<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:13:57 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-1520] sensitive information is logged/echoed</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-1520</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;h3&gt;&lt;a name=&quot;Description&quot;&gt;&lt;/a&gt;Description&lt;/h3&gt;
&lt;p&gt;When a request contains sensitive information, e.g. because it is a login or change password, if the request fails that information must not be logged and or returned as part of the error response. &lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;Details&quot;&gt;&lt;/a&gt;Details&lt;/h3&gt;
&lt;p&gt;Currently, POST requests to &lt;a href=&quot;http://folio-snapshot-367.aws.indexdata.com:9130/bl-users/login?expandPermissions=true&amp;amp;fullPermissions=true&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;http://folio-snapshot-367.aws.indexdata.com:9130/bl-users/login?expandPermissions=true&amp;amp;fullPermissions=true&lt;/a&gt; are failing with a 500 response with the body &lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-javascript&quot;&gt;
{
  &lt;span class=&quot;code-quote&quot;&gt;&quot;endpoint&quot;&lt;/span&gt; : &lt;span class=&quot;code-quote&quot;&gt;&quot;/authn/login&quot;&lt;/span&gt;,
  &lt;span class=&quot;code-quote&quot;&gt;&quot;statusCode&quot;&lt;/span&gt; : 500,
  &lt;span class=&quot;code-quote&quot;&gt;&quot;errorMessage&quot;&lt;/span&gt; : &lt;span class=&quot;code-quote&quot;&gt;&quot;{\&quot;&lt;/span&gt;username\&lt;span class=&quot;code-quote&quot;&gt;&quot;:\&quot;&lt;/span&gt;diku_admin\&lt;span class=&quot;code-quote&quot;&gt;&quot;,\&quot;&lt;/span&gt;password\&lt;span class=&quot;code-quote&quot;&gt;&quot;:\&quot;&lt;/span&gt;admin\&lt;span class=&quot;code-quote&quot;&gt;&quot;}&quot;&lt;/span&gt;
}
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;The error message should not contain sensitive information such as the password. &lt;/p&gt;</description>
                <environment></environment>
        <key id="79514">FOLIO-1520</key>
            <summary>sensitive information is logged/echoed</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="615afd1cd9820f0070a09ef0">Zak Burke</reporter>
                                    <labels>
                    </labels>
                <created>Thu, 20 Sep 2018 00:44:57 +0000</created>
                <updated>Fri, 18 Jan 2019 12:47:52 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="191514" author="615afd1cd9820f0070a09ef0" created="Thu, 20 Sep 2018 00:47:18 +0000"  >&lt;p&gt;I filed this under Folio rather than mod-users-bl because it identifies the general issue &amp;#8211; sensitive information should not be logged &amp;#8211; rather than a specific one. But, if you did want to file a sub issue to deal with this specific case, &lt;tt&gt;_/proxy/tenants/diku/modules?full=true&lt;/tt&gt; reports this instance is running &lt;tt&gt;mod-users-bl-4.0.2-SNAPSHOT.25&lt;/tt&gt; and &lt;tt&gt;mod-authtoken-1.5.2-SNAPSHOT.26&lt;/tt&gt;. &lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzywzb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    </customfields>
    </item>
</channel>
</rss>