mirror of
https://github.com/go-gitea/gitea.git
synced 2025-10-10 15:10:58 +02:00
6de2151607
Backport #35584 by @shashank-netapp # Summary The Gitea codebase was logging `Elasticsearch` and `Meilisearch` connection strings directly to log files without sanitizing them. Since connection strings often contain credentials in the format `protocol://username:password@host:port`, this resulted in passwords being exposed in plain text in log output. Fix: - wrapped all instances of setting.Indexer.RepoConnStr and setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()` function before logging them. Fixes: #35530 Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>