Unintended information disclosure in the Hubot Log files

Dear Rocket.Chat Team While inspecting our logs I noticed, that the OAuth Tokens are leaked in plaintext in the logs. I wanted to draw your attention to this, as this is a security vulnerability. See the attached Screenshot for a redacted log excerpt. In my opinion, the best approach here would be to substitute all tokens for a placeholder. Server and Version: (We are running Rocket.Chat in a Docker Container) +---------------------------------------------------------+ | SERVER RUNNING | +---------------------------------------------------------+ | | | Rocket.Chat Version: 4.1.0 | | NodeJS Version: 12.22.1 - x64 | | MongoDB Version: 4.2.17 | | MongoDB Engine: wiredTiger | | Platform: linux | | Process Port: 3000 | | | | ReplicaSet OpLog: Enabled | | Commit Hash: 0da143cd13 | | Commit Branch: HEAD | | | +---------------------------------------------------------+ ## Impact Depending on the Token full control of the Systems, that the tokens grant access to. ## Fixed in 4.6.4>