This is an automated email from the ASF dual-hosted git repository.

SbloodyS pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/dev by this push:
     new e12fa9dab6 [Improvement-18403][API&Security] Avoid raw password 
exposure in user parameter validation errors (#18404)
e12fa9dab6 is described below

commit e12fa9dab6bdff1e8b0313acb6166dce51efce0e
Author: suyc <[email protected]>
AuthorDate: Fri Jul 10 16:43:12 2026 +0800

    [Improvement-18403][API&Security] Avoid raw password exposure in user 
parameter validation errors (#18404)
---
 .../org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
index a22a287b81..db601d18db 100644
--- 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
+++ 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UsersServiceImpl.java
@@ -847,7 +847,7 @@ public class UsersServiceImpl extends BaseServiceImpl 
implements UsersService {
             msg = userName;
         } else if (!CheckUtils.checkPassword(password)) {
             log.warn("Parameter password check failed.");
-            msg = password;
+            msg = "password";
         } else if (!CheckUtils.checkEmail(email)) {
             log.warn("Parameter email check failed.");
             msg = email;

Reply via email to