Fix cleartext leak in log

[SpiritCroc]

Type of change

• Feature
• Bugfix
• Technical
• Other :

Content

Motivation and context

Screenshots / GIFs

Tests

• Step 1
• Step 2
• Step ...

Tested devices

• Physical
• Emulator
• OS version(s):

Checklist

• Changes has been tested on an Android device or Android emulator with API 21
• UI change has been tested on both light and dark themes
• Accessibility has been taken into account. See https://github.com/vector-im/element-android/blob/develop/CONTRIBUTING.md#accessibility
• Pull request is based on the develop branch
• Pull request includes a new file under ./changelog.d. See https://github.com/vector-im/element-android/blob/develop/CONTRIBUTING.md#changelog
• Pull request includes screenshots or videos if containing UI changes
• Pull request includes a sign off
• You've made a self review of your PR
• If you have modified the screen flow, or added new screens to the application, you have updated the test UiAllScreensSanityTest.allScreensTest()

Signed-off-by: Tobias Büttner [email protected]

[SpiritCroc]

@bmarty might be good to include as soon as possible, as currently message content can find its way into rageshakes.
Apparently added in v1.4.16: f9dd3b96d6f

[ouchadam]

great catch! will pull into the 1.4.31 release

[jellykells]

No security advisory for this?

[bmarty]

No security advisory for this?

This are Event for verification request, so they should not contains any personal messages. I will ask the security team for a confirmation though.

[ouchadam]

it's also a debug log which requires developer mode enabled -> enable verbose logging

[SpiritCroc]

I've seen personal message content come in from this over rageshake in SchildiChat. The user also claimed to not have "verbose logging" enabled 🤷