sec: sanitize identity token from events (#24966)

* bug: sanitize identity token from events * add changelog
2026-01-01 16:05:42 +03:00 · 2025-01-28 10:57:06 -05:00
parent 7a450f5499
commit bfcbe83ab5
2 changed files with 4 additions and 1 deletions
--- a/.changelog/24966.txt
+++ b/.changelog/24966.txt
@@ -0,0 +1,3 @@
+```release-note:security
+api: sanitize the SignedIdentities in allocations of events to clean the identity token.
+```
--- a/nomad/state/events.go
+++ b/nomad/state/events.go
@@ -341,7 +341,7 @@ func eventFromChange(change memdb.Change) (structs.Event, bool) {
 			FilterKeys: filterKeys,
 			Namespace:  after.Namespace,
 			Payload: &structs.AllocationEvent{
-				Allocation: alloc,
+				Allocation: alloc.Sanitize(),
 			},
 		}, true
 	case "jobs":