github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-03-10 07:43:10 -05:00
Code Issues 308 Packages Projects Releases 100 Wiki Activity

Tag-creation passes potentially sensitive information (conversation tags) to log #2973

New Issue
Closed
opened 2025-11-11 15:18:45 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-11 15:18:45 -06:00
Owner
Copy Link

Originally created by @c-hoffmann on GitHub (Dec 10, 2024).

Installation Method

pip

Environment

  • Open WebUI Version: v0.4.7
  • Ollama (if applicable): n/a
  • Operating System: Server: RHEL9; Client: Win11
  • Browser (if applicable): Firefox 133.0

Confirmation:

  • I have read and followed all the instructions provided in the README.md.
  • (Reason: #7677) I am on the latest version of both Open WebUI and Ollama.
  • (Reason: Not necessary) I have included the browser console logs.
  • (Reason: Docker not used) I have included the Docker container logs.
  • I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below.

Expected Behavior:

I expect sensitive information to not be passed to the log files if logging-level exceeds DEBUG. This includes not logging tags for prompts. While tags can be broad and generic, they can also become sensitive for chats e.g. about health, psychology and so on.

Actual Behavior:

Sensitive information is logged for tag-creation of conversations, even for levels higher than DEBUG (e.g. INFO)

Description

Bug Summary:
On a similar note as #7720, potentially sensitive information is logged for tag-creation of conversations even though that should not be the case. This can reveal users to be chatting about sensitive topics, such as health, mental issues etc.

Reproduction Details

Steps to Reproduce:
Make sure to save the output-log of the running open-webui instance. Start a new conversation (send first prompt) and wait until response was generated.

Logs and Screenshots

Console Logs:

INFO:     10.255.254.35:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEinTK1&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK
INFO:     10.255.254.35:0 - "POST /ws/socket.io/?EIO=4&transport=polling&t=PEinTZM&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK
INFO:     10.255.254.35:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEinTRl&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK
INFO:     10.255.254.35:0 - "POST /api/task/tags/completions HTTP/1.0" 200 OK
[] technology
INFO:     10.255.254.35:0 - "POST /api/v1/chats/505b4f53-812c-4970-bbea-d1dba6e9c687/tags HTTP/1.0" 200 OK
['technology'] software_development
INFO:     10.255.254.35:0 - "POST /api/v1/chats/505b4f53-812c-4970-bbea-d1dba6e9c687/tags HTTP/1.0" 200 OK
['software_development', 'technology'] environment_configuration
INFO:     10.255.254.35:0 - "POST /api/v1/chats/505b4f53-812c-4970-bbea-d1dba6e9c687/tags HTTP/1.0" 200 OK
INFO:     10.255.254.35:0 - "GET /api/v1/chats/505b4f53-812c-4970-bbea-d1dba6e9c687 HTTP/1.0" 200 OK
INFO:     10.255.254.35:0 - "GET /api/v1/chats/all/tags HTTP/1.0" 200 OK
INFO:     10.255.254.35:0 - "GET /api/v1/chats/?page=1 HTTP/1.0" 200 OK
INFO:     10.255.254.35:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEinTZt&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK
INFO:     10.255.254.35:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEinUAO&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK

