Johnnie White created BEANUTILS-568:
---------------------------------------
Summary: BeanUtils.setProperty may shouln't record trace log
Key: BEANUTILS-568
URL: https://issues.apache.org/jira/browse/BEANUTILS-568
Project: Commons BeanUtils
Issue Type: Bug
Components: Bean / Property Utils
Affects Versions: 1.9.4
Environment: opening trace level log
Reporter: Johnnie White
When log level is trace, using BeanUtils.setProperty would record the value of
bean. Even override the toString for bean, such like using * to hide the
sensitive message. It would also show the original info without hiding.
The better way to log is using bean's toString function, otherwise directly
splice value and output
(org/apache/commons/beanutils/BeanUtilsBean.java, line 888)
(What's more, why I tried to upload a screenshot for code failed here?)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
