You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@brooklyn.apache.org by tb...@apache.org on 2020/02/11 09:01:56 UTC

[brooklyn-server] branch master updated: Use HTTPS instead of HTTP to resolve dependencies

This is an automated email from the ASF dual-hosted git repository.

tbouron pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git


The following commit(s) were added to refs/heads/master by this push:
     new dc2cff6  Use HTTPS instead of HTTP to resolve dependencies
     new fd87f86  Merge pull request #1086 from JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies
dc2cff6 is described below

commit dc2cff61101fc25b6a68d7caa49b3d5b637bdaeb
Author: Jonathan Leitschuh <Jo...@gmail.com>
AuthorDate: Mon Feb 10 19:05:39 2020 -0500

    Use HTTPS instead of HTTP to resolve dependencies
    
    This fixes a security vulnerability in this project where the `pom.xml`
    files were configuring Maven to resolve dependencies over HTTP instead of
    HTTPS.
    
    Signed-off-by: Jonathan Leitschuh <Jo...@gmail.com>
---
 karaf/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/karaf/pom.xml b/karaf/pom.xml
index cd26a10..e0a3328 100644
--- a/karaf/pom.xml
+++ b/karaf/pom.xml
@@ -163,7 +163,7 @@
     <repository>
       <id>servicemix</id>
       <name>Apache ServiceMix Repository</name>
-      <url>http://svn.apache.org/repos/asf/servicemix/m2-repo</url>
+      <url>https://svn.apache.org/repos/asf/servicemix/m2-repo</url>
       <releases>
         <enabled>true</enabled>
       </releases>