Iccha: I've attached a second round patch patches which (this time) remove the URI/creds from log messages as well as exception messages. All of the LOG messages affected are debug level (which means most people probably don't see them in production). The downside of this approach is that things will be a bit more difficult to debug but I'm Okay with that in the name of security.
Iccha: I've attached a second round patch patches which (this time) remove the URI/creds from log messages as well as exception messages. All of the LOG messages affected are debug level (which means most people probably don't see them in production). The downside of this approach is that things will be a bit more difficult to debug but I'm Okay with that in the name of security.