The Gradle plugin-publish plugin has revealed a security vulnerability, known as an "Insertion of Sensitive Information" vulnerability, which displays sensitive information in the log file when publishing a pre-signed AWS URL to the plugin. An attacker could potentially use this URL to replace a recently uploaded plugin with a malicious package. To mitigate this issue, Gradle released a new version of the publish plugin that reduces the log level of the URL and shortened the lifespan of the pre-signed URL, advising users to update to version 0.11.0 and avoid running Gradle with --debug log level. The vulnerability affects all versions below 0.11.0, and it is considered very dangerous to lower the log level when logs are publicly visible.