[jira] [Commented] (MNG-8416) Regression: settings-security.xml doesn't trim master password

Tamas Cservenak (Jira) Mon, 09 Dec 2024 03:01:28 -0800


    [ 
https://issues.apache.org/jira/browse/MNG-8416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17904105#comment-17904105
 ]


Tamas Cservenak commented on MNG-8416:
--------------------------------------

This is plexus-sec-dispatcher issue 
https://github.com/codehaus-plexus/plexus-sec-dispatcher/issues/80

> Regression: settings-security.xml doesn't trim master password
> --------------------------------------------------------------
>
>                 Key: MNG-8416
>                 URL: https://issues.apache.org/jira/browse/MNG-8416
>             Project: Maven
>          Issue Type: Bug
>    Affects Versions: 4.0.0-beta-5, 4.0.0-rc-1
>            Reporter: Lenny Primak
>            Priority: Critical
>
> In earlier versions, the following syntax would work in settings-security.xml:
> {code:java}
> <settingsSecurity>
>   <master>
>     {XXXXX}
>   </master>
> </settingsSecurity> {code}
> However, in the new security mechanism, whitespace around the curly braces 
> isn't trimmed, resulting in all encrypted passwords failing to decrypt



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (MNG-8416) Regression: settings-security.xml doesn't trim master password

Reply via email to