[jira] [Created] (SLING-10227) Improvement in distribution logging to log id generated for binary reference and not log reference

Amit Jain (Jira) Wed, 17 Mar 2021 01:36:04 -0700

Amit Jain created SLING-10227:
---------------------------------

             Summary: Improvement in distribution logging to log id generated 
for binary reference and not log reference
                 Key: SLING-10227
                 URL: https://issues.apache.org/jira/browse/SLING-10227
             Project: Sling
          Issue Type: Improvement
          Components: Content Distribution
            Reporter: Amit Jain



PackageDistribution also logs the binary reference which might log 
implementation details leaking out some secrets.

Proposed 
[change|https://github.com/apache/sling-org-apache-sling-distribution-journal/compare/master...amit-jain:master]
 which is now upstaged with recent 
[changes|https://github.com/apache/sling-org-apache-sling-distribution-journal/blame/479dcb4f9784a152ebcc3a37fa6e172544754911/src/main/java/org/apache/sling/distribution/journal/impl/publisher/DistributionPublisher.java#L281-L282].

[~tmaret] What's the way forward, I think we should only log certain elements 
and not all the package contents which besides the security issues can be quite 
heavy



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (SLING-10227) Improvement in distribution logging to log id generated for binary reference and not log reference

Reply via email to