When executing a maven release build using the m2 release plugin a release.properties file is created in the workspace that has the SCM user/password credentials in plain text. In our jenkins instance this is a problem since we have multiple users with access to release the same job. The release.properties is removed after the release build is successful. If the release build fails the release.properties stays in the workspace until it's manually deleted. This allows other users to see SCM passwords in our organization if they view the workspace during a release build or after one fails.

This issue is similar to another bug that was resolved in a previous version 0.9.0: https://issues.jenkins-ci.org/browse/JENKINS-8524

If anyone has viable workarounds/solutions we can use in the meantime that would also be appreciated.