You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Jason van Zyl (JIRA)" <ji...@codehaus.org> on 2014/01/05 19:36:46 UTC
[jira] (MNG-5265) enforce repository url verification for passing
authz
[ https://jira.codehaus.org/browse/MNG-5265?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason van Zyl updated MNG-5265:
-------------------------------
Fix Version/s: (was: 3.1.x)
3.2
> enforce repository url verification for passing authz
> -----------------------------------------------------
>
> Key: MNG-5265
> URL: https://jira.codehaus.org/browse/MNG-5265
> Project: Maven 2 & 3
> Issue Type: Improvement
> Components: Settings
> Affects Versions: 2.0.10, 2.2.1, 3.0.2, 3.0.3, 3.0.4
> Reporter: Olivier Lamy
> Fix For: 3.2
>
>
> Related discussion: http://markmail.org/message/7pswshucxc7qwtef
> in your settings you have:
> {code}
> <server>
> <username>olamy</username>
> <password>reallycomplicatedpassword</password>
> <id>foo.org</id>
> </server>
> {code}
> During dependencies resolution, you get a pom with a repository.
> {code}
> <repository>
> <id>foo.org</id>
> <url>http://yourpasswordwillbehacked.org/</url>
> </repository>
> {code}
> Idea id in settings must contains the target hostname.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira