The GitHub Actions job "Tests (AMD)" on airflow.git/backport-aa3b7d4-v3-2-test has succeeded. Run started by GitHub user jason810496 (triggered by jason810496).
Head commit for run: ea084d37c8502ade085957153abb864994b24060 / Jarek Potiuk <[email protected]> [v3-2-test] Redact secret-looking query parameters in HTTP access log (#67498) The HTTP access log middleware logged the raw query string without passing it through ``secrets_masker.redact()``. The decorator-layer audit log already masks request data; the access-log layer did not. A secret inadvertently passed as a query parameter (e.g. ``?password=foo`` or ``?token=bar``) was therefore written to the access log in plaintext. Parse the query string into ``(key, value)`` pairs and call ``secrets_masker.redact(value, key)`` per pair before logging. This matches the pattern already used in ``logging/decorators.py``: keys whose names are flagged sensitive by ``secrets_masker`` (``password``, ``token``, ``api_key``, …) have their values replaced with ``***``; values previously registered via ``mask_secret()`` are caught too. Non-sensitive keys are unchanged, blank values are preserved so log readers still see the parameter was present, and malformed query strings fall back to raw logging rather than silently dropping diagnostic information. (cherry picked from commit aa3b7d4) Co-authored-by: Jarek Potiuk <[email protected]> Report URL: https://github.com/apache/airflow/actions/runs/26559744904 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
