On Exception only log the email ID at error level and log the whole email at trace level#291
Merged
bbottema merged 1 commit intobbottema:developfrom Sep 30, 2020
Merged
Conversation
Only log the whole contents of an `Email` object on `trace` log level instead of `error`. Otherwise the whole email is printed to the logs, which can blow up the amount of logs quite a bit for services sending emails automatically.
Owner
|
Released in 6.4.4. |
|
You mention only size of logs here. Please let me raise the awareness that this was also quite a serious breach in data confidentiality. In my company, we are not allowed to log personal data (except under very special circumstances), and a whole e-mail naturally contains quite a lot of possibly sensitive data. |
Owner
|
Agreed. You could still still suppress this logging using regular log config, but that would have been a workaround. Now this is fixed at the core. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Only log the whole contents of an
Emailobject ontracelog level instead oferror. Otherwise the whole email is printed to the logs, which can blow up the amount of logs quite a bit for services sending emails automatically.Alternatively, the
Email.toString()method could be changed to actually not put in all the contents of text/html bodies.