You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by sl...@apache.org on 2020/02/11 07:39:07 UTC
[maven] 01/01: Use HTTPS instead of HTTP to resolve dependencies
This is an automated email from the ASF dual-hosted git repository.
slachiewicz pushed a commit to branch pr/323
in repository https://gitbox.apache.org/repos/asf/maven.git
commit a5c2d97124c460f2ed623b0cbef6b7631ffcfcae
Author: Jonathan Leitschuh <Jo...@gmail.com>
AuthorDate: Mon Feb 10 19:45:26 2020 -0500
Use HTTPS instead of HTTP to resolve dependencies
This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.
Signed-off-by: Jonathan Leitschuh <Jo...@gmail.com>
Closes #323
---
.../resources-project-builder/complete-model/w-parent/sub/pom.xml | 6 +++---
.../test/resources-project-builder/complete-model/wo-parent/pom.xml | 6 +++---
.../id-container-joining-with-empty-elements/pom.xml | 2 +-
.../src/test/resources-project-builder/multiple-repos/pom.xml | 2 +-
.../src/test/resources-project-builder/multiple-repos/sub/pom.xml | 2 +-
.../src/test/resources-project-builder/pom-inheritance/pom.xml | 6 +++---
.../unique-repo-id/artifact-repo-in-profile/pom.xml | 4 ++--
.../resources-project-builder/unique-repo-id/artifact-repo/pom.xml | 4 ++--
.../unique-repo-id/plugin-repo-in-profile/pom.xml | 4 ++--
.../resources-project-builder/unique-repo-id/plugin-repo/pom.xml | 4 ++--
.../unprefixed-expression-interpolation/child/pom.xml | 2 +-
.../src/test/resources-project-builder/url-inheritance/pom.xml | 4 ++--
12 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/maven-core/src/test/resources-project-builder/complete-model/w-parent/sub/pom.xml b/maven-core/src/test/resources-project-builder/complete-model/w-parent/sub/pom.xml
index 68ca28d..b2ab912 100644
--- a/maven-core/src/test/resources-project-builder/complete-model/w-parent/sub/pom.xml
+++ b/maven-core/src/test/resources-project-builder/complete-model/w-parent/sub/pom.xml
@@ -130,12 +130,12 @@ under the License.
</ciManagement>
<distributionManagement>
<repository>
- <url>http://project.url/dist</url>
+ <url>https://project.url/dist</url>
<id>project.distros</id>
<name>distros</name>
</repository>
<snapshotRepository>
- <url>http://project.url/snaps</url>
+ <url>https://project.url/snaps</url>
<id>project.snaps</id>
<name>snaps</name>
<uniqueVersion>false</uniqueVersion>
@@ -200,7 +200,7 @@ under the License.
<repositories>
<repository>
<id>project-remote-repo</id>
- <url>http://project.url/remote</url>
+ <url>https://project.url/remote</url>
<name>repo</name>
</repository>
</repositories>
diff --git a/maven-core/src/test/resources-project-builder/complete-model/wo-parent/pom.xml b/maven-core/src/test/resources-project-builder/complete-model/wo-parent/pom.xml
index 7b1ad79..af98aaa 100644
--- a/maven-core/src/test/resources-project-builder/complete-model/wo-parent/pom.xml
+++ b/maven-core/src/test/resources-project-builder/complete-model/wo-parent/pom.xml
@@ -124,12 +124,12 @@ under the License.
</ciManagement>
<distributionManagement>
<repository>
- <url>http://project.url/dist</url>
+ <url>https://project.url/dist</url>
<id>project.distros</id>
<name>distros</name>
</repository>
<snapshotRepository>
- <url>http://project.url/snaps</url>
+ <url>https://project.url/snaps</url>
<id>project.snaps</id>
<name>snaps</name>
<uniqueVersion>false</uniqueVersion>
@@ -194,7 +194,7 @@ under the License.
<repositories>
<repository>
<id>project-remote-repo</id>
- <url>http://project.url/remote</url>
+ <url>https://project.url/remote</url>
<name>repo</name>
</repository>
</repositories>
diff --git a/maven-core/src/test/resources-project-builder/id-container-joining-with-empty-elements/pom.xml b/maven-core/src/test/resources-project-builder/id-container-joining-with-empty-elements/pom.xml
index 4db43cd..f0354df 100644
--- a/maven-core/src/test/resources-project-builder/id-container-joining-with-empty-elements/pom.xml
+++ b/maven-core/src/test/resources-project-builder/id-container-joining-with-empty-elements/pom.xml
@@ -40,7 +40,7 @@ under the License.
<repositories>
<repository>
<id>equal-repo-id</id>
- <url>http://maven.apache.org/null</url>
+ <url>https://maven.apache.org/null</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
diff --git a/maven-core/src/test/resources-project-builder/multiple-repos/pom.xml b/maven-core/src/test/resources-project-builder/multiple-repos/pom.xml
index e59cd0c..11ae200 100644
--- a/maven-core/src/test/resources-project-builder/multiple-repos/pom.xml
+++ b/maven-core/src/test/resources-project-builder/multiple-repos/pom.xml
@@ -33,7 +33,7 @@ under the License.
