Does this plugin still store credentials in plain text?

awslabs / aws-device-farm-jenkins-plugin

Jenkins plugin for AWS Device Farm.

Apache License 2.0

89 stars 66 forks source link

Does this plugin still store credentials in plain text? #112

Open lancehudson opened 3 years ago

lancehudson commented 3 years ago

From what I can tell the fix was committed in https://github.com/awslabs/aws-device-farm-jenkins-plugin/commit/2d8cfe3cdd299c152ca5d13aada51cb69d0fec88, #96 and #95 but the plugin is still showing unsafe according to Jenkins. https://plugins.jenkins.io/aws-device-farm/

Is it still unsafe?

Screen Shot 2021-03-17 at 7 36 53 PM

aristeia commented 3 years ago

Hi there, Thanks for reaching out. The fix was indeed deployed long ago several versions back. We have asked the Jenkins team multiple times to recognize that we fixed this, but still they have not updated the status for us.

Thanks, Jon

kevin-brotcke commented 1 month ago

This issue can be closed. I'm not seeing the warning on the latest version anymore.

Previous Security Warnings Credentials stored in plain text Affects version 1.25 and earlier