You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by de...@apache.org on 2020/02/11 06:09:15 UTC

[myfaces] branch master updated: Use HTTPS instead of HTTP to resolve dependencies

This is an automated email from the ASF dual-hosted git repository.

deki pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces.git


The following commit(s) were added to refs/heads/master by this push:
     new ab41c06  Use HTTPS instead of HTTP to resolve dependencies
     new ae4a08f  Merge pull request #83 from JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies
ab41c06 is described below

commit ab41c06620fe1ea280e51773a433f8bb8cac32c1
Author: Jonathan Leitschuh <Jo...@gmail.com>
AuthorDate: Mon Feb 10 19:05:36 2020 -0500

    Use HTTPS instead of HTTP to resolve dependencies
    
    This fixes a security vulnerability in this project where the `pom.xml`
    files were configuring Maven to resolve dependencies over HTTP instead of
    HTTPS.
    
    Signed-off-by: Jonathan Leitschuh <Jo...@gmail.com>
---
 api/pom.xml    | 2 +-
 parent/pom.xml | 2 +-
 pom.xml        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/pom.xml b/api/pom.xml
index 2a1dbde..f4eb59d 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -483,7 +483,7 @@
                 <pluginRepository>
                     <id>java.net.repo</id>
                     <name>java.net repository</name>
-                    <url>http://download.java.net/maven/2/</url>
+                    <url>https://download.java.net/maven/2/</url>
                 </pluginRepository>
             </pluginRepositories>
         </profile>
diff --git a/parent/pom.xml b/parent/pom.xml
index ee450a2..aecec5c 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -513,7 +513,7 @@
         <pluginRepository>
             <id>apache.snapshots.plugin</id>
             <name>Apache Snapshot Repository</name>
-            <url>http://repository.apache.org/snapshots</url>
+            <url>https://repository.apache.org/snapshots</url>
             <releases>
                 <enabled>false</enabled>
             </releases>
diff --git a/pom.xml b/pom.xml
index f7c8917..6db029b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -169,7 +169,7 @@
         <pluginRepository>
             <id>apache.snapshots.plugin</id>
             <name>Apache Snapshot Repository</name>
-            <url>http://repository.apache.org/snapshots</url>
+            <url>https://repository.apache.org/snapshots</url>
             <releases>
                 <enabled>false</enabled>
             </releases>