Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.13.2
-
None
-
Unknown
Description
The MessageHistory feature currently keeps passwords in plain text in case they are part of the URI.
MessageHelper.doDumpMessageHistoryStacktrace() does some sanitizing, but only for the from node - other nodes/processors are currently not sanitized.
In order to prevent handling sensitive information in the message history in general, I would suggest to sanitize the URI already when storing a MessageHistory item.