password is exposed in the log of the pipeline

[lwiechec]

It happens even though I have password taken from the variable that I have marked as secret.

Here's the YAML version of the step in my deployment pipeline:

steps:
- task: ms-vscs-rm.apachetomcat.tomcatdeployment-task.TomcatDeployment@1
  displayName: 'Deploy application to a Tomcat server - ew.war'
  inputs:
    TomcatUrl: 'http://tomcat-server'
    Username: '$(TOMCAT_ADMIN_USERNAME)'
    Password: '$(TOMCAT_ADMIN_PASSWORD)'
    Warfile: '$(System.DefaultWorkingDirectory)/_NEDB-NG/ew.war/ew.war'
    Context: /ew

and here are the variables (set in build pipeline):

The deployment step still lists it, along with other curl paramaters: (instead of <EDITED> I can see my password).

2021-11-25T13:46:38.8162892Z ##[section]Starting: Deploy application to a Tomcat server - ew.war
2021-11-25T13:46:38.8171102Z ==============================================================================
2021-11-25T13:46:38.8171444Z Task         : Deploy to Apache Tomcat
2021-11-25T13:46:38.8171685Z Description  : Deploy application to a Tomcat server.
2021-11-25T13:46:38.8171925Z Version      : 1.0.0
2021-11-25T13:46:38.8172140Z Author       : Microsoft Corporation
2021-11-25T13:46:38.8172413Z…admin:<EDITED> -T /home/agent.admin/build-agent/_work/r2/a/_NEDB-NG/ew.war/ew.war http://tomcat-server/manager/text/deploy?path=/ew/&update=true
2021-11-25T13:46:38.9221092Z   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
2021-11-25T13:46:38.9221794Z                                  Dload  Upload   Total   Spent    Left  Speed
2021-11-25T13:46:38.9222092Z 
2021-11-25T13:46:40.7077245Z   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

[lwiechec]

hmm, maybe it happens only when there is an issue with deployment; on successful one I can see now password replaced by asterisks (***)...