Skip to content
Snippets Groups Projects
Commit f9a1f183 authored by Torben Hansen's avatar Torben Hansen Committed by Oliver Hader
Browse files

[SECURITY] Do not log stacktrace in exception handlers 

When a TYPO3 exception is handled through registered exception
handlers, log writers may log sensitive information to logs,
since the full stacktrace is logged.

With this change, exception handlers that extend
AbstractExceptionHandler except DebugExceptionHandler will
by default not include the exception object any more and
thereby not log the full stacktrace.

Resolves: #96866
Releases: main, 11.5, 10.4
Change-Id: Iaf233eefc9a1a60334a47753baf457e8282e68c0
Security-Bulletin: TYPO3-CORE-SA-2022-002
Security-References: CVE-2022-31047
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74893


Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
parent 3aef4183
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment