GitHub user eddiewebb opened a pull request:
https://github.com/apache/maven-scm/pull/45
Resolves critical security bug SCM-811
This PR addresses https://issues.apache.org/jira/browse/SCM-811 by allowing
the shared ScmResult in the api module to mask known patterns. Covers SVN and
git patterns (which are the ones impacting us and likely most popular).
Includes simple unit test to validate passwords aren't leaked.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/Libertymutual/maven-scm SCM-811
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/maven-scm/pull/45.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #45
----
commit 8785b85e0d6273f88e7bd173c5d59d0e2c1148c2
Author: EDWARD WEBB <[email protected]>
Date: 2016-02-06T14:58:36Z
#resolves SCM-811 by masking command output in ScmResult class used by all
SCM operations
commit 9d009e8f14c0dff99c377b8991bdd59b519f0d33
Author: EDWARD WEBB <[email protected]>
Date: 2016-02-06T15:15:41Z
Simple test for SCM-811 ensures ouptut is masked
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
