• Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • gradle-plugin
    • None

      Adding a password type parameter to a build causes that password to be passed to gradle like this:

      -Dpassword=mySecret

      This is fine, but the password should be obfuscated with ***** in the logs. I suspect this line is wrong https://github.com/jenkinsci/gradle-plugin/blob/master/src/main/java/hudson/plugins/gradle/Gradle.java#L215 and I know other jenkins plugins handle this properly, but I'm not sure of the exact fix.

          [JENKINS-15457] Passwords leaked in logs

          aristedes created issue -
          Gregory Boissinot made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 146213 ] New: JNJira + In-Review [ 185430 ]

            gbois Gregory Boissinot
            aristedes aristedes
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: