Project

Profile

Help

Issue #5012

closed

ssl_client_key printed in the logs

Added by dkliban@redhat.com over 5 years ago. Updated about 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 57
Quarter:

Description

I noticed that when I performa PATCH request to update a FIle Remote, the ssl_client_key is printed in the logs at INFO level.

Actions #1

Updated by amacdona@redhat.com over 5 years ago

  • Triaged changed from No to Yes
  • Sprint set to Sprint 55
Actions #2

Updated by dkliban@redhat.com over 5 years ago

  • Sprint changed from Sprint 55 to Sprint 56
Actions #3

Updated by rchan over 5 years ago

  • Sprint changed from Sprint 56 to Sprint 57
Actions #4

Updated by amacdona@redhat.com over 5 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to amacdona@redhat.com

Added by amacdona@redhat.com over 5 years ago

Revision a6fd4fbd | View on GitHub

Prevent rq from logging secrets

Though the issue is specific about certain cases that shouldn't be logged, we do not have fine control over what rq logs, so the solution is to disable logging of the description (which includes the job arguments).

https://pulp.plan.io/issues/5012 fixes #5012

Actions #5

Updated by amacdona@redhat.com over 5 years ago

  • Status changed from ASSIGNED to MODIFIED
Actions #6

Updated by amacdona@redhat.com over 5 years ago

  • Status changed from MODIFIED to POST

Added by amacdona@redhat.com over 5 years ago

Revision a1838b13 | View on GitHub

Prevent rq from logging secrets

Though the issue is specific about certain cases that shouldn't be logged, we do not have fine control over what rq logs, so the solution is to disable logging of the description (which includes the job arguments).

https://pulp.plan.io/issues/5012 fixes #5012

Added by amacdona@redhat.com over 5 years ago

Revision a1838b13 | View on GitHub

Prevent rq from logging secrets

Though the issue is specific about certain cases that shouldn't be logged, we do not have fine control over what rq logs, so the solution is to disable logging of the description (which includes the job arguments).

https://pulp.plan.io/issues/5012 fixes #5012

Actions #7

Updated by amacdona@redhat.com over 5 years ago

  • Status changed from POST to MODIFIED
Actions #8

Updated by bmbouter about 5 years ago

  • Sprint/Milestone set to 3.0.0
Actions #9

Updated by bmbouter about 5 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF