Redact user input in selected logs.#14748
Merged
sundb merged 3 commits intoredis:unstablefrom Jan 29, 2026
Merged
Conversation
|
Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset. In case there are security findings, they will be communicated to you as a comment inside the PR. Hope you’ll enjoy using Jit. Questions? Comments? Want to learn more? Get in touch with us. |
🤖 Augment PR SummarySummary: Extends Redis log redaction when Changes: Redacts key names in eviction/expiration debug logs, malformed 🤖 Was this summary useful? React with 👍 or 👎 |
![augmentcode[bot]](https://avatars.githubusercontent.com/in/1027498?s=60&v=4){kind=small}
Collaborator
|
not sure we should do this for the following: |
sundb
reviewed
Jan 29, 2026
sundb
approved these changes
Jan 29, 2026
sundb
added
the
release-notes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR continues the work #14645 , to further ensure sensitive user data is not exposed in logs when hide_user_data_from_log is enabled.
Redact empty key notices during RDB load.
Redact key names in eviction/expiration debug logs.
Block DEBUG SCRIPT output and suppress raw string dump in crash object debug when redaction is enabled.
Redact malformed MODULE LOAD argument snippets and unresolved module configuration logs.
Redact empty key notices during RDB load.
Redact key names during Lua globals allow‑list warnings.
Note
Low Risk
Changes are limited to log output/visibility and debug-command gating; core data-path behavior is unchanged, with low risk aside from reduced diagnostic detail when redaction is enabled.
Overview
Extends
hide_user_data_from_logcoverage by redacting user-provided strings (keys/args/config values) in additional log messages, including eviction/expiration deletion logs, module load/config errors, RDB empty-key notices, and Lua globals warnings.Also tightens debug/crash logging by blocking
DEBUG SCRIPTwhen redaction is enabled and avoiding printing raw string contents in crash reports; debug output that mentions keys now usesredactLogCstr().Written by Cursor Bugbot for commit cc4b21c. This will update automatically on new commits. Configure here.