Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.9.4
-
None
-
None
-
opening trace level log
Description
When log level is trace, using BeanUtils.setProperty would record the value of bean. Even override the toString for bean, such like using * to hide the sensitive message. It would also show the original info without hiding.
The better way to log is using bean's toString function, otherwise directly splice value and output
(org/apache/commons/beanutils/BeanUtilsBean.java, line 888)
(What's more, why I tried to upload a screenshot for code failed here?)