maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Maun (JIRA)" <>
Subject [jira] (MRELEASE-846) m2 release plugin exposes SCM password in file
Date Tue, 03 Sep 2013 21:36:52 GMT
Mark Maun created MRELEASE-846:

             Summary: m2 release plugin exposes SCM password in file
                 Key: MRELEASE-846
             Project: Maven Release Plugin
          Issue Type: Bug
            Reporter: Mark Maun

When executing a maven release build using the m2 release plugin in Jenkins a
file is created in the workspace that has the SCM user/password credentials in plain text.
In our jenkins instance this is a problem since we have multiple users with access to release
the same job. The is removed after the release build is successful. If
the release build fails the stays in the workspace until it's manually
deleted. This allows other users to see SCM passwords in our organization if they view the
workspace during a release build or after one fails.
If anyone has viable workarounds/solutions we can use in the meantime that would also be appreciated.

Note I have a ticket open with Jenkins dev but they deferred me here:

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message