Vasilii Ruzov created MRELEASE-931: -------------------------------------- Summary: m2 release plugin shows SCM git password if fatal occured during git push Key: MRELEASE-931 URL: https://issues.apache.org/jira/browse/MRELEASE-931 Project: Maven Release Plugin Issue Type: Bug Affects Versions: 2.5.3 Environment: RHEL6, Windows Reporter: Vasilii Ruzov
I'm running mvn release:prepare -Dusername=myuser -Dpassword=mypassword and see lines in output: {quote}[INFO] Executing: cmd.exe /X /C "git push https://myuser:********@myserver.com:8081/scm/project/project.git refs/heads/master:refs/heads/master" {quote} but if for some reason git push failed(e.g. I made a mistake typing password) then I see in log {quote} [ERROR] fatal: unable to access 'https://myuser:mypassw...@myserver.com:8081/scm/project/project.git/': SSL certificate problem: self signed certificate in certificate chain {quote} So I see *PLAINTEXT* password. As I use this step on Teamcity it causes security problems when someone else can see my password if build failed. I tried both on Linux and Windows machines. I use maven-release-plugin version 2.5.3. http://stackoverflow.com/questions/33831383/maven-release-plugin-shows-plaintext-password-on-git-push-error -- This message was sent by Atlassian JIRA (v6.3.4#6332)