From 1000a60d3a4263784250960565c73d98a52f200a Mon Sep 17 00:00:00 2001
From: YuriyZ <yzabrovarniy@gmail.com>
Date: Mon, 21 Mar 2022 11:25:17 +0200
Subject: [PATCH] fix(jans-auth-server): corrected log vulnerability

https://github.com/JanssenProject/jans/issues/805
---
 .../io/jans/as/server/service/stat/StatResponseService.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/stat/StatResponseService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/stat/StatResponseService.java
index d9738c37cab..6ccd180b87a 100644
--- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/stat/StatResponseService.java
+++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/stat/StatResponseService.java
@@ -48,7 +48,7 @@ public StatResponse buildResponse(List<String> months) {
         final StatResponse cachedResponse = responseCache.getIfPresent(cacheKey);
         if (cachedResponse != null) {
             if (log.isTraceEnabled()) {
-                log.trace("Get stat response from cache for: {}", cacheKey);
+                log.trace("Get stat response from cache for: {}", escapeLog(cacheKey));
             }
             return cachedResponse;
         }