It appears that if text output in the pipeline logs match the value of a variable, that variable name is shown in the Logs instead of the text.
This could potentially lead to the discovery of environment variable values through the log.
My repeatable steps:
Deployment Environment Variable:
SOME_VAR with a value of
services: - docker
Example Output Logs:
Step $SOME_VAR/$SOME_VAR2 : From node:$SOME_VAR2.4.0 $SOME_VAR2.4.0: Pulling from library/node ...
Step 1/12 : From node:12.4.0 12.4.0: Pulling from library/node ...
So everywhere in the logs where the number 1 should have been shown, it was being replaced with the environment variable $SOME_VAR since it also had the value of 1