New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolves critical security bug SCM-811 #45

Merged
merged 3 commits into from May 27, 2016

Conversation

Projects
None yet
3 participants
@eddiewebb
Copy link
Contributor

eddiewebb commented Feb 6, 2016

This PR addresses https://issues.apache.org/jira/browse/SCM-811 by allowing the shared ScmResult in the api module to mask known patterns. Covers SVN and git patterns (which are the ones impacting us and likely most popular).

Includes simple unit test to validate passwords aren't leaked.

import org.apache.maven.scm.provider.ScmUrlUtils;

/**
* @author <a href="mailto:dennisl@apache.org">Dennis Lundberg</a>

This comment has been minimized.

@olamy

olamy May 27, 2016

Member

well I'm not sure about the author tag content

This comment has been minimized.

@eddiewebb

eddiewebb May 27, 2016

Contributor

Whoops . I'll clean that up

This comment has been minimized.

@eddiewebb

eddiewebb May 27, 2016

Contributor

removed.

@asfgit asfgit merged commit 59cd5d3 into apache:master May 27, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment