[ejabberd] Security issue in debug log

Kretschmer, Felix Felix.Kretschmer at isw.uni-stuttgart.de
Wed Sep 2 18:10:21 MSK 2015


Hi there,

just checked and this is not correct. Still see the data although the variable is set. - No Update applied.
I still get the password of all users as well as the password of the ldap_rootdn.

Sorry about that.
felix

-----Ursprüngliche Nachricht-----
Von: ejabberd [mailto:ejabberd-bounces at jabber.ru] Im Auftrag von Mickaël Rémond
Gesendet: Mittwoch, 2. September 2015 14:28
An: ejabberd at jabber.ru
Betreff: Re: [ejabberd] Security issue in debug log

Hello,

On 2 Sep 2015, at 13:48, Badlop wrote:

> Oh, I forgot to add the option verification when wrote it.
>
> Here is the fix, in case you can apply it:
> https://github.com/processone/ejabberd/commit/1bc2c8cbb16f0186953dbe5b
> 7eb71660e1e3c5f7

Please, note that it means the option is working, despite the error message. It means it will work as expected even if you do not apply the update yet.

Thanks for the feedback !

--
Mickaël Rémond
  http://www.process-one.net
_______________________________________________
ejabberd mailing list
ejabberd at jabber.ru
http://lists.jabber.ru/mailman/listinfo/ejabberd


More information about the ejabberd mailing list