php · web-auth/webauthn-symfony-bundleHeads-up
web-auth/webauthn-symfony-bundle: Full Request Object Logged at INFO Level Exposing Sensitive Headers
WebauthnAuthenticator logs the full Request object at INFO level, exposing sensitive headers like Cookie and Authorization in log streams.
What changed
WebauthnAuthenticator logs the full Request object at INFO level, exposing sensitive headers like Cookie and Authorization in log streams.
Who it affects
Users of web-auth/webauthn-symfony-bundle prior to 5.3.4, especially those forwarding logs to centralized platforms.
What to do today
Upgrade to version 5.3.4 or later, or apply workarounds: raise log level above INFO or strip the 'request' key from log context.
The trail
Collected→
Audited→
Written→
Published