Credentials for remote repository URL leaking in Repository Header
Credentials for remote repertoires are asterisked out in the Remote pull uri field under Repository Settings > Remote Sync. Nice!
However, they are displayed in plain text below the Repository heading, to all users, regardless of role. Please see attached screenshot.
I'm currently running RhodeCode EE 4.19.1.
I would request that they be obfuscated here as well, and would suggest that the clone URL does not need to be a link. Or, could just be a link to the root repository URL, without the credentials.