Don't log property values in PropertySourcesPropertyResolver by default [SPR-14709] #19274
Labels
in: core
Issues in core modules (aop, beans, core, context, expression)
type: enhancement
A general enhancement
Milestone
Christoffer Sawicki opened SPR-14709 and commented
PropertySourcesPropertyResolver
currently logs all values it finds (at level "debug"). This is problematic since some values can be of sensitive nature (e.g. passwords) and some systems have requirements to never log such information.The safest way to fix this is to modify
PropertySourcesPropertyResolver
to never log property values at all.Leaving a hook (like the current
logKeyFound
) could still be useful for users that would like to — for whatever reason — override this new default behaviour.(Filing this improvement issue was suggested by
@juergen
.hoeller in this comment: https://jira.spring.io/browse/SPR-14370?focusedCommentId=132028)Affects: 4.3.2
Issue Links:
Referenced from: commits 782c99d, fbe7ddb
The text was updated successfully, but these errors were encountered: