Filter sensitive query string parameters in the log [#6244 state:committed]

This provides more safety to applications that put secret information in the query string, such as API keys or SSO tokens. Signed-off-by: Xavier Noria <fxn@hashref.com>
author: Prem Sichanugrist & Xavier Noria <fxn@hashref.com> 2011-01-01 23:51:05 +0700
committer: Xavier Noria <fxn@hashref.com> 2011-03-11 00:16:18 +0100
commit: 68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e (patch)
tree: 1b8b15255e7719ad947fc404299b7c7e62598b17 /actionpack/CHANGELOG
parent: 51a269b2282ec09cf58614e738a2d0e40d2909d3 (diff)
download: rails-68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e.tar.gz
rails-68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e.tar.bz2
rails-68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index d9fe45d897..5ab92c8cfc 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *Rails 3.1.0 (unreleased)*
 
+* Sensitive query string parameters (specified in config.filter_parameters) will now be filtered out from the request paths in the log file. [Prem Sichanugrist, fxn]
+
 * URL parameters which return false for to_param now appear in the query string (previously they were removed) [Andrew White]
 
 * URL parameters which return nil for to_param are now removed from the query string [Andrew White]
author	Prem Sichanugrist & Xavier Noria <fxn@hashref.com>	2011-01-01 23:51:05 +0700
committer	Xavier Noria <fxn@hashref.com>	2011-03-11 00:16:18 +0100
commit	68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e (patch)
tree	1b8b15255e7719ad947fc404299b7c7e62598b17 /actionpack/CHANGELOG
parent	51a269b2282ec09cf58614e738a2d0e40d2909d3 (diff)
download	rails-68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e.tar.gz rails-68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e.tar.bz2 rails-68802d0fbe9d20ef8c5f6626d4b3279bd3a42d3e.zip