Continuum

Logs should not display scm credentials when adding projects

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.3.3 (Beta)
  • Fix Version/s: 1.3.3 (Beta)
  • Component/s: None
  • Labels:
    None
  • Complexity:
    Intermediate
  • Number of attachments :
    0

Description

SCM credentials should not be displayed in logs when adding Maven 2 projects.

Project url: http://localhost/repos/project/trunk/pom.xml
Username: admin
Password: admin123

The project url displayed in logs is "http://admin:admin123@localhost/repos/project/trunk/pom.xml"

Issue Links

This issue depends upon:
CONTINUUM-1914 Passwords are exposed in continuum.log Critical Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Jevica Arianne B. Zurbano added a comment -

Fixed in r767816 continuum-1.3.x branch.

Show
Jevica Arianne B. Zurbano added a comment - Fixed in r767816 continuum-1.3.x branch.
Hide
Permalink
Wendy Smoak added a comment -

Is this a regression in CONTINUUM-1914 ?

From the 'affects' version I assume 1.3.2 does not have this problem. If it does, we need to call it out as a security issue like we did for 1.2.1.

Show
Wendy Smoak added a comment - Is this a regression in CONTINUUM-1914 ? From the 'affects' version I assume 1.3.2 does not have this problem. If it does, we need to call it out as a security issue like we did for 1.2.1.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.