Quickfixjclient health endpoint leaking secrets

esanchezros / quickfixj-spring-boot-starter

Spring Boot Starter for QuickFIX/J

Apache License 2.0

125 stars 57 forks source link

Quickfixjclient health endpoint leaking secrets #117

Closed svabrad closed 9 months ago

svabrad commented 10 months ago

Hi Eduardo!

I've noticed health endpoint for quickfixjclient is leaking secrets. Passwords for session and proxy are visible. Would it be possible to hide it? Perhaps with option like quickfixj.client.actuator.opaque=true.

Thank you for all the great work you are doing, I greatly appreciate it.

esanchezros commented 10 months ago

Hey @svabrad, Thanks for reporting, it's a good spot. I'm going to try fixing it in the next few days but please feel free to add a PR if you would like to contribute. Thanks

svabrad commented 10 months ago

Absolutely, I will try to find spare minute.

esanchezros commented 9 months ago

Fixed in version 2.16.4