From b6a385dfb2bc1e565bb5c0f5ddf6cdc5796a95df Mon Sep 17 00:00:00 2001
From: Carl Littke <carl.littke@gmail.com>
Date: Fri, 27 Apr 2018 14:10:40 +0200
Subject: [PATCH] Stop logging value of METEOR_SETTINGS when it is not valid
 JSON. (#9843)

In many production systems logs from the application will be forwarded to various logging systems, sometimes third party ones. All credentials in your settings will be leaked if you have any errors in your json.

Feature request can be found here
https://github.com/meteor/meteor-feature-requests/issues/293.
---
 packages/meteor/server_environment.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/meteor/server_environment.js b/packages/meteor/server_environment.js
index 362e3595a9..5832fce170 100644
--- a/packages/meteor/server_environment.js
+++ b/packages/meteor/server_environment.js
@@ -21,7 +21,7 @@ if (process.env.METEOR_SETTINGS) {
   try {
     Meteor.settings = JSON.parse(process.env.METEOR_SETTINGS);
   } catch (e) {
-    throw new Error("METEOR_SETTINGS are not valid JSON: " + process.env.METEOR_SETTINGS);
+    throw new Error("METEOR_SETTINGS are not valid JSON.");
   }
 }