Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Reporting database password is disclosed in GET /ldp/config/dbinfo response

Description

Following the behaviour of the old mod-ldp — see — mod-reporting should redact the password from its response to the request GET GET /config/dbinfo

That is, instead of returning

It should return

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Checklist

hide

Activity

Show:

Carole Godfrey March 5, 2025 at 11:55 AM
Edited

Thank you and

Charlotte Whitt March 5, 2025 at 10:40 AM

Hi - yes let me try to work on that - together with Mike Taylor.

Carole Godfrey March 4, 2025 at 11:12 PM
Edited

This issue is observed in Ramsons release version 1.2.1 – is there a version planned for Ramsons which includes this fix – the password in visible in the UI as well as the api

Can a CSP for Ramsons be requested to fix this?

Thank You

Mike Taylor February 14, 2025 at 1:33 PM

OK, good!

Charlotte Whitt February 14, 2025 at 1:23 PM

Hi - I can set the Release date to Sunflower. Feature freeze is 3/7/2025, so we are all good for this fix to be included in Sunflower.

Done

Details

Assignee

Reporter

Priority

Sprint

Development Team

Thor

Fix versions

Release

Sunflower (R1 2025)

RCA Group

TBD

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created February 13, 2025 at 2:37 PM
Updated March 5, 2025 at 11:56 AM
Resolved February 14, 2025 at 9:28 AM
Configure
TestRail: Cases
TestRail: Runs