-Dhttp should never leak credentials
Bug #723074 reported by
Vincent Ladeuil
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bazaar |
Fix Released
|
High
|
Vincent Ladeuil |
Bug Description
I keep recommending people to edit their .bzr.log file. This is the wrong approach.
Most people don't know which headers are sensitive, we do. Therefore, we should not output sensitive information unless some additional debug option require them.
Related branches
Changed in bzr: | |
importance: | Undecided → High |
status: | New → Confirmed |
tags: | added: debug http |
Changed in bzr: | |
milestone: | none → 2.4b4 |
status: | Confirmed → In Progress |
assignee: | nobody → Vincent Ladeuil (vila) |
status: | In Progress → Fix Released |
To post a comment you must log in.