What steps will reproduce the problem? 1. Any failed login will print the backtrace which will also expose passwords in clear-text.

What version of the product are you using? On what operating system? v 2.5.19 on Ubuntu 14.04 LTS.

Please provide PHP error log and any additional information below. I could try to track down where the authentication calls are being made and try to catch it there, but that wouldn't necessarily catch all instances. By suppressing this in the general handler it will catch all of them. Note that simply setting an ignoredKeys value doesn't help as the backtrace may have the password as an argument to a function and it will not be suppressible.

This is a bigger issue when LDAP is enabled as the authentication may fail for reasons other than incorrect user/password and cause the exposure of possibly enterprise-wide passwords in the logs.

Finally, thanks for such a great app.

Good point, thanks for the patch. Will be in next release.

Included in .21 release