Error Logs Password in Plaintext

[ertyu]

Found the following in logs/errors.log after encountering an error logging in, with the username and password logged in plaintext. The underlying error was a library mismatch with php after upgrade.
But it should never log passwords, and certainly not in plaintext. Should add this was with 1.6.1.

[07-Jul-2023 14:35:24 UTC] PHP Fatal error:  Uncaught Error: Undefined constant "INTL_IDNA_VARIANT_UTS46" in /usr/local/www/roundcube/program/lib/Roundcube/rcube_utils.php:1153
Stack trace:
#0 /usr/local/www/roundcube/program/lib/Roundcube/rcube_utils.php(1117): rcube_utils::idn_convert('localhost', true)
#1 /usr/local/www/roundcube/program/include/rcmail.php(761): rcube_utils::idn_to_ascii('localhost')
#2 /usr/local/www/roundcube/index.php(119): rcmail->login('<USERNAME>', '<PASSWORD>', 'localhost', true)
#3 {main}
  thrown in /usr/local/www/roundcube/program/lib/Roundcube/rcube_utils.php on line 1153

[ertyu]

On further reflection this is probably generic PHP error dump, but something should be done to avoid this output.

[alecpl]

Missing php-intl extension.

[alecpl]

Actually, I'll leave this open as a request for passwords protection.

[alecpl]

On PHP >= 8.2 we have https://www.php.net/manual/en/class.sensitiveparameter.php, as it is just a comment it's backward compatible code.

[phaelax]

Is this still an issue? I'm uncertain of the version my host is using but have noticed my password in the error log from the stack trace. The errors were from Aug '23.

#5 /usr/local/cpanel/base/3rdparty/roundcube/program/lib/Roundcube/rcube_imap.php(172): rcube_imap_generic->connect('localhost', '<EMAIL>', '<PASSWORD>', Array)
#6 /usr/local/cpanel/base/3rdparty/roundcube/program/lib/Roundcube/rcube_imap.php(248): rcube_imap->connect('localhost', '<EMAIL>', '<PASSWORD>', 143, false)