[
https://issues.apache.org/jira/browse/SLING-10227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Timothee Maret resolved SLING-10227.
------------------------------------
Fix Version/s: Content Distribution Journal Messages 0.3.0
Content Distribution Journal Core 0.1.18
Resolution: Fixed
> Improvement in distribution logging to log id generated for binary reference
> and not log reference
> --------------------------------------------------------------------------------------------------
>
> Key: SLING-10227
> URL: https://issues.apache.org/jira/browse/SLING-10227
> Project: Sling
> Issue Type: Improvement
> Components: Content Distribution
> Reporter: Amit Jain
> Assignee: Timothee Maret
> Priority: Major
> Fix For: Content Distribution Journal Core 0.1.18, Content
> Distribution Journal Messages 0.3.0
>
>
> PackageDistribution also logs the binary reference which might log
> implementation details leaking out some secrets.
> Proposed
> [change|https://github.com/apache/sling-org-apache-sling-distribution-journal/compare/master...amit-jain:master]
> which is now upstaged with recent
> [changes|https://github.com/apache/sling-org-apache-sling-distribution-journal/blame/479dcb4f9784a152ebcc3a37fa6e172544754911/src/main/java/org/apache/sling/distribution/journal/impl/publisher/DistributionPublisher.java#L281-L282].
> [~tmaret] What's the way forward, I think we should only log certain elements
> and not all the package contents which besides the security issues can be
> quite heavy
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
