Our software teams use Maven heavily, and it was reported to my central platforms team that certain failed operations were leaking our SCM passwords. Digging in I was able to find the cause in the underlying Maven SCM plugin used by Maven Release Plugin.
[ERROR] fatal: unable to access 'https://myuser:email@example.com/scm/project/project.git/'
I contrubuted a fix that masked the pattern known to nbe passwords, providing test cases to validate that future leaks would not regress into the code base.
[ERROR] fatal: unable to access 'https://myuser:****@myserver.com/scm/project/project.git/'
Project link: https://github.com/apache/maven-scm/pull/45