-
Notifications
You must be signed in to change notification settings - Fork 253
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redacted URL in logs / errors #158
Redacted URL in logs / errors #158
Conversation
So that basic auth creds, if any, won't show up in logs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Many thanks for this fix @dany74q, this LGTM 👍
Hey @dany74q - we've decided to retroactively issue a CVE for this issue. If you would like credit for the discovery or fix, please email security[at]hashicorp.com with the name/identifier you would like us to use (Github user dany74q, Dany from SomeCompany, etc.) An acknowledgement will be included in a security bulletin published to https://discuss.hashicorp.com/c/security/ Thank you again! |
This is hashicorp/go-retryablehttp#158 only directly applied to the vendor/ source tree See also GHSA-v6v8-xj6m-xwqh
This is hashicorp/go-retryablehttp#158 only directly applied to the vendor/ source tree See also GHSA-v6v8-xj6m-xwqh
So that basic auth creds, if any, won't show up in logs