NuGetV2: avoid revealing password also if more than one source is defined #1357

Merged
merged 1 commit into from Jan 8, 2016

Conversation

Projects
None yet
3 participants
@cdrnet
Member

cdrnet commented Jan 8, 2016

Minor regression on the fix from #1238 to protect personal passwords from being revealed in logs and the shell. In case of multiple sources it fell back to the original unprocessed sources and thus bypass the ToString override.

@cdrnet cdrnet changed the title from Security: NuGetV2: avoid revealing password also if more than one source is defined to NuGetV2: avoid revealing password also if more than one source is defined Jan 8, 2016

@forki

This comment has been minimized.

Show comment
Hide comment
@forki

forki Jan 8, 2016

Member

ouch. thx

Member

forki commented Jan 8, 2016

ouch. thx

forki added a commit that referenced this pull request Jan 8, 2016

Merge pull request #1357 from cdrnet/dont-leak-password2
NuGetV2: avoid revealing password also if more than one source is defined

@forki forki merged commit 82b396e into fsprojects:master Jan 8, 2016

0 of 2 checks passed

continuous-integration/appveyor/pr Waiting for AppVeyor build to complete
Details
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
@cdrnet

This comment has been minimized.

Show comment
Hide comment
@cdrnet

cdrnet Jan 8, 2016

Member

Great, thanks!

Member

cdrnet commented Jan 8, 2016

Great, thanks!

@cdrnet cdrnet deleted the cdrnet:dont-leak-password2 branch Jan 8, 2016

@Vilmir

This comment has been minimized.

Show comment
Hide comment
@Vilmir

Vilmir Jan 12, 2016

Thanks for solving this! We are then going to adopt Paket in our company 👍

Vilmir commented Jan 12, 2016

Thanks for solving this! We are then going to adopt Paket in our company 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment