[
https://issues.apache.org/jira/browse/KAFKA-3830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15327353#comment-15327353
]
ASF GitHub Bot commented on KAFKA-3830:
---------------------------------------
GitHub user ijuma opened a pull request:
https://github.com/apache/kafka/pull/1498
KAFKA-3830; getTGT() debug logging exposes confidential information
Only log the client and server principals, which is what ZooKeeper does
after ZOOKEEPER-2405.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ijuma/kafka
kafka-3830-get-tgt-debug-confidential
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/kafka/pull/1498.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1498
----
commit aac856f5a3a64123f798788b31707521e9157519
Author: Ismael Juma <ism...@juma.me.uk>
Date: 2016-06-13T13:23:04Z
getTGT() debug logging exposes confidential information
----
> getTGT() debug logging exposes confidential information
> -------------------------------------------------------
>
> Key: KAFKA-3830
> URL: https://issues.apache.org/jira/browse/KAFKA-3830
> Project: Kafka
> Issue Type: Bug
> Components: security
> Reporter: Ismael Juma
> Assignee: Ismael Juma
> Fix For: 0.10.0.1
>
>
> We have the same issue as the one described in ZOOKEEPER-2405.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
