Uploaded image for project: 'Maven Release Plugin'
  1. Maven Release Plugin
  2. MRELEASE-766

release:prepare stores settings.xml in a public directory

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.2
    • Fix Version/s: 2.4.2
    • Component/s: prepare
    • Labels:
      None

      Description

      The fix for MRELEASE-577 involves copying settings.xml into a temporary directory. On a shared machine, it's possible that users have passwords configured in this file. Although they should probably have used settings-security.xml some will have set file permissions to prevent other users from reading their settings.

      If a build fails the file can be behind in /tmp.

      The copy should either be set to world-unreadable before any contents are written or created in a non-public location.

        Attachments

          Activity

            People

            • Assignee:
              rfscholte Robert Scholte
              Reporter:
              joewalton Joseph Walton
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: