CAS 5.3.3 log4j2 GelfLayout - too much information

[Danny]

I've been playing around sending logs to a Graylog server using the GelfLayout mechanism.  It's working...too well.  I discovered that the login password is being sent into the Graylog server as part of the GELF data.  If I set the log level at warn, I get nothing at all, but at info, I get the password.  I've attached the log to several different AsyncLogger entries, but cannot find one that doesn't include the password.  Am I missing something or is this an issue that needs to be fixed.  My log files just have the message data, but the GELF data seems to include everything in the session. 

[JF Poulin]

Hi Danny.

Noticing the same thing just now. Any workaround? I'll let you know if I end up finding one.

Thanks.

[JF Poulin]

Added a static value for the password field to hide it:

<KeyValuePair key="password" value="youdidntsaythemagicword"/>

[Danny]

I had tried that and it didn't seem to work.  I'll go back and try it again.

Thanks

[JF Poulin]

Actually, after further testing, I still don't have a solution. Turns out adding static values only works in certain situations. If I find a better way, I will let you know.