Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-28790

Sonar database credentials in build console output not masked since LTS version 1.596.3

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • core
    • Jenkins LTS 1.596.3 / 1.609.1 / 1.609.2 / 1.609.3
      SonarQube plugin version 2.2.1
      Windows 2012 R2
      Java 8
      Browser FireFox

      When using Jenkins LTS version 1.596.3 / 1.609.1 / 1.609.2 / 1.609.3 we've noticed that the passwords from Sonar builds in the buildlog weren't masked anymore but showed as plain text.
      After we downgraded Jenkins to version 1.596.2 the passwords were masked again.
      I've tested several versions of the SonarQube plugin but that didn't had any effect, therefor it seems to be a Jenkins related issue.

          [JENKINS-28790] Sonar database credentials in build console output not masked since LTS version 1.596.3

          Jan-Jaap Spijkerman created issue -

          Daniel Beck added a comment -

          Are all plugins also the same version between 1.596.2/1.596.3?

          Daniel Beck added a comment - Are all plugins also the same version between 1.596.2/1.596.3?

          Daniel Beck added a comment -

          Are these 'Maven top-level target' build steps in Maven or Freestyle projects? Or what kind of project/build step is affected?

          Daniel Beck added a comment - Are these 'Maven top-level target' build steps in Maven or Freestyle projects? Or what kind of project/build step is affected?

          Can you post surrounding build log lines (with your password erased of course) so we can investigate?

          Oliver Gondža added a comment - Can you post surrounding build log lines (with your password erased of course) so we can investigate?

          All plugin versions used remained the same.
          Here is a part of the logging:

          [xxx_xxxxx-xxxxx-xxxxx_sonar] $ D:\Buildtools\Apache_Maven\Apache-Maven-3.2.5\bin\mvn.bat -f D:\Jenkins_Slave1\workspace\xxx_xxxxx-xxxxx-xxxxx_sonar\pom.xml -e -B xxxxx:xxxxx -Dsonar.jdbc.url=jdbc:jtds:sqlserver://xxxxx;databaseName=xxxxx;SelectMethod=Cursor xxxxx xxxxx -Dsonar.host.url=http://xxxxx.xxxxx.xx:9000 xxxxx xxxxx
          [INFO] Error stacktraces are turned on.
          [INFO] Scanning for projects...

          Jan-Jaap Spijkerman added a comment - All plugin versions used remained the same. Here is a part of the logging: [xxx_xxxxx-xxxxx-xxxxx_sonar] $ D:\Buildtools\Apache_Maven\Apache-Maven-3.2.5\bin\mvn.bat -f D:\Jenkins_Slave1\workspace\xxx_xxxxx-xxxxx-xxxxx_sonar\pom.xml -e -B xxxxx:xxxxx -Dsonar.jdbc.url=jdbc:jtds:sqlserver://xxxxx;databaseName=xxxxx;SelectMethod=Cursor xxxxx xxxxx -Dsonar.host.url= http://xxxxx.xxxxx.xx:9000 xxxxx xxxxx [INFO] Error stacktraces are turned on. [INFO] Scanning for projects...
          Jan-Jaap Spijkerman made changes -
          Description Original: When using version 1.596.3 and 1.609.1 of Jenkins we noticed that the passwords by Sonar builds weren't masked anymore but showed as plain text.
          After we downgraded Jenkins to version 1.596.2 again the passwords were masked again.
          I've tested several version of the SonarQube plugin but that didn't had any effect, therefor it seems to be a Jenkins related issue.
          New: When using version 1.596.3 or 1.609.1 of Jenkins we noticed that the passwords by Sonar builds in the buildlog weren't masked anymore but showed as plain text.
          After we downgraded Jenkins to version 1.596.2 the passwords were masked again.
          I've tested several versions of the SonarQube plugin but that didn't had any effect, therefor it seems to be a Jenkins related issue.
          Jan-Jaap Spijkerman made changes -
          Labels New: jenkins sonar sonar-plugin
          Jan-Jaap Spijkerman made changes -
          Environment Original: Jenkins 1.596.3 and 1.609.1
          SonarQube plugin version 2.2.1
          Windows 2012 R2
          Java 8
          Browser FireFox
          New: Jenkins LTS 1.596.3 / 1.609.1 / 1.609.2 / 1.609.3
          SonarQube plugin version 2.2.1
          Windows 2012 R2
          Java 8
          Browser FireFox
          Jan-Jaap Spijkerman made changes -
          Description Original: When using version 1.596.3 or 1.609.1 of Jenkins we noticed that the passwords by Sonar builds in the buildlog weren't masked anymore but showed as plain text.
          After we downgraded Jenkins to version 1.596.2 the passwords were masked again.
          I've tested several versions of the SonarQube plugin but that didn't had any effect, therefor it seems to be a Jenkins related issue.
          New: When using Jenkins LTS version 1.596.3 / 1.609.1 / 1.609.2 / 1.609.3 we've noticed that the passwords from Sonar builds in the buildlog weren't masked anymore but showed as plain text.
          After we downgraded Jenkins to version 1.596.2 the passwords were masked again.
          I've tested several versions of the SonarQube plugin but that didn't had any effect, therefor it seems to be a Jenkins related issue.
          Jan-Jaap Spijkerman made changes -
          Summary Original: Passwords in build console output not masked since LTS version 1.596.3 New: Sonar database credentials in build console output not masked since LTS version 1.596.3

            escoem Emilio Escobar
            janjaap Jan-Jaap Spijkerman
            Votes:
            7 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: