Jira is logging SOAP body in default config - passwords included

XMLWordPrintable

    • 5.02
    • 5

      In the default log4j.properties of Jira, there are settings for logging soap dumps. The config file does not explicitly enable the logging of soap dumps, but somehow, this happens, with usernames and passwords. For security, this should be fixed or removed from log4j config.

            Assignee:
            Oswaldo Hernandez (Inactive)
            Reporter:
            Issa
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: