Bug 203912

Summary: www/owncloud: Cleartext Password Logs
Product: Ports & Packages Reporter: O. Hartmann <ohartmann>
Component: Individual Port(s)Assignee: Walter Schwarzenfeld <w.schwarzenfeld>
Status: Closed FIXED    
Severity: Affects Many People CC: koobs, loic.blot, rene, w.schwarzenfeld
Priority: --- Keywords: needs-qa, security
Version: LatestFlags: bugzilla: maintainer-feedback? (kevlo)
Hardware: Any   
OS: Any   

Description O. Hartmann 2015-10-21 05:29:41 UTC 
Owncloud logs passwords of users in cleartext in the owncloud.log file, which is usually readabel only by the user id www and group id www. This is with version 8.1.3.0 and the standard installation on FreeBSD CURRENT.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2015-10-21 05:40:10 UTC 
Is this something that needs to be reported, and fixed upstream, or is it a configuration default that can be improved upon?
Comment 2 loic.blot 2016-03-09 06:58:55 UTC 
@kubilay this is fixed upstream as i see yesterday with the owncloud 9.0. THere is a filter to remove passwords from logs. This bug can be closed
Comment 3 Rene Ladan freebsd_committer freebsd_triage 2018-01-12 11:23:20 UTC 
Maintainer reset.
Comment 4 Walter Schwarzenfeld 2018-03-04 15:33:37 UTC 
See comment2. Close here - fixed.