Public CI Job Logs on Private Repos

I have logged this as a bounty bug as a security risk and been informed that it has already been reported, however I have no information when or whether it will be fixed. So It’s time to go public with some questions.

You have private Repos showing Job logs as public assets within the Raw format. This is insecure especially considering from time to time logs tend to have secrets appear in them. Wrongly so, but it happens.

Can anyone confirm whether GitLab are intending on making RAW logs private for private repos or whether this is simply a feature of the SaaS option.

I am aware in Self Hosted you can choose your own bucket storage and lock things down that way however SaaS comes very restricted in this area.

Any feedback is welcomed.

Thank you.