[jira] [Updated] (GEODE-9805) Debug logging of Radish AUTH command in ExecutionHandlerContext.executeCommand() reveals sensitive information
[ https://issues.apache.org/jira/browse/GEODE-9805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Anthony Baker updated GEODE-9805: - Labels: blocks-1.15.0 pull-request-available unreleased (was: blocks-1.15.0 pull-request-available) > Debug logging of Radish AUTH command in > ExecutionHandlerContext.executeCommand() reveals sensitive information > -- > > Key: GEODE-9805 > URL: https://issues.apache.org/jira/browse/GEODE-9805 > Project: Geode > Issue Type: Bug > Components: redis >Affects Versions: 1.15.0 >Reporter: Donal Evans >Assignee: Donal Evans >Priority: Major > Labels: blocks-1.15.0, pull-request-available, unreleased > Fix For: 1.15.0 > > > With debug logging enabled, the ExecutionHandlerContext.executeCommand() > method logs every command executed along with its arguments. In the case of > the AUTH command, this results in un-redacted userId and/or password being > logged, which represents a serious security issue. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (GEODE-9805) Debug logging of Radish AUTH command in ExecutionHandlerContext.executeCommand() reveals sensitive information
[ https://issues.apache.org/jira/browse/GEODE-9805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated GEODE-9805: -- Labels: blocks-1.15.0 pull-request-available (was: blocks-1.15.0) > Debug logging of Radish AUTH command in > ExecutionHandlerContext.executeCommand() reveals sensitive information > -- > > Key: GEODE-9805 > URL: https://issues.apache.org/jira/browse/GEODE-9805 > Project: Geode > Issue Type: Bug > Components: redis >Affects Versions: 1.15.0 >Reporter: Donal Evans >Assignee: Donal Evans >Priority: Major > Labels: blocks-1.15.0, pull-request-available > > With debug logging enabled, the ExecutionHandlerContext.executeCommand() > method logs every command executed along with its arguments. In the case of > the AUTH command, this results in un-redacted userId and/or password being > logged, which represents a serious security issue. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (GEODE-9805) Debug logging of Radish AUTH command in ExecutionHandlerContext.executeCommand() reveals sensitive information
[ https://issues.apache.org/jira/browse/GEODE-9805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Donal Evans updated GEODE-9805: --- Labels: blocks-1.15.0 (was: needsTriage) > Debug logging of Radish AUTH command in > ExecutionHandlerContext.executeCommand() reveals sensitive information > -- > > Key: GEODE-9805 > URL: https://issues.apache.org/jira/browse/GEODE-9805 > Project: Geode > Issue Type: Bug > Components: redis >Affects Versions: 1.15.0 >Reporter: Donal Evans >Assignee: Donal Evans >Priority: Major > Labels: blocks-1.15.0 > > With debug logging enabled, the ExecutionHandlerContext.executeCommand() > method logs every command executed along with its arguments. In the case of > the AUTH command, this results in un-redacted userId and/or password being > logged, which represents a serious security issue. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (GEODE-9805) Debug logging of Radish AUTH command in ExecutionHandlerContext.executeCommand() reveals sensitive information
[ https://issues.apache.org/jira/browse/GEODE-9805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alexander Murmann updated GEODE-9805: - Labels: needsTriage (was: ) > Debug logging of Radish AUTH command in > ExecutionHandlerContext.executeCommand() reveals sensitive information > -- > > Key: GEODE-9805 > URL: https://issues.apache.org/jira/browse/GEODE-9805 > Project: Geode > Issue Type: Bug > Components: redis >Affects Versions: 1.15.0 >Reporter: Donal Evans >Priority: Major > Labels: needsTriage > > With debug logging enabled, the ExecutionHandlerContext.executeCommand() > method logs every command executed along with its arguments. In the case of > the AUTH command, this results in un-redacted userId and/or password being > logged, which represents a serious security issue. -- This message was sent by Atlassian Jira (v8.20.1#820001)