Uploaded image for project: 'Maven SCM'
  1. Maven SCM
  2. SCM-811

m2 release plugin shows SCM git password if fatal occured during git push

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9.4
    • Fix Version/s: 1.9.5
    • Labels:
      None
    • Environment:
      RHEL6, Windows

      Description

      I'm running
      mvn release:prepare -Dusername=myuser -Dpassword=mypassword
      and see lines in output:

      [INFO] Executing: cmd.exe /X /C "git push https://myuser:********@myserver.com:8081/scm/project/project.git refs/heads/master:refs/heads/master"

      but if for some reason git push failed(e.g. I made a mistake typing password) then I see in log

      [ERROR] fatal: unable to access 'https://myuser:mypassword@myserver.com:8081/scm/project/project.git/': SSL certificate problem: self signed certificate in certificate chain

      So I see PLAINTEXT password. As I use this step on Teamcity it causes security problems when someone else can see my password if build failed. I tried both on Linux and Windows machines.

      I use maven-release-plugin version 2.5.3.

      http://stackoverflow.com/questions/33831383/maven-release-plugin-shows-plaintext-password-on-git-push-error

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                olamy Olivier Lamy (*$^¨%`£)
                Reporter:
                ruzovas Vasilii Ruzov
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: