Skip to content

v1.2.2
Compare
Choose a tag to compare
@onlime onlime released this 16 Jun 16:53
· 6 commits to main since this release
v1.2.2
e855b08
This commit was signed with the committer’s verified signature.
onlime Philip Iezzi (Pipo)
SSH Key Fingerprint: 4U9WLBTJjImGRCV9I3fHLsREHEqeTWBWa1CLroJ6v0Q
Verified
Learn about vigilant mode.
  • [Security] Body key obfuscation (obfuscate.body_keys config) is now also applied to form-style request bodies, not only JSON bodies. This prevents accidental logging of e.g. OpenID Connect (OAuth 2.0) tokens on POST /token endpoint, which may contain the refresh_token and client_secret.
  • [Security] Added id_token as additional body key for obfuscation to the HTTP_CLIENT_GLOBAL_LOGGER_OBFUSCATE_BODY_KEYS default.
Assets 2
Loading