From 4d87cafd68f13562f2356db197493304ff24e866 Mon Sep 17 00:00:00 2001
From: Alex COLLIGNON <colligno@adobe.com>
Date: Wed, 19 Apr 2017 15:49:35 +0200
Subject: [PATCH 2/2] Fix information disclosure in debug statement (toString)

---
 .../apache/jackrabbit/vault/fs/api/RepositoryAddress.java   | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/api/RepositoryAddress.java b/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/api/RepositoryAddress.java
index 0261da2..46aa62a 100644
--- a/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/api/RepositoryAddress.java
+++ b/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/api/RepositoryAddress.java
@@ -280,12 +280,19 @@ public class RepositoryAddress {
     /**
      * {@inheritDoc}
      *
-     * @return same as {@link #getURI() getURI().toString()}
+     * @return same as {@link #getURI() getURI().toString()} with blurred user info
      */
     @Override
     @Nonnull
     public String toString() {
-        return getURI().toString();
+        final URI uri = getURI();
+        final String userInfo = uri.getRawUserInfo();
+
+        if (userInfo != null) {
+            return uri.toString().replace(userInfo, "******:******");
+        } else {
+            return uri.toString();
+        }
     }
 
     /**
@@ -372,4 +379,4 @@ public class RepositoryAddress {
     }
 
 
-}
\ No newline at end of file
+}
-- 
2.12.2