[
https://issues.apache.org/jira/browse/SCM-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17963231#comment-17963231
]
ASF GitHub Bot commented on SCM-811:
------------------------------------
jira-importer opened a new issue, #1043:
URL: https://github.com/apache/maven-scm/issues/1043
**[Vasilii
Ruzov](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=ruzovas)**
opened
**[SCM-811](https://issues.apache.org/jira/browse/SCM-811?redirect=false)** and
commented
I'm running
mvn release:prepare -Dusername=myuser -Dpassword=mypassword
and see lines in output:
> [INFO] Executing: cmd.exe /X /C "git push
https://myuser:********`@myserver`.com:8081/scm/project/project.git
refs/heads/master:refs/heads/master"
but if for some reason git push failed(e.g. I made a mistake typing
password) then I see in log
> [ERROR] fatal: unable to access
'https://myuser:[email protected]:8081/scm/project/project.git/': SSL
certificate problem: self signed certificate in certificate chain
So I see **PLAINTEXT** password. As I use this step on Teamcity it causes
security problems when someone else can see my password if build failed. I
tried both on Linux and Windows machines.
I use maven-release-plugin version 2.5.3.
http://stackoverflow.com/questions/33831383/maven-release-plugin-shows-plaintext-password-on-git-push-error
---
**Affects:** 1.9.4
**Issue Links:**
- [SCM-817](https://issues.apache.org/jira/browse/SCM-817) Jgit provider
exposes password if it contains special characters
- [SCM-840](https://issues.apache.org/jira/browse/SCM-840) mvn scm:tag
reveals SCM git password if fatal occured during git push
- [SCM-874](https://issues.apache.org/jira/browse/SCM-874) ScmResult output
password masking does not handle multiline text
(_**"breaks"**_)
**Remote Links:**
- [GitHub Pull Request #45
](https://github.com/apache/maven-scm/pull/45)
0 votes, 8 watchers
> m2 release plugin shows SCM git password if fatal occured during git push
> -------------------------------------------------------------------------
>
> Key: SCM-811
> URL: https://issues.apache.org/jira/browse/SCM-811
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Improvement
> Components: maven-scm-provider-gitexe
> Affects Versions: 1.9.4
> Environment: RHEL6, Windows
> Reporter: Vasilii Ruzov
> Assignee: Olivier Lamy
> Priority: Major
> Fix For: 1.9.5
>
>
> I'm running
> mvn release:prepare -Dusername=myuser -Dpassword=mypassword
> and see lines in output:
> {quote}[INFO] Executing: cmd.exe /X /C "git push
> https://myuser:********@myserver.com:8081/scm/project/project.git
> refs/heads/master:refs/heads/master"
> {quote}
> but if for some reason git push failed(e.g. I made a mistake typing password)
> then I see in log
> {quote}
> [ERROR] fatal: unable to access
> 'https://myuser:[email protected]:8081/scm/project/project.git/': SSL
> certificate problem: self signed certificate in certificate chain
> {quote}
> So I see *PLAINTEXT* password. As I use this step on Teamcity it causes
> security problems when someone else can see my password if build failed. I
> tried both on Linux and Windows machines.
> I use maven-release-plugin version 2.5.3.
> http://stackoverflow.com/questions/33831383/maven-release-plugin-shows-plaintext-password-on-git-push-error
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
