elharo opened a new issue, #388: URL: https://github.com/apache/maven-help-plugin/issues/388
In src/main/java/org/apache/maven/plugins/help/EffectiveSettingsMojo.java:156-198: Only servers and proxies are manually deep-copied. The profiles list is shared with the original via the shallow SettingsUtils.copySettings(). Profiles can contain sensitive data (passwords in properties) that would be exposed if the original settings object is later queried expecting the copy to be isolated. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
