Skip to content

EffectiveSettingsMojo.copySettings() does not deep-copy profiles #388

Description

@elharo

In src/main/java/org/apache/maven/plugins/help/EffectiveSettingsMojo.java:156-198:

Only servers and proxies are manually deep-copied. The profiles list is shared with the original via the shallow SettingsUtils.copySettings(). Profiles can contain sensitive data (passwords in properties) that would be exposed if the original settings object is later queried expecting the copy to be isolated.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions