Duplicati e-mail error notification contains password (jottacloud)

Hi, I’ve setup e-mail notifications when my Duplicati backup to Jottacloud fails.
Such an email contains my login credentials for Jottacloud.
I would not expect that this kind of info would end up in an e-mail.
example line (actual credentials removed of course)

  • jottacloud://duplicati-Home?auth-username=MyUserNameLongStringHere&auth-password=MyPasswordLongStringHere-
    This is every time the last line of the e-mail.

Should I create an bug record or is this working as designed (hope not :slight_smile: )

Thanks!

Hello and welcome!

I have not seen Duplicati do this myself. My backup job notification emails do not contain the destination URL.

How have you configured your email notifications? Can you show me all the --send-mail-* options you have configured (of course redact sensitive info).

Hi drwtsn32, thanks foor looking into this.
The options I use and generic info:

  • Duplicati version: 2.0.6.3_beta_2021-06-17

  • OS: Ubuntu 20.04

  • send-mail-any-operation: Selected

  • send-mail-body: %RESULT% - %REMOTEURL%- %volsize%

  • send-mail-level: Error

  • send-mail-log-level: Error

  • send-mail-max-log-lines: 0

  • send-mail-result-output-format: Duplicati

  • send-mail-subject: Duplicati - %PARSEDRESULT% - %OPERATIONNAME% report for %backup-name%
    The other send-mail options contain the info for sending the mail and left out of the above list.

Thanks!

This is why you’re seeing it. The remote URL variable contains sensitive authentication information, so I definitely would not include this in your email notification.

Hi, thanks!
Removed!!