[KARAF-7537] Password displayed in console using repo-list - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Wish
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 4.3.7
Fix Version/s: 4.3.8, 4.4.2
Component/s: None
Labels:
None

Target Version/s:

4.3.8, 4.4.2

Description

If you add a feature repository with a user credential, e.g.:

repo-add mvn:https://user:password@repo1.maven.org/maven2!org.apache.cxf.karaf/apache-cxf/3.5.3/xml/features

Then Karaf displays the password in full in the console with:

 repo-list | grep password
cxf-3.5.3                         │ mvn:https://user:password@repo1.maven.org/maven2!org.apache.cxf.karaf/apache-cxf/3.5.3/xml/features

For repos that contain a password, it would be more secure if the password was redacted for logging/display purposes.

Attachments

Issue Links

links to

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/Aug/22 10:58

Updated:: 05/Oct/22 08:53

Resolved:: 05/Oct/22 08:53