From ff2fb95e5d9bdbe4f96239ff0e34019bddc0c88c Mon Sep 17 00:00:00 2001 From: Andrew Mayorov Date: Wed, 10 Jan 2024 13:09:08 +0100 Subject: [PATCH 1/3] fix(conf): bump to hocon 0.40.4 Which includes a bugfix for undefined sensitive values obfuscation. --- apps/emqx/rebar.config | 2 +- mix.exs | 2 +- rebar.config | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config index 3664844a0..b9e06d7ae 100644 --- a/apps/emqx/rebar.config +++ b/apps/emqx/rebar.config @@ -30,7 +30,7 @@ {esockd, {git, "https://github.com/emqx/esockd", {tag, "5.11.1"}}}, {ekka, {git, "https://github.com/emqx/ekka", {tag, "0.17.0"}}}, {gen_rpc, {git, "https://github.com/emqx/gen_rpc", {tag, "3.3.1"}}}, - {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.40.3"}}}, + {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.40.4"}}}, {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.5.3"}}}, {pbkdf2, {git, "https://github.com/emqx/erlang-pbkdf2.git", {tag, "2.0.4"}}}, {recon, {git, "https://github.com/ferd/recon", {tag, "2.5.1"}}}, diff --git a/mix.exs b/mix.exs index 04e139b15..7ef3eb573 100644 --- a/mix.exs +++ b/mix.exs @@ -72,7 +72,7 @@ defmodule EMQXUmbrella.MixProject do # in conflict by emqtt and hocon {:getopt, "1.0.2", override: true}, {:snabbkaffe, github: "kafka4beam/snabbkaffe", tag: "1.0.8", override: true}, - {:hocon, github: "emqx/hocon", tag: "0.40.3", override: true}, + {:hocon, github: "emqx/hocon", tag: "0.40.4", override: true}, {:emqx_http_lib, github: "emqx/emqx_http_lib", tag: "0.5.3", override: true}, {:esasl, github: "emqx/esasl", tag: "0.2.0"}, {:jose, github: "potatosalad/erlang-jose", tag: "1.11.2"}, diff --git a/rebar.config b/rebar.config index 755fc13c8..0a264acf8 100644 --- a/rebar.config +++ b/rebar.config @@ -97,7 +97,7 @@ {system_monitor, {git, "https://github.com/ieQu1/system_monitor", {tag, "3.0.3"}}}, {getopt, "1.0.2"}, {snabbkaffe, {git, "https://github.com/kafka4beam/snabbkaffe.git", {tag, "1.0.8"}}}, - {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.40.3"}}}, + {hocon, {git, "https://github.com/emqx/hocon.git", {tag, "0.40.4"}}}, {emqx_http_lib, {git, "https://github.com/emqx/emqx_http_lib.git", {tag, "0.5.3"}}}, {esasl, {git, "https://github.com/emqx/esasl", {tag, "0.2.0"}}}, {jose, {git, "https://github.com/potatosalad/erlang-jose", {tag, "1.11.2"}}}, From 8af9512a9070d08e6df9613de19c1e15add8ae9f Mon Sep 17 00:00:00 2001 From: Andrew Mayorov Date: Wed, 10 Jan 2024 13:35:49 +0100 Subject: [PATCH 2/3] test(ft-conf): verify undefined password won't become `******` --- apps/emqx_ft/test/emqx_ft_api_SUITE.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/emqx_ft/test/emqx_ft_api_SUITE.erl b/apps/emqx_ft/test/emqx_ft_api_SUITE.erl index 7a2e1284f..98af0787a 100644 --- a/apps/emqx_ft/test/emqx_ft_api_SUITE.erl +++ b/apps/emqx_ft/test/emqx_ft_api_SUITE.erl @@ -428,7 +428,7 @@ test_configure(Uri, Config) -> <<"exporter">> := #{ <<"s3">> := #{ <<"transport_options">> := #{ - <<"ssl">> := #{ + <<"ssl">> := SSL = #{ <<"enable">> := true, <<"certfile">> := <<"/", _CertFilepath/bytes>>, <<"keyfile">> := <<"/", _KeyFilepath/bytes>> @@ -441,7 +441,7 @@ test_configure(Uri, Config) -> } } } - }, + } when not is_map_key(<<"password">>, SSL), GetConfigJson ), ?assertMatch( From e14e923f8ad797ccfedd15cc8f9a77cc2ae171c8 Mon Sep 17 00:00:00 2001 From: Andrew Mayorov Date: Wed, 10 Jan 2024 13:41:43 +0100 Subject: [PATCH 3/3] chore: add changelog entry --- changes/ee/fix-12291.en.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changes/ee/fix-12291.en.md diff --git a/changes/ee/fix-12291.en.md b/changes/ee/fix-12291.en.md new file mode 100644 index 000000000..735e1d7d8 --- /dev/null +++ b/changes/ee/fix-12291.en.md @@ -0,0 +1 @@ +Fix inconsistency in how EMQX handles configuration updates where sensitive parameters are involved, which led to occurrences of stray `"******"` strings in the cluster configuration file.