[BUG-SECURITY ISSUE] DB user/pass in plaintext in server.log

[nodiaque]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Hello,

When you open server.log, the full connection string http://user:pass@mongodb is written multiple time in plaintext. At least password should be scrubbed

Expected Behavior

Password to be scrubbed in logs unless debug mode is enable with a warning saying it's dumping pasword in plaint test.

Steps To Reproduce

Check server.log

Environment

- OS: unraid 6.12.4
- How docker service was installed:
Unraid apps

CPU architecture

x86-64

Docker creation

unraid apps

Container logs

no need

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[aptalca]

Isn't that unifi's log? If so, we don't control that and it should be reported upstream.

[nodiaque]

You are right, I see the older one was doing it also using the internal database of mongodb. I'll send that to unifi then!