Security Issue on Forge

jamonation at jamonation at
Wed Nov 3 15:58:20 UTC 2010

Hash: SHA1

Hi All,

The new Continuum builder at is currently running daily builds of the Infusion Builder tool. Part of the Continuum build process passes arguments to Ant, which then substitutes them into the build.xml file, which is used to package and deploy the Infusion builder.

In examining how that build process works, I noticed that the Infusion Builder project page in Continuum had the MySQL user name and password exposed. As far as I can tell, that has been the case since the builder was first setup. I am not sure who oversaw that process.

At the moment all arguments to Ant have been removed so the daily build will fail. I will work with Justin and Cindy, or whomever else needs to be involved to resolve the issue, but the builder must be offline until the issue can be resolved.

In the future, for any new Continuum build or changes to existing ones, please check with either myself or Armin to ensure that vital information is not exposed to the world.

Regards, Jamon
Version: GnuPG v1.4.10 (GNU/Linux)


More information about the fluid-work mailing list