mirror of
https://gitcode.com/gitea/gitea.git
synced 2025-10-12 10:45:55 +08:00
03fce8f3d0
The Gitea codebase was logging `Elasticsearch` and `Meilisearch` connection strings directly to log files without sanitizing them. Since connection strings often contain credentials in the format `protocol://username:password@host:port`, this resulted in passwords being exposed in plain text in log output. Fix: - wrapped all instances of setting.Indexer.RepoConnStr and setting.Indexer.IssueConnStr with the `util.SanitizeCredentialURLs()` function before logging them. Fixes: #35530 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>