sticking in plug_cowboy.
Inside Plug.Cowboy:
Inside my Application:
Expected behavior
Plug cowboy translator should be sticking out to the config. Application logger config should be:
Plug cowboy translator works on Elixir version 1.14
The text was updated successfully, but these errors were encountered: