1Password for Mac Beta 7.2.3-Beta-3 and 7.2.3-Beta-4 (both released December 3) fixed and mitigated a security issue present from 7.2.3-Beta-0 (released November 2).
If you are still using any of 1Password for Mac 7.2.3 BETAs 0, 1, or 2, update to the latest beta immediately. Otherwise, there is no action you need to take.
Under some circumstances, the affected betas could have written some secrets to local log files. 7.2.3-Beta-3 fixed the logging bug, and 7.2.3-Beta-4 removes the relevant log files. Our notice about CVE-2018-19863 contains more details.
The bug we fixed was a serious error, which I do no wish to play down. However, I also want to make it clear that the damage from it is limited
OK. So now that you know why not to worry, I'll summarize what the bug did and what our fixes do.
The affected 1Password for Mac Betas would sometimes locally log information coming from Safari. So, for example, if you manually entered a username and password into a web form in Safari, then those details (including the password) may have been written to disk on your own machine.
Because secrets may be been saved on users' disks in logs, we wanted the opportunity to remove the logs before making this issue public.
Quoting from our article,
Those who want to verify that no secrets remain in log files may inspect the content of any files in the folder:
These log files are not typically included in most backups.