Giteabot 0a87bf9016

Fixing issue #35530: Password Leak in Log Messages (#35584) (#35665) ...

Backport #35584 by @shashank-netapp

# Summary
The Gitea codebase was logging `Elasticsearch` and `Meilisearch`
connection strings directly to log files without sanitizing them. Since
connection strings often contain credentials in the format
`protocol://username:password@host:port`, this resulted in passwords
being exposed in plain text in log output.

Fix:
- wrapped all instances of setting.Indexer.RepoConnStr and
setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()`
function before logging them.

Fixes: #35530

Co-authored-by: shashank-netapp <108022276+shashank-netapp@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

2025-10-15 09:39:33 +00:00

..

bleve

update go&js dependencies (#34262)

2025-04-23 21:22:40 +00:00

elasticsearch

Enable testifylint rules (#34075)

2025-03-31 01:53:48 -04:00

gitgrep

enable staticcheck QFxxxx rules (#34064)

2025-03-29 17:32:28 -04:00

internal

Enable addtional linters (#34085)

2025-04-01 10:14:01 +00:00

git.go

Remove context from git struct (#33793)

2025-03-04 11:56:11 -08:00

indexer_test.go

Enable testifylint rules (#34075)

2025-03-31 01:53:48 -04:00

indexer.go

Fixing issue #35530: Password Leak in Log Messages (#35584) (#35665)

2025-10-15 09:39:33 +00:00

search.go

Improve issue & code search (#33860)

2025-03-13 11:07:48 +08:00