You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@netbeans.apache.org by sk...@apache.org on 2020/02/11 14:20:14 UTC

[netbeans-mavenutils-nbm-maven-plugin] branch master updated: [SECURITY] Use HTTPS to resolve dependencies in Maven Build (#6)

This is an automated email from the ASF dual-hosted git repository.

skygo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/netbeans-mavenutils-nbm-maven-plugin.git


The following commit(s) were added to refs/heads/master by this push:
     new 8304663  [SECURITY] Use HTTPS to resolve dependencies in Maven Build (#6)
8304663 is described below

commit 83046636ce6846db848f1e4045183b22a076234f
Author: Jonathan Leitschuh <jo...@gmail.com>
AuthorDate: Tue Feb 11 09:20:06 2020 -0500

    [SECURITY] Use HTTPS to resolve dependencies in Maven Build (#6)
    
    * Use HTTPS instead of HTTP to resolve dependencies
    
    This fixes a security vulnerability in this project where the `pom.xml`
    files were configuring Maven to resolve dependencies over HTTP instead of
    HTTPS.
    
    Signed-off-by: Jonathan Leitschuh <Jo...@gmail.com>
    
    Remove reference to netbeans  repository completly
    
    Co-authored-by: Eric Barboni <sk...@apache.org>
---
 src/it/pom.xml | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/src/it/pom.xml b/src/it/pom.xml
index 3baa25e..6bb7eb8 100644
--- a/src/it/pom.xml
+++ b/src/it/pom.xml
@@ -21,18 +21,6 @@ under the License.
     <artifactId>nbm-maven-plugin-it-root</artifactId>
     <version>1.0-SNAPSHOT</version>
     <packaging>pom</packaging>
-    <repositories>
-        <!--
-        Repository hosting NetBeans modules, especially APIs.
-        Versions are based on IDE releases, e.g.: RELEASE691
-        To create your own repository, use: nbm:populate-repository
-        -->
-        <repository>
-            <id>netbeans</id>
-            <name>NetBeans</name>
-            <url>http://bits.netbeans.org/nexus/content/groups/netbeans/</url>
-        </repository>
-    </repositories>
     <build>
         <pluginManagement>
             <plugins>
@@ -61,4 +49,4 @@ under the License.
     <properties>
         <jar.plugin.version>3.0.2</jar.plugin.version>
     </properties>
-</project>
\ No newline at end of file
+</project>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists