You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by ac...@apache.org on 2020/02/11 06:53:45 UTC

[servicemix] branch master updated: Use HTTPS instead of HTTP to resolve dependencies

This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/servicemix.git


The following commit(s) were added to refs/heads/master by this push:
     new c304fa5  Use HTTPS instead of HTTP to resolve dependencies
     new 894977f  Merge pull request #54 from JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies
c304fa5 is described below

commit c304fa59188d203e64677f3f9c6ab7f819e6e3e6
Author: Jonathan Leitschuh <Jo...@gmail.com>
AuthorDate: Mon Feb 10 19:45:23 2020 -0500

    Use HTTPS instead of HTTP to resolve dependencies
    
    This fixes a security vulnerability in this project where the `pom.xml`
    files were configuring Maven to resolve dependencies over HTTP instead of
    HTTPS.
    
    Signed-off-by: Jonathan Leitschuh <Jo...@gmail.com>
---
 .../apache-servicemix-examples/src/main/filtered-resources/pom.xml      | 2 +-
 assemblies/apache-servicemix/pom.xml                                    | 2 +-
 pom.xml                                                                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/assemblies/apache-servicemix-examples/src/main/filtered-resources/pom.xml b/assemblies/apache-servicemix-examples/src/main/filtered-resources/pom.xml
index 778ef74..5881c6a 100644
--- a/assemblies/apache-servicemix-examples/src/main/filtered-resources/pom.xml
+++ b/assemblies/apache-servicemix-examples/src/main/filtered-resources/pom.xml
@@ -192,7 +192,7 @@
         <repository>
             <id>apache.snapshots</id>
             <name>Apache Snapshot Repository</name>
-            <url>http://repository.apache.org/snapshots</url>
+            <url>https://repository.apache.org/snapshots</url>
             <releases>
                 <enabled>false</enabled>
             </releases>
diff --git a/assemblies/apache-servicemix/pom.xml b/assemblies/apache-servicemix/pom.xml
index 6648f60..5bdc4a8 100644
--- a/assemblies/apache-servicemix/pom.xml
+++ b/assemblies/apache-servicemix/pom.xml
@@ -140,7 +140,7 @@
         <repository>
             <id>com.springsource.repository.bundles.release</id>
             <name>SpringSource Enterprise Bundle Repository - SpringSource Bundle Releases</name>
-            <url>http://repository.springsource.com/maven/bundles/release</url>
+            <url>https://repository.springsource.com/maven/bundles/release</url>
             <releases>
                 <enabled>true</enabled>
             </releases>
diff --git a/pom.xml b/pom.xml
index 662e524..7f0fd9c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -98,7 +98,7 @@
         <pluginRepository>
             <id>apache.snapshots</id>
             <name>Apache Snapshot Repository</name>
-            <url>http://repository.apache.org/snapshots</url>
+            <url>https://repository.apache.org/snapshots</url>
             <releases>
                 <enabled>false</enabled>
             </releases>