diff --git a/CHANGELOG.md b/CHANGELOG.md index 340a7111d..aa4c9887e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,11 @@ # ChangeLog +## 3.15.2 +### Added +* Strings logged via the Go Agent's built-in logger will have strings of the form `license_key=`*hex-string* changed to `license_key=[redacted]` before they are output, regardless of severity level, where *hex-string* means a sequence of upper- or lower-case hexadecimal digits and dots ('.'). This incorporates [PR #415](https://github.com/newrelic/go-agent/pull/415). + +### Support Statement +New Relic recommends that you upgrade the agent regularly to ensure that you’re getting the latest features and performance benefits. Additionally, older releases will no longer be supported when they reach end-of-life. + ## 3.15.1 ### Fixed diff --git a/v3/internal/logger/logger.go b/v3/internal/logger/logger.go index f5f13212d..a70dd44db 100644 --- a/v3/internal/logger/logger.go +++ b/v3/internal/logger/logger.go @@ -9,6 +9,7 @@ import ( "io" "log" "os" + "regexp" ) // Logger matches newrelic.Logger to allow implementations to be passed to @@ -72,10 +73,15 @@ func (f *logFile) fire(level, msg string, ctx map[string]interface{}) { msg, ctx, }) - if nil == err { - f.l.Print(string(js)) + if err == nil { + // scrub license keys from any portion of the log message + re := regexp.MustCompile(`license_key=[a-fA-F0-9.]+`) + sanitized := re.ReplaceAllLiteralString(string(js), "license_key=[redacted]") + f.l.Print(sanitized) } else { - f.l.Printf("unable to marshal log entry: %v", err) + f.l.Printf("unable to marshal log entry") + // error value removed from message to avoid possibility of sensitive + // content being leaked that way } } diff --git a/v3/newrelic/version.go b/v3/newrelic/version.go index 91c05fdea..a7485271d 100644 --- a/v3/newrelic/version.go +++ b/v3/newrelic/version.go @@ -11,7 +11,7 @@ import ( const ( // Version is the full string version of this Go Agent. - Version = "3.15.1" + Version = "3.15.2" ) var (