** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000151
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1570221 Title: Don't print parameter values in logs, in productionmode Status in Mahara: Fix Released Status in Mahara 15.04 series: Fix Released Status in Mahara 15.10 series: Fix Released Status in Mahara 16.04 series: Fix Released Status in Mahara 16.10 series: Fix Released Bug description: Following on from Bug 1567186, even scrubbing out parameters that we know to be passwords, is not a fool-proof way to keep passwords and sensitive data out of the logs. Params might be misnamed, or sensitive data might be passed through general-purpose functions. The only surefire way to prevent secure data from being printed to the logs, is to avoid printing parameter values in stacktraces at all. However, parameter values are useful for debugging, so I think we should show them productionmode=false, and hide them when productionmode=true. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1570221/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
