LoggableUrl Leaks partial passwords

Question

Closed this issue 3 years ago · 4 comments

This regex matches the first @ found, when it needs to match the last @ found.

For example if the password was "badp@ssword", the log would log: http://user:***@ssword@url instead of the expected http://user:***@url

Answer 1 · 2022-06-14T06:12:03.000Z

Thanks @matt1097, will resolve

Answer 2 · 2022-06-14T06:32:00.000Z

Fixed in rascal@14.4.5

Answer 3 · 2022-06-14T06:35:14.000Z

Something strange with the tag. Double checking the fix was published

Answer 4 · 2022-06-14T06:37:03.000Z

Yep, all good. Thanks again for reporting