mirror/gitea
1
1
Fork 1
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-17 12:55:27 +01:00
Code Issues
release/v1.25
gitea/modules/indexer/issues
History
Giteabot 6de2151607
Fixing issue #35530: Password Leak in Log Messages (#35584) (#35609) 
Backport #35584 by @shashank-netapp

# Summary
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.

Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.

Fixes: #35530

Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-10-09 11:00:40 +02:00
..
bleve Allow filtering issues by any assignee (#33343) 2025-03-21 04:25:36 +00:00
db feat: Add sorting by exclusive labels (issue priority) (#33206) 2025-04-10 17:18:07 +00:00
elasticsearch Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
internal Refactor some tests (#34580) 2025-06-03 01:26:19 +00:00
meilisearch Upgrade dependencies (#35384) 2025-09-02 23:13:38 -04:00
dboptions.go feat: Add sorting by exclusive labels (issue priority) (#33206) 2025-04-10 17:18:07 +00:00
indexer_test.go Allow filtering issues by any assignee (#33343) 2025-03-21 04:25:36 +00:00
indexer.go Fixing issue #35530: Password Leak in Log Messages (#35584) (#35609) 2025-10-09 11:00:40 +02:00
util.go Move organization's visibility change to danger zone. (#34814) 2025-08-20 20:57:42 -07:00