From 9b4218036906bd72d51be3b6168f2fe600c8c507 Mon Sep 17 00:00:00 2001
From: Julian Nadeau <julian@jnadeau.ca>
Date: Tue, 30 May 2017 14:50:07 -0400
Subject: [PATCH] Remove environment from parse_error

Environment hash can contain headers, parameters, and much more about the request
This unfortunately means that we may be logging authentication credentials, such as basic auth
And a lot more without the users' knowledge.

This only happens during a log to stderr, but it is still worth noting.
---
 lib/puma/events.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/puma/events.rb b/lib/puma/events.rb
index c91d313b..10b80270 100644
--- a/lib/puma/events.rb
+++ b/lib/puma/events.rb
@@ -91,8 +91,7 @@ module Puma
     # parsing exception.
     #
     def parse_error(server, env, error)
-      @stderr.puts "#{Time.now}: HTTP parse error, malformed request (#{env[HTTP_X_FORWARDED_FOR] || env[REMOTE_ADDR]}): #{error.inspect}"
-      @stderr.puts "#{Time.now}: ENV: #{env.inspect}\n---\n"
+      @stderr.puts "#{Time.now}: HTTP parse error, malformed request (#{env[HTTP_X_FORWARDED_FOR] || env[REMOTE_ADDR]}): #{error.inspect}\n---\n"
     end
 
     # An SSL error has occurred.