Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redacted URL in logs / errors #158

Merged
merged 4 commits into from
May 30, 2024
Merged

Redacted URL in logs / errors #158

merged 4 commits into from
May 30, 2024

Conversation

dany74q
Copy link
Contributor

@dany74q dany74q commented Mar 15, 2022

So that basic auth creds, if any, won't show up in logs

danehammer and others added 2 commits March 16, 2022 01:53
@danehammer @dany74q
Redacted URL in logs / errors
28e8f81 
So that basic auth creds, if any, won't show up in logs
@dany74q
Apparently Redacted() was added in go 1.15
65e8765
@hashicorp-cla
Copy link

hashicorp-cla commented Mar 15, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

dany74q
dany74q commented Mar 16, 2022
View reviewed changes
.circleci/config.yml Outdated Show resolved Hide resolved
@manicminer manicminer requested a review from a team as a code owner May 30, 2024 00:04
manicminer
manicminer approved these changes May 30, 2024
View reviewed changes
Copy link
Contributor

@manicminer manicminer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for this fix @dany74q, this LGTM 👍

@manicminer manicminer added this to the v0.7.7 milestone May 30, 2024
@manicminer manicminer merged commit a99f07b into hashicorp:main May 30, 2024
4 checks passed
@eastebry
Copy link

Hey @dany74q - we've decided to retroactively issue a CVE for this issue. If you would like credit for the discovery or fix, please email security[at]hashicorp.com with the name/identifier you would like us to use (Github user dany74q, Dany from SomeCompany, etc.) An acknowledgement will be included in a security bulletin published to https://discuss.hashicorp.com/c/security/

Thank you again!

danishprakash pushed a commit to SUSE/podman that referenced this pull request Oct 1, 2024
@dcermak @danishprakash
Backport fix for CVE-2024-6104
faabff0 
This is hashicorp/go-retryablehttp#158 only directly
applied to the vendor/ source tree
See also GHSA-v6v8-xj6m-xwqh
danishprakash pushed a commit to danishprakash/podman that referenced this pull request Oct 3, 2024
@dcermak @danishprakash
Backport fix for CVE-2024-6104
2fc0317 
This is hashicorp/go-retryablehttp#158 only directly
applied to the vendor/ source tree
See also GHSA-v6v8-xj6m-xwqh
dcermak pushed a commit to SUSE/go-retryablehttp that referenced this pull request Dec 9, 2024
@danehammer @D4N
Redacted URL in logs / errors
5c0e967 
This is a cherry pick of three commits:
28e8f81
65e8765
b2aee50

- So that basic auth creds, if any, won't show up in logs

- Apparently Redacted() was added in go 1.15

- Copied Redacted() implementation from go 1.15

All are taken from hashicorp#158

This fixes CVE-2024-6104 aka CVE-2024-6104 aka
GHSA-v6v8-xj6m-xwqh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manicminer manicminer manicminer approved these changes

Assignees
No one assigned
Labels
logging
Projects
None yet
Milestone
v0.7.7
Development

Successfully merging this pull request may close these issues.
5 participants
@dany74q @hashicorp-cla @eastebry @manicminer @danehammer