[
https://issues.apache.org/jira/browse/MRELEASE-937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Scholte updated MRELEASE-937:
------------------------------------
Description:
Git username and password is being visible during perform section when plugin
tries to commit the file using SCM section repository.
Here is the log.
{noformat}
[INFO] Checking in modified POMs...
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
add -- pom.xml
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
rev-parse --show-toplevel
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
status --porcelain .
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[WARNING] Ignoring unrecognized line: ?? pom.xml.releaseBackup
[WARNING] Ignoring unrecognized line: ?? release.properties
[WARNING] Ignoring unrecognized line: ?? target/
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
commit --verbose -F /tmp/maven-scm-859671901.commit pom.xml
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
symbolic-ref HEAD
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
push
https://releasebot:********@gitlab.something.com/sandbox/data-ingestion-dco.git
refs/heads/master:refs/heads/master
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.856 s (Wall Clock)
[INFO] Finished at: 2016-01-04T08:15:04+00:00
[INFO] Final Memory: 17M/484M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-release-plugin:2.5.3:prepare (default-cli) on
project qubole_python: Unable to commit files
[ERROR] Provider message:
[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] remote: Not Found
[ERROR] fatal: repository
'https://releasebot:abc@1...@gitlab.something.com/sandbox/data-ingestion-dco.git/'
not found
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
{noformat}
So, i can see password "abc@123" here.
I am using maven Apache Maven 3.3.9
tried with maven release plugin 2.5.3 and 2.5.2 both but no luck.
was:
Git username and password is being visible during perform section when plugin
tries to commit the file using SCM section repository.
Here is the log.
[INFO] Checking in modified POMs...
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
add -- pom.xml
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
rev-parse --show-toplevel
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
status --porcelain .
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[WARNING] Ignoring unrecognized line: ?? pom.xml.releaseBackup
[WARNING] Ignoring unrecognized line: ?? release.properties
[WARNING] Ignoring unrecognized line: ?? target/
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
commit --verbose -F /tmp/maven-scm-859671901.commit pom.xml
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
symbolic-ref HEAD
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] Executing: /bin/sh -c cd
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
push
https://releasebot:********@gitlab.something.com/sandbox/data-ingestion-dco.git
refs/heads/master:refs/heads/master
[INFO] Working directory:
/home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.856 s (Wall Clock)
[INFO] Finished at: 2016-01-04T08:15:04+00:00
[INFO] Final Memory: 17M/484M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-release-plugin:2.5.3:prepare (default-cli) on
project qubole_python: Unable to commit files
[ERROR] Provider message:
[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] remote: Not Found
[ERROR] fatal: repository
'https://releasebot:abc@1...@gitlab.something.com/sandbox/data-ingestion-dco.git/'
not found
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
So, i can see password "abc@123" here.
I am using maven Apache Maven 3.3.9
tried with maven release plugin 2.5.3 and 2.5.2 both but no luck.
> Git password is visible if commit fails
> ---------------------------------------
>
> Key: MRELEASE-937
> URL: https://issues.apache.org/jira/browse/MRELEASE-937
> Project: Maven Release Plugin
> Issue Type: Bug
> Components: Git
> Affects Versions: 2.5.2, 2.5.3
> Reporter: vishal sahasrabuddhe
> Priority: Critical
> Labels: security
>
> Git username and password is being visible during perform section when plugin
> tries to commit the file using SCM section repository.
> Here is the log.
> {noformat}
> [INFO] Checking in modified POMs...
> [INFO] Executing: /bin/sh -c cd
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
> add -- pom.xml
> [INFO] Working directory:
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO] Executing: /bin/sh -c cd
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
> rev-parse --show-toplevel
> [INFO] Working directory:
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO] Executing: /bin/sh -c cd
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
> status --porcelain .
> [INFO] Working directory:
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [WARNING] Ignoring unrecognized line: ?? pom.xml.releaseBackup
> [WARNING] Ignoring unrecognized line: ?? release.properties
> [WARNING] Ignoring unrecognized line: ?? target/
> [INFO] Executing: /bin/sh -c cd
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
> commit --verbose -F /tmp/maven-scm-859671901.commit pom.xml
> [INFO] Working directory:
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO] Executing: /bin/sh -c cd
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
> symbolic-ref HEAD
> [INFO] Working directory:
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO] Executing: /bin/sh -c cd
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing && git
> push
> https://releasebot:********@gitlab.something.com/sandbox/data-ingestion-dco.git
> refs/heads/master:refs/heads/master
> [INFO] Working directory:
> /home/releasebot/workspace/data-ingestion-dcos_Release_builder_testing
> [INFO]
> ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Total time: 8.856 s (Wall Clock)
> [INFO] Finished at: 2016-01-04T08:15:04+00:00
> [INFO] Final Memory: 17M/484M
> [INFO]
> ------------------------------------------------------------------------
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-release-plugin:2.5.3:prepare (default-cli) on
> project qubole_python: Unable to commit files
> [ERROR] Provider message:
> [ERROR] The git-push command failed.
> [ERROR] Command output:
> [ERROR] remote: Not Found
> [ERROR] fatal: repository
> 'https://releasebot:abc@1...@gitlab.something.com/sandbox/data-ingestion-dco.git/'
> not found
> [ERROR] -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e
> switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions, please
> read the following articles:
> {noformat}
> So, i can see password "abc@123" here.
> I am using maven Apache Maven 3.3.9
> tried with maven release plugin 2.5.3 and 2.5.2 both but no luck.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
