Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8524

maven release build exposes users' username and password


    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: m2release-plugin
    • Labels:
    • Environment:
    • Similar Issues:


      When you specify a custom username and password to be used in a maven release build (using the option 'Specify SCM login/password'), the filled in username and password can be read by anyone who can Configure the build. If you run a release build and then, while it is still runnning, you configure the build plan, the see that the 'Goals and options' have changed to the one which are currently used for the release build.

      So in my case this then shows: -Dpassword=*** -Dusername=*** -Dproject.rel.<groupId>:<artifactId>=<release-version> -Dproject.dev.<groupId>:<artifactId>=<development-version> -Dresume=false release:prepare release:perform

      It seems the m2 release plugin is using the 'Goals and options' field to manage the parameters the release build.

      A workaround could be to mask these credentials in the 'Goals and options' fields.


          Issue Links


            whermeling whermeling created issue -
            teilo James Nord made changes -
            Field Original Value New Value
            Link This issue duplicates JENKINS-8572 [ JENKINS-8572 ]
            domi Dominik Bartholdi made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Assignee teilo [ teilo ] domi [ domi ]
            Resolution Fixed [ 1 ]
            teilo James Nord made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 138634 ] JNJira + In-Review [ 204837 ]


              • Assignee:
                domi Dominik Bartholdi
                whermeling whermeling
              • Votes:
                4 Vote for this issue
                3 Start watching this issue


                • Created: