-Dhttp should never leak credentials

Bug #723074 reported by Vincent Ladeuil
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
Vincent Ladeuil

Bug Description

I keep recommending people to edit their .bzr.log file. This is the wrong approach.

Most people don't know which headers are sensitive, we do. Therefore, we should not output sensitive information unless some additional debug option require them.

Tags: debug http

Related branches

Vincent Ladeuil (vila)
Changed in bzr:
importance: Undecided → High
status: New → Confirmed
tags: added: debug http
Vincent Ladeuil (vila)
Changed in bzr:
milestone: none → 2.4b4
status: Confirmed → In Progress
assignee: nobody → Vincent Ladeuil (vila)
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.