Continuum

Logs should not display scm credentials when adding projects

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.3.3 (Beta)
  • Fix Version/s: 1.3.3 (Beta)
  • Component/s: None
  • Labels:
    None
  • Complexity:
    Intermediate
  • Number of attachments :
    0

Description

SCM credentials should not be displayed in logs when adding Maven 2 projects.

Project url: http://localhost/repos/project/trunk/pom.xml
Username: admin
Password: admin123

The project url displayed in logs is "http://admin:admin123@localhost/repos/project/trunk/pom.xml"

Issue Links

depends upon

Bug - A problem which impairs or prevents the functions of the product. CONTINUUM-1914 Passwords are exposed in continuum.log

  • Critical - Crashes, loss of data, severe memory leak.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Jevica Arianne B. Zurbano added a comment -

Fixed in r767816 continuum-1.3.x branch.

Show
Jevica Arianne B. Zurbano added a comment - Fixed in r767816 continuum-1.3.x branch.
Hide
Permalink
Wendy Smoak added a comment -

Is this a regression in CONTINUUM-1914 ?

From the 'affects' version I assume 1.3.2 does not have this problem. If it does, we need to call it out as a security issue like we did for 1.2.1.

Show
Wendy Smoak added a comment - Is this a regression in CONTINUUM-1914 ? From the 'affects' version I assume 1.3.2 does not have this problem. If it does, we need to call it out as a security issue like we did for 1.2.1.

People

  • Assignee:
    Jevica Arianne B. Zurbano
    Reporter:
    Jevica Arianne B. Zurbano
Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved: