You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Kirk True (Jira)" <ji...@apache.org> on 2021/11/10 19:20:00 UTC

[jira] [Created] (KAFKA-13446) Remove JWT access token from logs

Kirk True created KAFKA-13446:
---------------------------------

             Summary: Remove JWT access token from logs
                 Key: KAFKA-13446
                 URL: https://issues.apache.org/jira/browse/KAFKA-13446
             Project: Kafka
          Issue Type: Bug
          Components: security
    Affects Versions: 3.1.0
            Reporter: Kirk True
            Assignee: Kirk True
             Fix For: 3.1.0


The OAuth code logs the access token on both the client and the server, potentially exposing service account details. Remove all logging entries to prevent this from leaking.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)