Jira is logging SOAP body in default config - passwords included

2013-10-02T11:33:02
ID ATLASSIAN:JRASERVER-35128
Type atlassian
Reporter gorisis
Modified 2019-03-28T00:11:37

Description

In the default log4j.properties of Jira, there are settings for logging soap dumps. The config file does not explicitly enable the logging of soap dumps, but somehow, this happens, with usernames and passwords. For security, this should be fixed or removed from log4j config.