You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Kirk True (Jira)" <ji...@apache.org> on 2021/11/10 19:20:00 UTC
[jira] [Created] (KAFKA-13446) Remove JWT access token from logs
Kirk True created KAFKA-13446:
---------------------------------
Summary: Remove JWT access token from logs
Key: KAFKA-13446
URL: https://issues.apache.org/jira/browse/KAFKA-13446
Project: Kafka
Issue Type: Bug
Components: security
Affects Versions: 3.1.0
Reporter: Kirk True
Assignee: Kirk True
Fix For: 3.1.0
The OAuth code logs the access token on both the client and the server, potentially exposing service account details. Remove all logging entries to prevent this from leaking.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)