vishal sahasrabuddhe created MRELEASE-928:
---------------------------------------------
Summary: exposing the password for SCM URL if build failed to
commit files to SCM
Key: MRELEASE-928
URL: https://issues.apache.org/jira/browse/MRELEASE-928
Project: Maven Release Plugin
Issue Type: Bug
Components: Git, prepare, scm
Affects Versions: 2.5.3, 2.5.2
Reporter: vishal sahasrabuddhe
Priority: Critical
Hi,
When we run the release prepare and perform, if it fails to commit files due
to any reason (tag exist, wrong passwd, wrong URL etc), it exposes the password
along with error, here is the sample log.
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-release-plugin:2.5.3:prepare (default-cli) on
project device: Unable to commit files
[ERROR] Provider message:
[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] remote: Not Found
[ERROR] fatal: repository
'https://bot:bot123@gitlab.<something>.com/sandbox1/device.git/' not found
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
I have tested with other types of error to like tag exist, and found similar
error message with exposed password with error.
My SCM is git
maven version is Apache Maven 3.2.5
-Vishal
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