The problematic lines are:
[] technology

['technology'] software_development

['software_development', 'technology'] environment_configuration

Second example

INFO:     10.31.108.32:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEgPW64&sid=jdQBRPIEO_8g7Q_JAAAC HTTP/1.0" 200 OK
INFO:     10.31.108.32:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEgPW62&sid=ErQ1AZlXDyBBzHBNAAAI HTTP/1.0" 200 OK
INFO:     10.31.108.32:0 - "POST /api/task/tags/completions HTTP/1.0" 200 OK
[] psychologie/sexualität
INFO:     10.31.108.32:0 - "POST /api/v1/chats/3286f9a2-b401-4646-bb6a-72bb70e1e307/tags HTTP/1.0" 200 OK
['psychologie/sexualität'] beziehungen/ethik
INFO:     10.31.108.32:0 - "POST /api/v1/chats/3286f9a2-b401-4646-bb6a-72bb70e1e307/tags HTTP/1.0" 200 OK
['psychologie/sexualität', 'beziehungen/ethik'] selbstentdeckung/selbstausdruck
INFO:     10.31.108.32:0 - "POST /api/v1/chats/3286f9a2-b401-4646-bb6a-72bb70e1e307/tags HTTP/1.0" 200 OK
INFO:     10.31.108.32:0 - "GET /api/v1/chats/3286f9a2-b401-4646-bb6a-72bb70e1e307 HTTP/1.0" 200 OK
INFO:     10.31.108.32:0 - "GET /api/v1/chats/all/tags HTTP/1.0" 200 OK
INFO:     10.31.108.32:0 - "GET /api/v1/chats/?page=1 HTTP/1.0" 200 OK
INFO:     10.31.108.32:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEgPWLu&sid=jdQBRPIEO_8g7Q_JAAAC HTTP/1.0" 200 OK
INFO:     10.31.108.32:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEgPWLs&sid=ErQ1AZlXDyBBzHBNAAAI HTTP/1.0" 200 OK

Additional Information

I see this result both if no environment-variables for logging have been explicitly set via .env OR if every LOG_LEVEL was set to "INFO" explicitly.

Originally created by @c-hoffmann on GitHub (Dec 10, 2024). ## Installation Method pip ## Environment - **Open WebUI Version:** v0.4.7 - **Ollama (if applicable):** n/a - **Operating System:** Server: RHEL9; Client: Win11 - **Browser (if applicable):** Firefox 133.0 **Confirmation:** - [X] I have read and followed all the instructions provided in the README.md. - [ ] (Reason: #7677) I am on the latest version of both Open WebUI and Ollama. - [ ] (Reason: Not necessary) I have included the browser console logs. - [ ] (Reason: Docker not used) I have included the Docker container logs. - [X] I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below. ## Expected Behavior: I expect sensitive information to not be passed to the log files if [logging-level exceeds DEBUG](https://docs.openwebui.com/getting-started/advanced-topics/logging/#application-serverbackend-logging). This includes not logging tags for prompts. While tags can be broad and generic, they can also become sensitive for chats e.g. about health, psychology and so on. ## Actual Behavior: Sensitive information is logged for tag-creation of conversations, even for levels higher than DEBUG (e.g. INFO) ## Description **Bug Summary:** On a similar note as #7720, potentially sensitive information is logged for tag-creation of conversations even though that should not be the case. This can reveal users to be chatting about sensitive topics, such as health, mental issues etc. ## Reproduction Details **Steps to Reproduce:** Make sure to save the output-log of the running open-webui instance. Start a new conversation (send first prompt) and wait until response was generated. ## Logs and Screenshots **Console Logs:** ``` INFO: 10.255.254.35:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEinTK1&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK INFO: 10.255.254.35:0 - "POST /ws/socket.io/?EIO=4&transport=polling&t=PEinTZM&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK INFO: 10.255.254.35:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEinTRl&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK INFO: 10.255.254.35:0 - "POST /api/task/tags/completions HTTP/1.0" 200 OK [] technology INFO: 10.255.254.35:0 - "POST /api/v1/chats/505b4f53-812c-4970-bbea-d1dba6e9c687/tags HTTP/1.0" 200 OK ['technology'] software_development INFO: 10.255.254.35:0 - "POST /api/v1/chats/505b4f53-812c-4970-bbea-d1dba6e9c687/tags HTTP/1.0" 200 OK ['software_development', 'technology'] environment_configuration INFO: 10.255.254.35:0 - "POST /api/v1/chats/505b4f53-812c-4970-bbea-d1dba6e9c687/tags HTTP/1.0" 200 OK INFO: 10.255.254.35:0 - "GET /api/v1/chats/505b4f53-812c-4970-bbea-d1dba6e9c687 HTTP/1.0" 200 OK INFO: 10.255.254.35:0 - "GET /api/v1/chats/all/tags HTTP/1.0" 200 OK INFO: 10.255.254.35:0 - "GET /api/v1/chats/?page=1 HTTP/1.0" 200 OK INFO: 10.255.254.35:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEinTZt&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK INFO: 10.255.254.35:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEinUAO&sid=kyYLrZ5Bu9G9HtB9AAAA HTTP/1.0" 200 OK ``` The problematic lines are: `[] technology` `['technology'] software_development` `['software_development', 'technology'] environment_configuration` **Second example** ``` INFO: 10.31.108.32:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEgPW64&sid=jdQBRPIEO_8g7Q_JAAAC HTTP/1.0" 200 OK INFO: 10.31.108.32:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEgPW62&sid=ErQ1AZlXDyBBzHBNAAAI HTTP/1.0" 200 OK INFO: 10.31.108.32:0 - "POST /api/task/tags/completions HTTP/1.0" 200 OK [] psychologie/sexualität INFO: 10.31.108.32:0 - "POST /api/v1/chats/3286f9a2-b401-4646-bb6a-72bb70e1e307/tags HTTP/1.0" 200 OK ['psychologie/sexualität'] beziehungen/ethik INFO: 10.31.108.32:0 - "POST /api/v1/chats/3286f9a2-b401-4646-bb6a-72bb70e1e307/tags HTTP/1.0" 200 OK ['psychologie/sexualität', 'beziehungen/ethik'] selbstentdeckung/selbstausdruck INFO: 10.31.108.32:0 - "POST /api/v1/chats/3286f9a2-b401-4646-bb6a-72bb70e1e307/tags HTTP/1.0" 200 OK INFO: 10.31.108.32:0 - "GET /api/v1/chats/3286f9a2-b401-4646-bb6a-72bb70e1e307 HTTP/1.0" 200 OK INFO: 10.31.108.32:0 - "GET /api/v1/chats/all/tags HTTP/1.0" 200 OK INFO: 10.31.108.32:0 - "GET /api/v1/chats/?page=1 HTTP/1.0" 200 OK INFO: 10.31.108.32:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEgPWLu&sid=jdQBRPIEO_8g7Q_JAAAC HTTP/1.0" 200 OK INFO: 10.31.108.32:0 - "GET /ws/socket.io/?EIO=4&transport=polling&t=PEgPWLs&sid=ErQ1AZlXDyBBzHBNAAAI HTTP/1.0" 200 OK ``` ## Additional Information I see this result both if no environment-variables for logging have been explicitly set via .env OR if every LOG_LEVEL was set to "INFO" explicitly.
GiteaMirror commented 2025-11-11 15:18:46 -06:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Dec 10, 2024):

Removed in dev!

@tjbck commented on GitHub (Dec 10, 2024): Removed in dev!
GiteaMirror commented 2025-11-11 15:18:46 -06:00
Author
Owner
Copy Link

@The-LittleTeapot commented on GitHub (Nov 4, 2025):

You log the entire conversation in the debug logs. the "messages" are available for all. And are also annoying to parse.

@The-LittleTeapot commented on GitHub (Nov 4, 2025): You log the entire conversation in the debug logs. the "messages" are available for all. And are also annoying to parse.
GiteaMirror commented 2025-11-11 15:18:46 -06:00
Author
Owner
Copy Link

@Classic298 commented on GitHub (Nov 4, 2025):

@The-LittleTeapot that's the entire point if set to debug.

Debug should not be used in production - debug is meant for debugging so it should log the entire message content.

@Classic298 commented on GitHub (Nov 4, 2025): @The-LittleTeapot that's the entire point if set to debug. Debug should not be used in production - debug is meant for debugging so it should log the entire message content.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#2973
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?