New Release v4.6.7: Security Enhancements

[jongpie]

New Security Enhancements

⚠️ For orgs that currently use Nebula Logger & are upgrading to this version, you will need to manually configure the new fields on LoggerSettings__c

• Data masking for log entry messages. Enabled by default, regex-based CMDT rules can be configured to automatically mask sensitive data in the Message__c and RecordJson__c fields. Pre-built rules are included for Visa & Mastercard credit card numbers and social security numbers - additional rules can be configured by creating additional LogEntryDataMaskRule__mdt records.

  • New LoggerSettings__c fields: ApplyDataMaskRules__c and StripInaccessibleRecordFields__c

    

  • New custom metadata type LogEntryDataMaskRule__mdt list view, showing the included rules

    

  • Example log entries with masked data - the 1st two entries shows masked credit card numbers, and the 3rd entry shows a masked social security number

    

• New setting LoggerSettings__c.StripInaccessibleRecordFields__c - Disabled by default, when enabled, any time an SObject record is logged (or a List<SObject> is logged), only fields that the current user can access will be included in the record's JSON. This is useful in orgs where end-users have access to view Log__c and LogEntry__c records.

• LoggerAdmin permission set now has access to all custom metadata types included in the repo.

---

Flow Bugfixes

Fixes 2 Flow-related issues reported by @vr8hub

• Null Record causes error #198 - Made the record & records parameters optional in FlowRecordLogEntry & FlowCollectionLogEntry (respectively) to handle situations where null is passed (e.g., Get Records returns null for no matches, instead of an empty list)
• Log but no entries #199 - Changed field LogEntry__c.FlowDescription__c to a long text area field (instead of text area) and added automatic field-truncation for LogEntry__c inserts

---

Internal Code Optimizations

• Switched to using custom getters for all constants in LogEntryEventBuilder that involve queries - this prevents the queries from executing if logging is disabled for the current user
• Added a private method setTransactionDetails() in LogEntryEventBuilder to defer setting some transactional details until absolutely necessary - this helps minimize heap size/avoid using some of the heap size limit until needed

---

Pipeline & Repo Enhancements

• Enabled some user management settings in scratch definition files
• Added new pipeline step "Code Quality Tests" - currently, it runs prettier:verify for all code in the repo, ESLint for lightning web components, and apex-scanner for PMD rules (implemented by @jamessimone! 🥳)
• Reenabled Codecov.io integration in pipeline
• Made better "install" buttons in README that include the package release numbers

---

This discussion was created from the release Security Enhancements.