Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-35128

Jira is logging SOAP body in default config - passwords included

    XMLWordPrintable

Details

    Description

      In the default log4j.properties of Jira, there are settings for logging soap dumps. The config file does not explicitly enable the logging of soap dumps, but somehow, this happens, with usernames and passwords. For security, this should be fixed or removed from log4j config.

      Attachments

        Activity

          People

            ohernandez@atlassian.com Oswaldo Hernandez (Inactive)
            7f8d46fd5f17 Issa
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: