[jira] [Closed] (MRELEASE-928) exposing the password for SCM URL if build failed to commit files to SCM

Fri, 16 Feb 2018 11:08:34 -0800 

     [ 
https://issues.apache.org/jira/browse/MRELEASE-928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Scholte closed MRELEASE-928.
-----------------------------------
       Resolution: Fixed
         Assignee: Robert Scholte
    Fix Version/s: 3.0.0

For maven-release-plugin 3.0.0 the scm libraries will be upgraded, which will 
contain the fix for SCM-811.

> exposing the password for SCM URL if build failed to commit files to SCM
> ------------------------------------------------------------------------
>
>                 Key: MRELEASE-928
>                 URL: https://issues.apache.org/jira/browse/MRELEASE-928
>             Project: Maven Release Plugin
>          Issue Type: Bug
>          Components: Git, prepare, scm
>    Affects Versions: 2.5.2, 2.5.3
>            Reporter: vishal sahasrabuddhe
>            Assignee: Robert Scholte
>            Priority: Critical
>              Labels: security
>             Fix For: 3.0.0
>
>
> Hi,
>   When we run the release prepare and perform, if it fails to commit files 
> due to any reason (tag exist, wrong passwd, wrong URL etc), it exposes the 
> password along with error, here is the sample log.
> [ERROR] Failed to execute goal 
> org.apache.maven.plugins:maven-release-plugin:2.5.3:prepare (default-cli) on 
> project device: Unable to commit files
> [ERROR] Provider message:
> [ERROR] The git-push command failed.
> [ERROR] Command output:
> [ERROR] remote: Not Found
> [ERROR] fatal: repository 
> 'https://bot:bot123@gitlab.<something>.com/sandbox1/device.git/' not found
> [ERROR] -> [Help 1]
> [ERROR] 
> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e 
> switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR] 
> [ERROR] For more information about the errors and possible solutions, please 
> read the following articles:
> [ERROR] [Help 1] 
> http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
> I have tested with other types of error to like tag exist, and found similar 
> error message with exposed password with error.
> My SCM is git
> maven version is Apache Maven 3.2.5
> -Vishal



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to