github Producdevity/gamehub-lite v5.1.8
GameHub Lite v5.1.8

3 hours ago

Security: Steam token redaction in logs

GameHub Lite 5.1.8 fixes a logging issue where Steam authentication-related values could appear in diagnostic logs.
In some cases, logs could include fields such as steamToken, refreshToken, or accessToken from Steam login/launch flows.

Publicly posted logs containing these fields should be deleted or redacted.

IMPORTANT

This should go without saying but If you find any security issues, please reach out PRIVATELY.
I have not checked if this issue is still present in recent GameHub versions, already ruined my one day off I was spending with my family by the person who reported this publicly and I do not plan on spending any more time on this.

Changelog

The fix adds centralized log redaction for Steam/auth token fields, Steam QR login URLs, JWT-like token strings, and launch command token arguments before logs are written. This covers the app loggers, JavaSteam logging, and the PC launch-log file writer.

This release also pins local patch builds to apktool 2.12.1

Full Changelog: v5.1.7...v5.1.8

Don't miss a new gamehub-lite release

NewReleases is sending notifications on new releases.