A security-related bug was fixed in FTP2. If the KeepSessionLog property was turned on, the password used for authentication was logged to the in-memory SessionLog property. The fix is to instead log “****” in place of the password.