[SCM-811] m2 release plugin shows SCM git password if fatal occured during git push - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.9.4
Fix Version/s: 1.9.5
Component/s: maven-scm-provider-gitexe
Labels:
None
Environment:
RHEL6, Windows

Description

I'm running
mvn release:prepare -Dusername=myuser -Dpassword=mypassword
and see lines in output:

[INFO] Executing: cmd.exe /X /C "git push https://myuser:********@myserver.com:8081/scm/project/project.git refs/heads/master:refs/heads/master"

but if for some reason git push failed(e.g. I made a mistake typing password) then I see in log

[ERROR] fatal: unable to access 'https://myuser:mypassword@myserver.com:8081/scm/project/project.git/': SSL certificate problem: self signed certificate in certificate chain

So I see PLAINTEXT password. As I use this step on Teamcity it causes security problems when someone else can see my password if build failed. I tried both on Linux and Windows machines.

I use maven-release-plugin version 2.5.3.

http://stackoverflow.com/questions/33831383/maven-release-plugin-shows-plaintext-password-on-git-push-error

Attachments

Issue Links

breaks

SCM-874 ScmResult output password masking does not handle multiline text

Closed

is related to

SCM-817 Jgit provider exposes password if it contains special characters

Closed

SCM-840 mvn scm:tag reveals SCM git password if fatal occured during git push

Closed

links to

GitHub Pull Request #45

Activity

People

Assignee:: Olivier Lamy

Reporter:: Vasilii Ruzov

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 23/Nov/15 14:47

Updated:: 17/Mar/18 23:53

Resolved:: 27/May/16 11:13