[jira] [Created] (CXF-9123) Payload written to logs

Manuel Shenavai (Jira) Mon, 31 Mar 2025 01:55:52 -0700

Manuel Shenavai created CXF-9123:
------------------------------------

             Summary: Payload written to logs
                 Key: CXF-9123
                 URL: https://issues.apache.org/jira/browse/CXF-9123
             Project: CXF
          Issue Type: Bug
          Components: Core
            Reporter: Manuel Shenavai



When tmp files are cleaned up by DelayedCachedOutputStreamCleaner, the content 
of the tmp file is written into the logs:
https://github.com/apache/cxf/blob/4fc8b120d7c7363c70324ff8c790494655ad3fa4/core/src/main/java/org/apache/cxf/io/DelayedCachedOutputStreamCleaner.java#L132
https://github.com/apache/cxf/blob/main/core/src/main/java/org/apache/cxf/io/CachedOutputStream.java#L430

Writing the payloads into the logs is a security problem.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9123) Payload written to logs

Reply via email to