You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/10/05 08:53:00 UTC
[jira] [Commented] (KARAF-7537) Password displayed in console using repo-list
[ https://issues.apache.org/jira/browse/KARAF-7537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17612906#comment-17612906 ]
ASF subversion and git services commented on KARAF-7537:
--------------------------------------------------------
Commit ecf691da536d4a7932e75621ca9a59ea38cd7385 in karaf's branch refs/heads/main from Jean-Baptiste Onofré
[ https://gitbox.apache.org/repos/asf?p=karaf.git;h=ecf691da53 ]
Merge pull request #1630 from coheigea/coheigea/KARAF-7537
KARAF-7537 - Password displayed in console using repo-list
> Password displayed in console using repo-list
> ---------------------------------------------
>
> Key: KARAF-7537
> URL: https://issues.apache.org/jira/browse/KARAF-7537
> Project: Karaf
> Issue Type: Wish
> Affects Versions: 4.3.7
> Reporter: Colm O hEigeartaigh
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 4.3.8, 4.4.2
>
>
> If you add a feature repository with a user credential, e.g.:
> {code:java}
> repo-add mvn:https://user:password@repo1.maven.org/maven2!org.apache.cxf.karaf/apache-cxf/3.5.3/xml/features {code}
> Then Karaf displays the password in full in the console with:
> {code:java}
> repo-list | grep password
> cxf-3.5.3 │ mvn:https://user:password@repo1.maven.org/maven2!org.apache.cxf.karaf/apache-cxf/3.5.3/xml/features {code}
> For repos that contain a password, it would be more secure if the password was redacted for logging/display purposes.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)