summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--releases.moxie1
-rw-r--r--src/main/java/com/gitblit/GitBlit.java4
2 files changed, 3 insertions, 2 deletions
diff --git a/releases.moxie b/releases.moxie
index 23c0de8b..f9e21d4b 100644
--- a/releases.moxie
+++ b/releases.moxie
@@ -17,6 +17,7 @@ r20: {
- Personal repository prefix (~) is now configurable (issue-265)
- Reversed line links in blob view (issue-309)
- Dashboard and Activity pages now obey the web.generateActivityGraph setting (issue-310)
+ - Do not log passwords on failed authentication attempts (issue-316)
- Updated default binary and Lucene ignore extensions
additions:
- Added branch graph image servlet based on EGit's branch graph renderer (issue-194)
diff --git a/src/main/java/com/gitblit/GitBlit.java b/src/main/java/com/gitblit/GitBlit.java
index 2cebe82b..c31a0e97 100644
--- a/src/main/java/com/gitblit/GitBlit.java
+++ b/src/main/java/com/gitblit/GitBlit.java
@@ -947,8 +947,8 @@ public class GitBlit implements ServletContextListener {
user.username, httpRequest.getRemoteAddr()));
return user;
} else {
- logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials ({1}) from {2}",
- username, credentials, httpRequest.getRemoteAddr()));
+ logger.warn(MessageFormat.format("Failed login attempt for {0}, invalid credentials from {1}",
+ username, httpRequest.getRemoteAddr()));
}
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-27 18:29:01 +0000