search

dunglas / mercure

🪽 An open, easy, fast, reliable and battery-efficient solution for real-time communications
https://mercure.rocks
GNU Affero General Public License v3.0
3.83k stars 278 forks source link

fix: redact the authorization query parameter from logs #910

Closed dunglas closed 4 weeks ago

dunglas commented 4 weeks ago

The authorization filter has never been redacted because the field selector was bad.

I hesitated to open a CVE for this, but I think it's not necessary because the field has never been redacted, and it's not documented as such.

This patch also leverages https://github.com/caddyserver/caddy/pull/5980.