PropertySourcesPropertyResolver currently logs all values it finds (at level "debug"). This is problematic since some values can be of sensitive nature (e.g. passwords) and some systems have requirements to never log such information.
The safest way to fix this is to modify PropertySourcesPropertyResolver to never log property values at all.
Leaving a hook (like the current logKeyFound) could still be useful for users that would like to — for whatever reason — override this new default behaviour.
As of 4.3.3, we defensively log a simpler message, just including the key and the source but not the retrieved value anymore. logKeyFound can be overridden to change that format back to a message which includes the value.