F0otman opened a new pull request, #276: URL: https://github.com/apache/commons-beanutils/pull/276
From [BEANUTILS-568](https://issues.apache.org/jira/browse/BEANUTILS-568), Sorry for lacked unit test, cause beanutils only use commons-logging, it cannot show the key point of log without settings or materialized log component. The problem I want to warn is if I override bean method toString like `return "TestBean{" + "propertyPassword='" + "******" + "\" + '}'` When try to use BeanUtils.setProperty & BeanUtils.copyProperty & LocaleBeanUtilsBean.setProperty, **it would record trace log the value of propertyPassword**. So if someone tamper log level or set the wrong level, the shaded property may record in log. The safety way is when toString method is overrided, do not show the value in log. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
