New commit detected on ManageIQ/manageiq-gems-pending/gaprindashvili: https://github.com/ManageIQ/manageiq-gems-pending/commit/3707a9a85a9b93325e566a7dbe1cdcb01f1c55cc commit 3707a9a85a9b93325e566a7dbe1cdcb01f1c55cc Author: Brandon Dunne <brandondunne> AuthorDate: Tue Sep 25 14:52:08 2018 -0400 Commit: Brandon Dunne <brandondunne> CommitDate: Tue Sep 25 14:52:08 2018 -0400 Merge pull request #373 from lfu/password_log_1619385 Changes to MiqPassword.sanitize_string to support URL encoded password. (cherry picked from commit 2fa61e91ce5eeba1dc969e38c76faaee61cb7eb6) https://bugzilla.redhat.com/show_bug.cgi?id=1634808 lib/gems/pending/util/miq-password.rb | 7 +- spec/util/miq-password_spec.rb | 6 +- 2 files changed, 8 insertions(+), 5 deletions(-)
New commits detected on ManageIQ/manageiq/gaprindashvili: https://github.com/ManageIQ/manageiq/commit/043a181fe873034556cd0783bef4e71ab8d0e8fa commit 043a181fe873034556cd0783bef4e71ab8d0e8fa Author: Greg McCullough <gmccullo> AuthorDate: Thu Sep 13 17:16:52 2018 -0400 Commit: Greg McCullough <gmccullo> CommitDate: Thu Sep 13 17:16:52 2018 -0400 Merge pull request #17986 from lfu/password_log_1619385 Add regex for dialog password fields. (cherry picked from commit cadcbc726d83f8a6e87421f48aa0b1c8f0ccff46) https://bugzilla.redhat.com/show_bug.cgi?id=1634808 app/models/miq_request_workflow.rb | 2 +- spec/models/miq_request_workflow_spec.rb | 6 + 2 files changed, 7 insertions(+), 1 deletion(-) https://github.com/ManageIQ/manageiq/commit/0f7e2841503386353759597323761eee76aefd10 commit 0f7e2841503386353759597323761eee76aefd10 Author: Greg McCullough <gmccullo> AuthorDate: Thu Sep 27 14:39:57 2018 -0400 Commit: Greg McCullough <gmccullo> CommitDate: Thu Sep 27 14:39:57 2018 -0400 Merge pull request #18028 from lfu/password_log_2_1619385 Hide the password values in the log messages. (cherry picked from commit 4aee0f3931a86a3b68f8305ee7d56c78df91b056) https://bugzilla.redhat.com/show_bug.cgi?id=1634808 app/models/manageiq/providers/embedded_ansible/automation_manager/playbook.rb | 3 +- 1 file changed, 2 insertions(+), 1 deletion(-)
New commit detected on ManageIQ/manageiq-automation_engine/gaprindashvili: https://github.com/ManageIQ/manageiq-automation_engine/commit/2452d0e82324067fb18782805ff5ad2872744fdf commit 2452d0e82324067fb18782805ff5ad2872744fdf Author: Madhu Kanoor <mkanoor> AuthorDate: Mon Sep 24 16:44:14 2018 -0400 Commit: Madhu Kanoor <mkanoor> CommitDate: Mon Sep 24 16:44:14 2018 -0400 Merge pull request #228 from lfu/password_log_1619385 Clean up the password field and value in automate and evm.log (cherry picked from commit f294b5636db07acfea58391230a7e8e41be73b1b) https://bugzilla.redhat.com/show_bug.cgi?id=1634808 lib/miq_automation_engine/engine/miq_ae_engine.rb | 10 +- lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_domain_search.rb | 2 +- lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_object.rb | 6 +- lib/miq_automation_engine/engine/miq_ae_engine/miq_ae_workspace_runtime.rb | 2 +- lib/miq_automation_engine/engine/miq_ae_method_service/miq_ae_service.rb | 2 +- 5 files changed, 13 insertions(+), 9 deletions(-)
Fixed and verified in 5.9.5.1.20181008190812_3752291. Passwords hashes are not shown in the logs, "*" characters shown instead.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:3466