Security Notice - Temporal logs the Airbyte database password in plaintext

Hello Airbyte Community!

A community member flagged that Temporal, the workflow management tool that Airbyte uses, has a default setting that logs database passwords in plaintext.

In Airbyte’s case, the password that is being logged in plaintext is the database password of your instance of the Airbyte application. These logs are only accessible to users who have access to the temporal instance logs of your Airbyte deployment.

No credentials or secrets of connectors, user data, or user credentials are being logged in plaintext. This issue only affects Airbyte OSS users. Airbyte Cloud users are not affected.

A fix has been made and release v0.40.15 includes this change.

We recommend updating to this version as soon as possible and also scrubbing your application logs.