Permalink
Browse files

ENhanced projects landing page

  • Loading branch information...
eddiewebb committed Feb 21, 2018
1 parent 2105034 commit 5b30582f417ca1dcd1c7cce5647fdaff51954618
@@ -3,4 +3,4 @@ title: "Projects"
sitemap:
priority : 0.9
---
<p>This section contains projects <a href="/projects/creations">created</a> and <a href="/projects/contributions">contbriuted</a> to by Eddie. Everything listed is an open source effort, the distinction is only my role as owner or contributor.</p>
This section contains projects [created](#creations) and [contbriuted](#open-source-contributions) to by Eddie. Everything listed is an open source effort, the distinction is only my role as owner or contributor.
@@ -1,6 +1,7 @@
---
title: "Contributions"
title: "Open Source Contributions"
sitemap:
priority : 0.5
weight: 20
---
<p>A collection of efforts to which I contributed, but did not create. Contributing back to Open Source projects is a strong passion of mine, and requires a considerate approach to learn norms, standards and approach for each community for a successful merge!</p>
@@ -0,0 +1,25 @@
---
title: "Maven SCM Plugin Security Fix"
date: 2018-02-21T14:35:46-05:00
description: "Addressed vulnerability that leaked passwords on failed SVN or git operations."
tags: ["Subversion","git","Maven","Java","Mojo","Security"]
image: ""
contributionUrl: "https://github.com/apache/maven-scm/pull/45"
fact: "Addressed a critical security issue leaking production credentials for anyone using `mvn release:perform`"
weight: 999
sitemap:
priority : 0.5
---

Our software teams use Maven heavily, and it was reported to my central platforms team that certain failed operations were leaking our SCM passwords. Digging in I was able to find the cause in the underlying Maven SCM plugin used by Maven Release Plugin.

```
[ERROR] fatal: unable to access 'https://myuser:mypassword@myserver.com/scm/project/project.git/'
```

I contrubuted a fix that masked the pattern known to nbe passwords, providing test cases to validate that future leaks would not regress into the code base.


```
[ERROR] fatal: unable to access 'https://myuser:****@myserver.com/scm/project/project.git/'
```
@@ -2,5 +2,6 @@
title: "Creations"
sitemap:
priority : 0.5
weight: 10
---
<p>A collection of projects authored by Eddie, and likely shared out with the community as an open source project.</p>

0 comments on commit 5b30582

Please sign in to comment.