Merge commit from fork

Author: samdark

CHANGELOG.md

@@ -5,6 +5,7 @@ Yii Framework 2 redis extension Change Log
 ------------------------
 
 - Bug #270: Prevent null parameter on `mb_strlen` to avoid PHP 8.4 implicity nullable types deprecation (tehmaestro)
+- Bug CVE-2025-48493: Prevent logging `AUTH` parameters when `YII_DEBUG` is off (samdark)
 
 
 2.0.19 February 13, 2025

src/SocketException.php

@@ -15,6 +15,14 @@
  */
 class SocketException extends Exception
 {
+    public function __construct($message = null, $code = 0, \Exception $previous = null)
+    {
+        if (!YII_DEBUG) {
+            $message = preg_replace('~AUTH \S+ \S+~', 'AUTH *** ***', $message);
+        }
+        parent::__construct($message, $code, $previous);
+    }
+
     /**
      * @return string the user-friendly name of this exception
      */