[ 
https://issues.apache.org/jira/browse/SCM-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17963231#comment-17963231
 ] 

ASF GitHub Bot commented on SCM-811:
------------------------------------

jira-importer opened a new issue, #1043:
URL: https://github.com/apache/maven-scm/issues/1043

   **[Vasilii 
Ruzov](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=ruzovas)** 
opened 
**[SCM-811](https://issues.apache.org/jira/browse/SCM-811?redirect=false)** and 
commented
   
   I'm running
   mvn release:prepare -Dusername=myuser -Dpassword=mypassword
   and see lines in output:
   
   > [INFO] Executing: cmd.exe /X /C "git push 
https://myuser:********`@myserver`.com:8081/scm/project/project.git 
refs/heads/master:refs/heads/master"
   
   but if for some reason git push failed(e.g. I made a mistake typing 
password) then I see in log
   
   > [ERROR] fatal: unable to access 
'https://myuser:[email protected]:8081/scm/project/project.git/': SSL 
certificate problem: self signed certificate in certificate chain
   
   So I see **PLAINTEXT** password. As I use this step on Teamcity it causes 
security problems when someone else can see my password if build failed. I 
tried both on Linux and Windows machines.
   
   I use maven-release-plugin version 2.5.3.
   
   
http://stackoverflow.com/questions/33831383/maven-release-plugin-shows-plaintext-password-on-git-push-error
   
   
   ---
   
   **Affects:** 1.9.4
   
   **Issue Links:**
   - [SCM-817](https://issues.apache.org/jira/browse/SCM-817) Jgit provider 
exposes password if it contains special characters
   
   - [SCM-840](https://issues.apache.org/jira/browse/SCM-840) mvn scm:tag 
reveals SCM git password if fatal occured during git push
   
   - [SCM-874](https://issues.apache.org/jira/browse/SCM-874) ScmResult output 
password masking does not handle multiline text
    (_**"breaks"**_)
   
   **Remote Links:**
   - [GitHub Pull Request #45
   ](https://github.com/apache/maven-scm/pull/45)
   
   0 votes, 8 watchers
   




> m2 release plugin shows SCM git password if fatal occured during git push
> -------------------------------------------------------------------------
>
>                 Key: SCM-811
>                 URL: https://issues.apache.org/jira/browse/SCM-811
>             Project: Maven SCM (Moved to GitHub Issues)
>          Issue Type: Improvement
>          Components: maven-scm-provider-gitexe
>    Affects Versions: 1.9.4
>         Environment: RHEL6, Windows
>            Reporter: Vasilii Ruzov
>            Assignee: Olivier Lamy
>            Priority: Major
>             Fix For: 1.9.5
>
>
> I'm running
> mvn release:prepare -Dusername=myuser -Dpassword=mypassword
> and see lines in output:
> {quote}[INFO] Executing: cmd.exe /X /C "git push 
> https://myuser:********@myserver.com:8081/scm/project/project.git 
> refs/heads/master:refs/heads/master"
> {quote}
> but if for some reason git push failed(e.g. I made a mistake typing password) 
> then I see in log
> {quote}
> [ERROR] fatal: unable to access 
> 'https://myuser:[email protected]:8081/scm/project/project.git/': SSL 
> certificate problem: self signed certificate in certificate chain
> {quote}
> So I see *PLAINTEXT* password. As I use this step on Teamcity it causes 
> security problems when someone else can see my password if build failed. I 
> tried both on Linux and Windows machines.
> I use maven-release-plugin version 2.5.3.
> http://stackoverflow.com/questions/33831383/maven-release-plugin-shows-plaintext-password-on-git-push-error



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to