nodemailer
Advanced tools
Comparing version 6.6.2 to 6.6.3
# CHANGELOG | ||
## 6.6.3 2021-07-14 | ||
- Do not show passwords in SMTP transaction logs. All passwords used in logging are replaced by `"/* secret */"` | ||
## 6.6.1 2021-05-23 | ||
@@ -4,0 +8,0 @@ |
@@ -551,2 +551,12 @@ 'use strict'; | ||
'utf-8' | ||
).toString('base64'), | ||
// log entry without passwords | ||
'AUTH PLAIN ' + | ||
Buffer.from( | ||
//this._auth.user+'\u0000'+ | ||
'\u0000' + // skip authorization identity as it causes problems with some servers | ||
this._auth.credentials.user + | ||
'\u0000' + | ||
'/* secret */', | ||
'utf-8' | ||
).toString('base64') | ||
@@ -949,4 +959,5 @@ ); | ||
* @param {String} str String to be sent to the server | ||
* @param {String} logStr Optional string to be used for logging instead of the actual string | ||
*/ | ||
_sendCommand(str) { | ||
_sendCommand(str, logStr) { | ||
if (this._destroyed) { | ||
@@ -966,3 +977,3 @@ // Connection already closed, can't send any more data | ||
}, | ||
(str || '').toString().replace(/\r?\n$/, '') | ||
(logStr || str || '').toString().replace(/\r?\n$/, '') | ||
); | ||
@@ -1426,8 +1437,7 @@ } | ||
let base64decoded = Buffer.from(challengeString, 'base64').toString('ascii'), | ||
hmac_md5 = crypto.createHmac('md5', this._auth.credentials.pass); | ||
hmacMD5 = crypto.createHmac('md5', this._auth.credentials.pass); | ||
hmac_md5.update(base64decoded); | ||
hmacMD5.update(base64decoded); | ||
let hex_hmac = hmac_md5.digest('hex'); | ||
let prepended = this._auth.credentials.user + ' ' + hex_hmac; | ||
let prepended = this._auth.credentials.user + ' ' + hmacMD5.digest('hex'); | ||
@@ -1438,3 +1448,7 @@ this._responseActions.push(str => { | ||
this._sendCommand(Buffer.from(prepended).toString('base64')); | ||
this._sendCommand( | ||
Buffer.from(prepended).toString('base64'), | ||
// hidden hash for logs | ||
Buffer.from(this._auth.credentials.user + ' /* secret */').toString('base64') | ||
); | ||
} | ||
@@ -1484,3 +1498,7 @@ | ||
this._sendCommand(Buffer.from(this._auth.credentials.pass + '', 'utf-8').toString('base64')); | ||
this._sendCommand( | ||
Buffer.from((this._auth.credentials.pass || '').toString(), 'utf-8').toString('base64'), | ||
// Hidden pass for logs | ||
Buffer.from('/* secret */', 'utf-8').toString('base64') | ||
); | ||
} | ||
@@ -1715,3 +1733,7 @@ | ||
}); | ||
this._sendCommand('AUTH XOAUTH2 ' + this._auth.oauth2.buildXOAuth2Token(accessToken)); | ||
this._sendCommand( | ||
'AUTH XOAUTH2 ' + this._auth.oauth2.buildXOAuth2Token(accessToken), | ||
// Hidden for logs | ||
'AUTH XOAUTH2 ' + this._auth.oauth2.buildXOAuth2Token('/* secret */') | ||
); | ||
}); | ||
@@ -1718,0 +1740,0 @@ } |
{ | ||
"name": "nodemailer", | ||
"version": "6.6.2", | ||
"version": "6.6.3", | ||
"description": "Easy as cake e-mail sending from your Node.js applications", | ||
@@ -23,2 +23,4 @@ "main": "lib/nodemailer.js", | ||
"devDependencies": { | ||
"@aws-sdk/client-ses": "3.21.0", | ||
"aws-sdk": "2.945.0", | ||
"bunyan": "1.8.15", | ||
@@ -35,3 +37,3 @@ "chai": "4.3.4", | ||
"libqp": "1.1.0", | ||
"mocha": "9.0.0", | ||
"mocha": "9.0.2", | ||
"nodemailer-ntlm-auth": "1.0.1", | ||
@@ -38,0 +40,0 @@ "proxy": "1.0.2", |
474313
11463
19