2.33.1
5aaf7c1
This commit was signed with the committer’s verified signature.
szokeasaurusrex
Daniel Szoke
Security fix
This release contains a fix for a bug where auth tokens would, under the following circumstances, be logged to stdout:
- The auth token was passed as a command line argument to Sentry CLI (via
--auth-token) - The log level was set to
infoordebug- The default log level is
warn, so users using the default log level were unaffected by this bug
- The default log level is
We now redact the --auth-token argument and anything else that looks like it might be an auth token when logging the arguments that the Sentry CLI was called with (see #2115 and #2118 for details).
Other fixes & improvements
- ref(token): Use secrecy crate to store auth token (#2116) by @szokeasaurusrex
- fix: Improve "project not found" message (#2112) by @szokeasaurusrex
- fix: Improve "release not found" message (#2112) by @szokeasaurusrex
- Fall back to co-location heuristic if sourcemap url appears remote (#1871) by @brettdh
- fix(sourcebundle): Skip non-UTF8 files (#2109) by @loewenheim
Contributors
brettdh, loewenheim, and szokeasaurusrex