A bug was found in src/or/buffers.c::parse_socks(), where escaped() function on the request address is used rather than escaped_safe_str_client(). When a socks5 client application sends a request with a malformed hostname, the full hostaname is logged, while rejecting the connection, instead of logging [scrubbed] name, respecting the SafeLogging configuration. Upstream patch: https://gitweb.torproject.org/tor.git/commit/?id=19df037e53331ae528b876f225be08f198e0f8b6
Created tor tracking bugs for this issue: Affects: fedora-all [bug 1257877] Affects: epel-all [bug 1257878]