Howdy Mirko, Yes, SecDispatcher 1.x/2.x had a TON of issues, and received another TON of improvements in Maven 4 :) Some of changes are explained here: https://cstamas.org/blog/2024/09/handling-sensitive-data-in-maven/
The problem of this plugin, and sadly many other plugins, was that they opted for direct use of SecDispatcher that was never meant to be exposed in Maven 3 The official API was always this (introduced along with SecDispatcher core library): https://github.com/apache/maven/tree/629fd749e59a679809c86eb26d554520e4de3a78/maven-settings-builder/src/main/java/org/apache/maven/settings/crypto As explained above, Maven 4 fixes many if not all the Maven 3 password encryption issues, and still provides "backward" compatibility for Maven 3 plugins. So that api mentioned above should work with Maven4, while direct use of SecDispatcher will not work anymore. Simplest fix (as SecDispatcher went from 2.x to 4.x and is not compatible) is to not use it directly (as was the original intention): https://github.com/fabric8io/docker-maven-plugin/pull/1848 HTH Tamas On Tue, Dec 31, 2024 at 5:25 PM Mirko Friedenhagen <[email protected]> wrote: > > Hi, > > I see that SecDispatcher now stems from another location, unfortunately this > breaks fabric8io’s docker-maven-plugin. I have a small reproducer here: > > https://github.com/fabric8io/docker-maven-plugin/issues/1845 > > I would appreciate any hints how to fix this. > > > Mit freundlichen Grüßen > Mirko Friedenhagen > — > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
