[
https://issues.jenkins-ci.org/browse/JENKINS-8524?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
domi resolved JENKINS-8524.
---------------------------
Assignee: domi (was: teilo)
Resolution: Fixed
fixed with version 0.9.0
> maven release build exposes users' username and password
> --------------------------------------------------------
>
> Key: JENKINS-8524
> URL: https://issues.jenkins-ci.org/browse/JENKINS-8524
> Project: Jenkins
> Issue Type: Bug
> Components: m2release
> Affects Versions: current
> Environment: Aplies for all versions so for and other OS's.
> System info:
> Tomcat 5.5
> file.encoding UTF-8
> file.encoding.pkg sun.io
> file.separator /
> java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
> java.awt.headless true
> java.awt.printerjob sun.print.PSPrinterJob
> java.class.version 50.0
> java.naming.factory.initial org.apache.naming.java.javaURLContextFactory
> java.naming.factory.url.pkgs org.apache.naming
> java.runtime.name Java(TM) SE Runtime Environment
> java.runtime.version 1.6.0_16-b01
> java.specification.name Java Platform API Specification
> java.specification.vendor Sun Microsystems Inc.
> java.specification.version 1.6
> java.util.logging.manager org.apache.juli.ClassLoaderLogManager
> java.vendor Sun Microsystems Inc.
> java.vendor.url http://java.sun.com/
> java.vendor.url.bug http://java.sun.com/cgi-bin/bugreport.cgi
> java.version 1.6.0_16
> java.vm.info mixed mode
> java.vm.name Java HotSpot(TM) 64-Bit Server VM
> java.vm.specification.name Java Virtual Machine Specification
> java.vm.specification.vendor Sun Microsystems Inc.
> java.vm.specification.version 1.0
> java.vm.vendor Sun Microsystems Inc.
> java.vm.version 14.2-b01
> line.separator
> os.arch amd64
> os.name Linux
> os.version 2.6.28-11-server
> sun.arch.data.model 64
> sun.cpu.endian little
> sun.cpu.isalist
> sun.io.unicode.encoding UnicodeLittle
> sun.jnu.encoding UTF-8
> sun.management.compiler HotSpot 64-Bit Server Compiler
> sun.os.patch.level unknown
> svnkit.ssh2.persistent false
> tomcat.util.buf.StringCache.byte.enabled true
> user.country US
> user.language en
> user.name hudson
> user.timezone Europe/Amsterdam
> Reporter: whermeling
> Assignee: domi
>
> When you specify a custom username and password to be used in a maven release
> build (using the option 'Specify SCM login/password'), the filled in username
> and password can be read by anyone who can Configure the build. If you run a
> release build and then, while it is still runnning, you configure the build
> plan, the see that the 'Goals and options' have changed to the one which are
> currently used for the release build.
> So in my case this then shows: -Dpassword=*** -Dusername=***
> -Dproject.rel.<groupId>:<artifactId>=<release-version>
> -Dproject.dev.<groupId>:<artifactId>=<development-version> -Dresume=false
> release:prepare release:perform
> It seems the m2 release plugin is using the 'Goals and options' field to
> manage the parameters the release build.
> A workaround could be to mask these credentials in the 'Goals and options'
> fields.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
