[jira] [Updated] (KAFKA-14115) Password configs are logged in plaintext in KRaft
[ https://issues.apache.org/jira/browse/KAFKA-14115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tom Bentley updated KAFKA-14115: Fix Version/s: 3.2.3 (was: 3.2.2) > Password configs are logged in plaintext in KRaft > - > > Key: KAFKA-14115 > URL: https://issues.apache.org/jira/browse/KAFKA-14115 > Project: Kafka > Issue Type: Bug > Components: kraft >Reporter: David Arthur >Assignee: David Arthur >Priority: Critical > Fix For: 3.3.0, 3.4.0, 3.2.3 > > > While investigating KAFKA-14111, I also noticed that > ConfigurationControlManager is logging sensitive configs in plaintext at INFO > level. > {code} > [2022-07-27 12:14:09,927] INFO [Controller 1] ConfigResource(type=BROKER, > name='1'): set configuration listener.name.external.ssl.key.password to bar > (org.apache.kafka.controller.ConfigurationControlManager) > {code} > Once this new config reaches the broker, it is logged again, but this time it > is redacted > {code} > [2022-07-27 12:14:09,957] INFO [BrokerMetadataPublisher id=1] Updating broker > 1 with new configuration : listener.name.external.ssl.key.password -> > [hidden] (kafka.server.metadata.BrokerMetadataPublisher) > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KAFKA-14115) Password configs are logged in plaintext in KRaft
[ https://issues.apache.org/jira/browse/KAFKA-14115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Arthur updated KAFKA-14115: - Component/s: kraft > Password configs are logged in plaintext in KRaft > - > > Key: KAFKA-14115 > URL: https://issues.apache.org/jira/browse/KAFKA-14115 > Project: Kafka > Issue Type: Bug > Components: kraft >Reporter: David Arthur >Assignee: Prem Kamal >Priority: Critical > Fix For: 3.3.0, 3.4.0, 3.2.2 > > > While investigating KAFKA-14111, I also noticed that > ConfigurationControlManager is logging sensitive configs in plaintext at INFO > level. > {code} > [2022-07-27 12:14:09,927] INFO [Controller 1] ConfigResource(type=BROKER, > name='1'): set configuration listener.name.external.ssl.key.password to bar > (org.apache.kafka.controller.ConfigurationControlManager) > {code} > Once this new config reaches the broker, it is logged again, but this time it > is redacted > {code} > [2022-07-27 12:14:09,957] INFO [BrokerMetadataPublisher id=1] Updating broker > 1 with new configuration : listener.name.external.ssl.key.password -> > [hidden] (kafka.server.metadata.BrokerMetadataPublisher) > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KAFKA-14115) Password configs are logged in plaintext in KRaft
[ https://issues.apache.org/jira/browse/KAFKA-14115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Arthur updated KAFKA-14115: - Fix Version/s: 3.2.2 > Password configs are logged in plaintext in KRaft > - > > Key: KAFKA-14115 > URL: https://issues.apache.org/jira/browse/KAFKA-14115 > Project: Kafka > Issue Type: Bug >Reporter: David Arthur >Assignee: Prem Kamal >Priority: Critical > Fix For: 3.3.0, 3.4.0, 3.2.2 > > > While investigating KAFKA-14111, I also noticed that > ConfigurationControlManager is logging sensitive configs in plaintext at INFO > level. > {code} > [2022-07-27 12:14:09,927] INFO [Controller 1] ConfigResource(type=BROKER, > name='1'): set configuration listener.name.external.ssl.key.password to bar > (org.apache.kafka.controller.ConfigurationControlManager) > {code} > Once this new config reaches the broker, it is logged again, but this time it > is redacted > {code} > [2022-07-27 12:14:09,957] INFO [BrokerMetadataPublisher id=1] Updating broker > 1 with new configuration : listener.name.external.ssl.key.password -> > [hidden] (kafka.server.metadata.BrokerMetadataPublisher) > {code} -- This message was sent by Atlassian Jira (v8.20.10#820010)