[ https://issues.jenkins-ci.org/browse/JENKINS-8524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
domi resolved JENKINS-8524. --------------------------- Assignee: domi (was: teilo) Resolution: Fixed fixed with version 0.9.0 > maven release build exposes users' username and password > -------------------------------------------------------- > > Key: JENKINS-8524 > URL: https://issues.jenkins-ci.org/browse/JENKINS-8524 > Project: Jenkins > Issue Type: Bug > Components: m2release > Affects Versions: current > Environment: Aplies for all versions so for and other OS's. > System info: > Tomcat 5.5 > file.encoding UTF-8 > file.encoding.pkg sun.io > file.separator / > java.awt.graphicsenv sun.awt.X11GraphicsEnvironment > java.awt.headless true > java.awt.printerjob sun.print.PSPrinterJob > java.class.version 50.0 > java.naming.factory.initial org.apache.naming.java.javaURLContextFactory > java.naming.factory.url.pkgs org.apache.naming > java.runtime.name Java(TM) SE Runtime Environment > java.runtime.version 1.6.0_16-b01 > java.specification.name Java Platform API Specification > java.specification.vendor Sun Microsystems Inc. > java.specification.version 1.6 > java.util.logging.manager org.apache.juli.ClassLoaderLogManager > java.vendor Sun Microsystems Inc. > java.vendor.url http://java.sun.com/ > java.vendor.url.bug http://java.sun.com/cgi-bin/bugreport.cgi > java.version 1.6.0_16 > java.vm.info mixed mode > java.vm.name Java HotSpot(TM) 64-Bit Server VM > java.vm.specification.name Java Virtual Machine Specification > java.vm.specification.vendor Sun Microsystems Inc. > java.vm.specification.version 1.0 > java.vm.vendor Sun Microsystems Inc. > java.vm.version 14.2-b01 > line.separator > os.arch amd64 > os.name Linux > os.version 2.6.28-11-server > sun.arch.data.model 64 > sun.cpu.endian little > sun.cpu.isalist > sun.io.unicode.encoding UnicodeLittle > sun.jnu.encoding UTF-8 > sun.management.compiler HotSpot 64-Bit Server Compiler > sun.os.patch.level unknown > svnkit.ssh2.persistent false > tomcat.util.buf.StringCache.byte.enabled true > user.country US > user.language en > user.name hudson > user.timezone Europe/Amsterdam > Reporter: whermeling > Assignee: domi > > When you specify a custom username and password to be used in a maven release > build (using the option 'Specify SCM login/password'), the filled in username > and password can be read by anyone who can Configure the build. If you run a > release build and then, while it is still runnning, you configure the build > plan, the see that the 'Goals and options' have changed to the one which are > currently used for the release build. > So in my case this then shows: -Dpassword=*** -Dusername=*** > -Dproject.rel.<groupId>:<artifactId>=<release-version> > -Dproject.dev.<groupId>:<artifactId>=<development-version> -Dresume=false > release:prepare release:perform > It seems the m2 release plugin is using the 'Goals and options' field to > manage the parameters the release build. > A workaround could be to mask these credentials in the 'Goals and options' > fields. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira