Hello, I already did it here :
https://issues.apache.org/jira/browse/KARAF-7256?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel Regards mie., 1 oct. 2025, 21:51 Matt Pavlovich <[email protected]> a scris: > Hi Jérémie- > > That should be filed as an issue— please open a ticket and we can detect > command line options that are marked as ‘masked’ and log them using ‘****’ > instead of clear text. > > Open ticket here: > https://github.com/apache/karaf/issues > > Thanks, > Matt Pavlovich > > On Oct 1, 2025, at 11:13 AM, Jérémie <[email protected]> wrote: > > Hello, > > In the same type, there is also a "vulnerability" tagged by our sec team > internally: if you execute a command with a password as a parameter, this > password will be present in the logs, even if the parameter is declared as > "masked". Because it is set unfiltered as the thread name of the command. > > Regards, > Jérémie > > mie., 1 oct. 2025, 16:10 Ephemeris Lappis <[email protected]> a > scris: > >> Hello.! >> >> The current default appender is right for all our logs, except for shell >> commands that are used by our dev-ops tools and generate very long (and >> very useless) thread names". >> How can we filter these commands that have no package, thus no explicit >> appender ? >> >> Another very strange shell behavior : >> >> executing the command : >> x="json = {\"a\":1, \"b\":2}" >> . >> produces a repeated "json = " pattern, it seems that the "{...,..." is >> interpreted as a repeated action pattern. I've found no explanation in the >> shell manual. >> >> json = "a":1 json = "b":2 >> >> Is there a way to disable this command expansion : our dev-ops jobs fail >> because of that :( >> >> Thanks. >> >> Regards. >> >> >> Le mer. 1 oct. 2025 à 15:44, Matt Pavlovich <[email protected]> a >> écrit : >> >>> Your logging configuration must be using a pattern that includes the >>> thread name in the log output. You can remove that macro, or configure a >>> separate log appender for the packages you want to filter and give that a >>> different logging pattern without the thread macro. >>> >>> -Matt >>> >>> > On Oct 1, 2025, at 5:35 AM, Ephemeris Lappis < >>> [email protected]> wrote: >>> > >>> > Hello. >>> > >>> > We need to use the Karaf's shell "log" command to trace actions during >>> some deployment opérations.. >>> > >>> > We've seen that the thread name using the "log:log" command is the >>> command itself, producing very big lines in the log file. >>> > >>> > Example : >>> > admin@root()> log:log --level WARNING "A very very long text..." >>> > 12:29:39.362 WARN [pipe-log:log --level WARNING "A very very long >>> text..."] A very very long text... >>> > >>> > The thread name is "pipe-log:log --level WARNING "A very very long >>> text..."" >>> > >>> > In reality, messages may be actually bigger, since we want to trace >>> very detailed information about the current deployments. >>> > >>> > Is there any way to avoid this ? >>> > >>> > Thanks in advance for your help. >>> > >>> > Regards. >>> >>> >
