Hmm I thought that the backport should be fine because that is what the original PR targeted (it targeted the 1.9.x branch), which is why it was backported. Sorry for any confusion.
Instead of reverting the change, we should just merge a PR to 1.9.x specifically with the default targeted behavior that we want, but keep the option in. Please link such a PR here so we can keep track. As for the acceptable solutions, I really would prefer to err on the side of more security. I am OK with the code as is; but is there a way to filter just sensitive data from the payload? Like search-and-replace passwords? Or is the whole payload stream considered sensitive? I am not really sure what parts of the payload are considered sensitive, so let me know if I'm missing something. --- Reply to this email directly or view it on GitHub: https://github.com/jclouds/jclouds/pull/830#issuecomment-126695049
