elharo opened a new issue, #388:
URL: https://github.com/apache/maven-help-plugin/issues/388

   In 
src/main/java/org/apache/maven/plugins/help/EffectiveSettingsMojo.java:156-198:
   
   Only servers and proxies are manually deep-copied. The profiles list is 
shared with the original via the shallow SettingsUtils.copySettings(). Profiles 
can contain sensitive data (passwords in properties) that would be exposed if 
the original settings object is later queried expecting the copy to be isolated.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to