This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize MessageTemplate
and incorporate user-provided data into templates.
The identified vulnerability has been remedied in fix #2509 and will be included in versions released after 2.1.3. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability.
A temporary workaround involves filtering underscores before incorporating user input into the message template.