You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Willem Jiang (JIRA)" <ji...@apache.org> on 2014/07/10 07:59:06 UTC
[jira] [Resolved] (CAMEL-7587) MessageHistory stores passwords in
plain text
[ https://issues.apache.org/jira/browse/CAMEL-7587?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Willem Jiang resolved CAMEL-7587.
---------------------------------
Resolution: Fixed
Fix Version/s: 2.14.0
2.13.3
2.12.5
Applied the patch into master, camel-2.13.x and camel-2.12.x branches.
> MessageHistory stores passwords in plain text
> ---------------------------------------------
>
> Key: CAMEL-7587
> URL: https://issues.apache.org/jira/browse/CAMEL-7587
> Project: Camel
> Issue Type: Bug
> Components: camel-core
> Affects Versions: 2.13.2
> Reporter: Marco Zapletal
> Assignee: Willem Jiang
> Priority: Minor
> Fix For: 2.12.5, 2.13.3, 2.14.0
>
>
> The MessageHistory feature currently keeps passwords in plain text in case they are part of the URI.
> MessageHelper.doDumpMessageHistoryStacktrace() does some sanitizing, but only for the from node - other nodes/processors are currently not sanitized.
> In order to prevent handling sensitive information in the message history in general, I would suggest to sanitize the URI already when storing a MessageHistory item.
--
This message was sent by Atlassian JIRA
(v6.2#6252)