[ https://issues.apache.org/jira/browse/SCM-811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15303911#comment-15303911 ]
ASF GitHub Bot commented on SCM-811: ------------------------------------ Github user eddiewebb commented on a diff in the pull request: https://github.com/apache/maven-scm/pull/45#discussion_r64887559 --- Diff: maven-scm-api/src/test/java/org/apache/maven/scm/ScmResultTest.java --- @@ -0,0 +1,47 @@ +package org.apache.maven.scm; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import junit.framework.TestCase; +import org.apache.maven.scm.provider.ScmUrlUtils; + +/** + * @author <a href="mailto:denn...@apache.org">Dennis Lundberg</a> --- End diff -- Whoops . I'll clean that up > m2 release plugin shows SCM git password if fatal occured during git push > ------------------------------------------------------------------------- > > Key: SCM-811 > URL: https://issues.apache.org/jira/browse/SCM-811 > Project: Maven SCM > Issue Type: Improvement > Components: maven-scm-provider-git > Affects Versions: 1.9.4 > Environment: RHEL6, Windows > Reporter: Vasilii Ruzov > Assignee: Olivier Lamy (*$^¨%`£) > Fix For: 1.9.5 > > > I'm running > mvn release:prepare -Dusername=myuser -Dpassword=mypassword > and see lines in output: > {quote}[INFO] Executing: cmd.exe /X /C "git push > https://myuser:********@myserver.com:8081/scm/project/project.git > refs/heads/master:refs/heads/master" > {quote} > but if for some reason git push failed(e.g. I made a mistake typing password) > then I see in log > {quote} > [ERROR] fatal: unable to access > 'https://myuser:mypassw...@myserver.com:8081/scm/project/project.git/': SSL > certificate problem: self signed certificate in certificate chain > {quote} > So I see *PLAINTEXT* password. As I use this step on Teamcity it causes > security problems when someone else can see my password if build failed. I > tried both on Linux and Windows machines. > I use maven-release-plugin version 2.5.3. > http://stackoverflow.com/questions/33831383/maven-release-plugin-shows-plaintext-password-on-git-push-error -- This message was sent by Atlassian JIRA (v6.3.4#6332)