Vasilii Ruzov created MRELEASE-931:
--------------------------------------
Summary: m2 release plugin shows SCM git password if fatal occured
during git push
Key: MRELEASE-931
URL: https://issues.apache.org/jira/browse/MRELEASE-931
Project: Maven Release Plugin
Issue Type: Bug
Affects Versions: 2.5.3
Environment: RHEL6, Windows
Reporter: Vasilii Ruzov
I'm running
mvn release:prepare -Dusername=myuser -Dpassword=mypassword
and see lines in output:
{quote}[INFO] Executing: cmd.exe /X /C "git push
https://myuser:********@myserver.com:8081/scm/project/project.git
refs/heads/master:refs/heads/master"
{quote}
but if for some reason git push failed(e.g. I made a mistake typing password)
then I see in log
{quote}
[ERROR] fatal: unable to access
'https://myuser:mypassw...@myserver.com:8081/scm/project/project.git/': SSL
certificate problem: self signed certificate in certificate chain
{quote}
So I see *PLAINTEXT* password. As I use this step on Teamcity it causes
security problems when someone else can see my password if build failed. I
tried both on Linux and Windows machines.
I use maven-release-plugin version 2.5.3.
http://stackoverflow.com/questions/33831383/maven-release-plugin-shows-plaintext-password-on-git-push-error
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
