Someone sent me a spark report and I noticed that there was a password in the server properties. This turned out to be the RCON password, which is used to connect to the RCON socket.

While this generally won't be a big security concern because probably nobody is exposing that socket to the outside world, in the off-chance it IS exposed somewhere, it would be better to not share that configuration option in reports.

Encourage them to update, this has been fixed already :)

Ah thanks, good to know. If I notice this again Ill tell them +1