libinput 1.29-rc3 is out but this one is a brown paper bag release. A mixup of #if and #ifdef caused events to be debug-logged even if the meson option for it was disabled.
This means passwords may have leaked into your system logs if debug-logging was enabled. See the below link for more details but the TLDR is mutter/wlroots not affected, kwin/Xorg maybe but unlikely.
Either way, if you're on rc1 or rc2, upgrade now. 1.28.x not affected.
https://gitlab.freedesktop.org/libinput/libinput/-/releases/1.28.903