[jira] [Resolved] (CXF-9123) Payload written to logs

Andriy Redko (Jira) Mon, 31 Mar 2025 04:40:06 -0700


     [ 
https://issues.apache.org/jira/browse/CXF-9123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andriy Redko resolved CXF-9123.
-------------------------------
    Resolution: Invalid

Please use the latest version, the issue has been fixed in 3.5.11 / 3.6.6 / 
4.0.7 / 4.1.1 releases

> Payload written to logs
> -----------------------
>
>                 Key: CXF-9123
>                 URL: https://issues.apache.org/jira/browse/CXF-9123
>             Project: CXF
>          Issue Type: Bug
>          Components: Core
>            Reporter: Manuel Shenavai
>            Priority: Major
>
> When tmp files are cleaned up by DelayedCachedOutputStreamCleaner, the 
> content of the tmp file is written into the logs:
> https://github.com/apache/cxf/blob/4fc8b120d7c7363c70324ff8c790494655ad3fa4/core/src/main/java/org/apache/cxf/io/DelayedCachedOutputStreamCleaner.java#L132
> https://github.com/apache/cxf/blob/main/core/src/main/java/org/apache/cxf/io/CachedOutputStream.java#L430
> Writing the payloads into the logs is a security problem.
> Example log:
> 2025-03-24T18:34:21.17+0530 [...] "Unclosed (leaked?) stream detected: 
> [org.apache.cxf.io.CachedOutputStream Content: <queryResponse [...]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CXF-9123) Payload written to logs

Reply via email to