You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by sh...@apache.org on 2020/02/11 17:06:56 UTC
[logging-log4j-audit] branch master updated: Use HTTPS instead of
HTTP to resolve dependencies
This is an automated email from the ASF dual-hosted git repository.
shadow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/logging-log4j-audit.git
The following commit(s) were added to refs/heads/master by this push:
new 0ed6953 Use HTTPS instead of HTTP to resolve dependencies
new 9c90c42 Merge pull request #23 from JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies
0ed6953 is described below
commit 0ed69539396d26c724fda4d8a509ac293000d63a
Author: Jonathan Leitschuh <Jo...@gmail.com>
AuthorDate: Mon Feb 10 19:05:27 2020 -0500
Use HTTPS instead of HTTP to resolve dependencies
This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.
Signed-off-by: Jonathan Leitschuh <Jo...@gmail.com>
---
log4j-catalog/log4j-catalog-jpa/pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/log4j-catalog/log4j-catalog-jpa/pom.xml b/log4j-catalog/log4j-catalog-jpa/pom.xml
index 4574fe3..e3032cc 100644
--- a/log4j-catalog/log4j-catalog-jpa/pom.xml
+++ b/log4j-catalog/log4j-catalog-jpa/pom.xml
@@ -247,14 +247,14 @@
<repositories>
<repository>
<id>com.ethlo.eclipselink.tools</id>
- <url>http://ethlo.com/maven</url>
+ <url>https://ethlo.com/maven</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>com.ethlo.eclipselink.tools</id>
- <url>http://ethlo.com/maven</url>
+ <url>https://ethlo.com/maven</url>
</pluginRepository>
</pluginRepositories>