GHSA-H3Q2-8WHX-C29H `goreleaser release --debug` shows secrets

Summary Hello 👋 goreleaser release --debug log shows secret values used in the in the custom publisher. How to reproduce the issue: - Define a custom publisher as the one below. Make sure to provide a custom script to the cmd field and to provide a secret to env .goreleaser.yml publishers: - name...

PT-2024-1505 · Unknown · Goreleaser

Name of the Vulnerable Software and Affected Versions: GoReleaser versions prior to 1.24.0 Description: The issue is related to information disclosure through log files. When using a custom publisher with goreleaser release --debug, secret values used in the custom publisher are printed to the lo...