You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/10/05 08:53:00 UTC

[jira] [Commented] (KARAF-7537) Password displayed in console using repo-list

    [ https://issues.apache.org/jira/browse/KARAF-7537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17612906#comment-17612906 ] 

ASF subversion and git services commented on KARAF-7537:
--------------------------------------------------------

Commit ecf691da536d4a7932e75621ca9a59ea38cd7385 in karaf's branch refs/heads/main from Jean-Baptiste Onofré
[ https://gitbox.apache.org/repos/asf?p=karaf.git;h=ecf691da53 ]

Merge pull request #1630 from coheigea/coheigea/KARAF-7537

KARAF-7537 - Password displayed in console using repo-list

> Password displayed in console using repo-list
> ---------------------------------------------
>
>                 Key: KARAF-7537
>                 URL: https://issues.apache.org/jira/browse/KARAF-7537
>             Project: Karaf
>          Issue Type: Wish
>    Affects Versions: 4.3.7
>            Reporter: Colm O hEigeartaigh
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 4.3.8, 4.4.2
>
>
> If you add a feature repository with a user credential, e.g.:
> {code:java}
> repo-add mvn:https://user:password@repo1.maven.org/maven2!org.apache.cxf.karaf/apache-cxf/3.5.3/xml/features {code}
> Then Karaf displays the password in full in the console with:
> {code:java}
>  repo-list | grep password
> cxf-3.5.3                         │ mvn:https://user:password@repo1.maven.org/maven2!org.apache.cxf.karaf/apache-cxf/3.5.3/xml/features {code}
> For repos that contain a password, it would be more secure if the password was redacted for logging/display purposes.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)