This release contains a fix for a bug where auth tokens would, under the following circumstances, be logged to stdout:
The auth token was passed as a command line argument to Sentry CLI (via --auth-token)
The log level was set to info or debug
The default log level is warn, so users using the default log level were unaffected by this bug
We now redact the --auth-token argument and anything else that looks like it might be an auth token when logging the arguments that the Sentry CLI was called with (see #2115 and #2118 for details).
Other fixes & improvements
ref(token): Use secrecy crate to store auth token (#2116) by szokeasaurusrex
fix: Improve "project not found" message (#2112) by szokeasaurusrex
fix: Improve "release not found" message (#2112) by szokeasaurusrex
Fall back to co-location heuristic if sourcemap url appears remote (#1871) by brettdh
fix(sourcebundle): Skip non-UTF8 files (#2109) by loewenheim
Bumps plugin-build/sentry-cli.properties from 2.33.0 to 2.33.1.
Auto-generated by a dependency updater.
Changelog
2.33.1
Security fix
This release contains a fix for a bug where auth tokens would, under the following circumstances, be logged to
stdout:--auth-token)infoordebugwarn, so users using the default log level were unaffected by this bugWe now redact the
--auth-tokenargument and anything else that looks like it might be an auth token when logging the arguments that the Sentry CLI was called with (see #2115 and #2118 for details).Other fixes & improvements