-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SVN passwords leaked into maven log #96
Comments
This also happens to me when using version 1.4, although it only happens to some of our team members. |
I've changed to even better solution, not using that plugin at all. Apparently the developers doesn't care about security. How many other bugs you introduce to your build pipeline by using such a plugin that provides actually no important functionality? |
Hi @llech, In contrast to Apache software, the mojohaus software is not being maintained under the oversight of a foundation, but most developers are also Apache committers. I'll see what can be done here, though. Best regards, |
@llech @gerevesi I found this commit: Maybe this plugin just needs an update. |
The SVN passwords are leaked into the log in version 1.4.
My plugin configuration:
org.codehaus.mojo buildnumber-maven-plugin validate create false trueThe log content:
[INFO] --- buildnumber-maven-plugin:1.4:create (default) @ project ---
[INFO] Executing: /bin/sh -c cd '/home/build/tmp/project' && 'svn' '--username' 'svn-user' '--password''*****' '' '--no-auth-cache' '--non-interactive' 'update' '/home/build/tmp/project'
Runtime environment: JRE 1.8, Ubuntu 18.04, script run inside docker image. Maven flags: -B (batch-mode).
The bug was introduced in 1.4, downgrading to 1.3 has solved the issue.
The text was updated successfully, but these errors were encountered: