Closed phavekes closed 4 days ago
Although this is not a security threat in our current environment, we could take use of a sanitised Logger. Investigate if the used package has something out-of-the-box (Okke Harsta - Feb 12, 2020)
From the audit report: "this issue is considered as a false alert since it was not possible to trigger it. Failure of a compromise came down to the prevention of HTTP header spoofing." (Okke Harsta - Feb 16, 2020)
Decided not to fix this (Peter Havekes - Feb 18, 2020)
This issue is imported from pivotal