Giters

getzep / zep

Zep: Long-Term Memory for ‍AI Assistants.

Home Page:https://docs.getzep.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] Zep Admin console leaks database password

jmkinard opened this issue · comments

commented

Describe the bug
The postgres password is incorrectly redacted from the DSN on the Settings page of the Zep Admin dashboard

To Reproduce
Visit the Settings page of the admin dashboard; the database password is visible at Store.Postgres.DSN

See this go playground for a minimal reproduction: https://go.dev/play/p/LTKmPmFcVMh

Expected behavior
The settings page should not display the database password

Logs
N/A

Environment (please complete the following information):

  • Zep version: v0.21.0
  • Zep SDK and version: N/A
  • Deployment: K8S

Additional context
Suggested fix: in the regex, move the case-insensitive flag out of the first group to avoid making it a non-capturing group:

`(?i)(postgres://[^:]+:)([^@]+)`

See this go playground for a minimal reproduction: https://go.dev/play/p/LTKmPmFcVMh

commented

Thanks for reporting!

@ellipsis-dev fix

commented

This has been resolved in v0.22.0. Thanks again for reporting the issue!