Sujitha Chinnathambi created HTTPCLIENT-1811: ------------------------------------------------
Summary: Security : Authorization header should not be printed in debug log Key: HTTPCLIENT-1811 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1811 Project: HttpComponents HttpClient Issue Type: Bug Components: HttpClient (async) Reporter: Sujitha Chinnathambi Attachments: httpclient.patch Current behaviour : When https call is made with basic authentication with debug mode, authorization information which is transfered part of 'Authorization' header is getting printed in log in below artifact <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.3.6</version> Example : org.apache.http.wire - [] >> "Authorization: Basic VEVTVCBLSCAwMS9TQ0hVTFVORzpzY2h1bHVuZw==[\r][\n]" org.apache.http.headers - [] >> Authorization: Basic VEVTVCBLSCAwMS9TQ0hVTFVORzpzY2h1bHVuZw== Expected behaiour: Though log level is debug, authorization information should not be printed in log. Attached httpclient.patch as proposal. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org