<id>central-parent</id>
<name>Maven Repository Switchboard</name>
<layout>default</layout>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
diff --git a/maven-core/src/test/resources-project-builder/multiple-repos/sub/pom.xml b/maven-core/src/test/resources-project-builder/multiple-repos/sub/pom.xml
index d7b2102..a6f96cb 100644
--- a/maven-core/src/test/resources-project-builder/multiple-repos/sub/pom.xml
+++ b/maven-core/src/test/resources-project-builder/multiple-repos/sub/pom.xml
@@ -36,7 +36,7 @@ under the License.
<id>central-child</id>
<name>Maven Repository Switchboard</name>
<layout>default</layout>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
diff --git a/maven-core/src/test/resources-project-builder/pom-inheritance/pom.xml b/maven-core/src/test/resources-project-builder/pom-inheritance/pom.xml
index f96a940..eb1ce9d 100644
--- a/maven-core/src/test/resources-project-builder/pom-inheritance/pom.xml
+++ b/maven-core/src/test/resources-project-builder/pom-inheritance/pom.xml
@@ -86,11 +86,11 @@ under the License.
</ciManagement>
<distributionManagement>
<repository>
- <url>http://parent.url/dist</url>
+ <url>https://parent.url/dist</url>
<id>parent.distros</id>
</repository>
<snapshotRepository>
- <url>http://parent.url/snaps</url>
+ <url>https://parent.url/snaps</url>
<id>parent.snaps</id>
</snapshotRepository>
<site>
@@ -130,7 +130,7 @@ under the License.
<repositories>
<repository>
<id>parent-remote-repo</id>
- <url>http://parent.url/remote</url>
+ <url>https://parent.url/remote</url>
</repository>
</repositories>
diff --git a/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo-in-profile/pom.xml b/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo-in-profile/pom.xml
index eb73c4e..acece4c 100644
--- a/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo-in-profile/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo-in-profile/pom.xml
@@ -39,11 +39,11 @@ under the License.
<repositories>
<repository>
<id>one</id>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
<id>one</id>
- <url>http://repository.codehaus.org/</url>
+ <url>https://repository.codehaus.org/</url>
</repository>
</repositories>
</profile>
diff --git a/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo/pom.xml b/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo/pom.xml
index 76d4f74..7d151fc 100644
--- a/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo/pom.xml
@@ -35,11 +35,11 @@ under the License.
<repositories>
<repository>
<id>one</id>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
<id>one</id>
- <url>http://repository.codehaus.org/</url>
+ <url>https://repository.codehaus.org/</url>
</repository>
</repositories>
</project>
diff --git a/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo-in-profile/pom.xml b/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo-in-profile/pom.xml
index ac1fada..aa90c53 100644
--- a/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo-in-profile/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo-in-profile/pom.xml
@@ -39,11 +39,11 @@ under the License.
<pluginRepositories>
<pluginRepository>
<id>one</id>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
</pluginRepository>
<pluginRepository>
<id>one</id>
- <url>http://repository.codehaus.org/</url>
+ <url>https://repository.codehaus.org/</url>
</pluginRepository>
</pluginRepositories>
</profile>
diff --git a/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo/pom.xml b/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo/pom.xml
index 92fd126..23a0314 100644
--- a/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo/pom.xml
@@ -35,11 +35,11 @@ under the License.
<pluginRepositories>
<pluginRepository>
<id>one</id>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
</pluginRepository>
<pluginRepository>
<id>one</id>
- <url>http://repository.codehaus.org/</url>
+ <url>https://repository.codehaus.org/</url>
</pluginRepository>
</pluginRepositories>
</project>
diff --git a/maven-core/src/test/resources-project-builder/unprefixed-expression-interpolation/child/pom.xml b/maven-core/src/test/resources-project-builder/unprefixed-expression-interpolation/child/pom.xml
index cdc7b75..c5dc230 100644
--- a/maven-core/src/test/resources-project-builder/unprefixed-expression-interpolation/child/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unprefixed-expression-interpolation/child/pom.xml
@@ -58,7 +58,7 @@ under the License.
<repository>
<id>maven-core-it</id>
<name>child-dist-repo</name>
- <url>http://dist.org/</url>
+ <url>https://dist.org/</url>
</repository>
<site>
<id>maven-core-it</id>
diff --git a/maven-core/src/test/resources-project-builder/url-inheritance/pom.xml b/maven-core/src/test/resources-project-builder/url-inheritance/pom.xml
index ed4cdf0..35eb0b0 100644
--- a/maven-core/src/test/resources-project-builder/url-inheritance/pom.xml
+++ b/maven-core/src/test/resources-project-builder/url-inheritance/pom.xml
@@ -58,11 +58,11 @@ under the License.
</ciManagement>
<distributionManagement>
<repository>
- <url>http://parent.url/dist</url>
+ <url>https://parent.url/dist</url>
<id>parent.distros</id>
</repository>
<snapshotRepository>
- <url>http://parent.url/snaps</url>
+ <url>https://parent.url/snaps</url>
<id>parent.snaps</id>
</snapshotRepository>
<site>