You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by sl...@apache.org on 2020/02/16 09:25:10 UTC
[maven] branch fix/use_https created (now f005b4e)
This is an automated email from the ASF dual-hosted git repository.
slachiewicz pushed a change to branch fix/use_https
in repository https://gitbox.apache.org/repos/asf/maven.git.
at f005b4e Use HTTPS instead of HTTP to resolve dependencies
This branch includes the following new commits:
new f005b4e Use HTTPS instead of HTTP to resolve dependencies
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[maven] 01/01: Use HTTPS instead of HTTP to resolve dependencies
Posted by sl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
slachiewicz pushed a commit to branch fix/use_https
in repository https://gitbox.apache.org/repos/asf/maven.git
commit f005b4e71befd90c6ad4a4c739405bbed4088154
Author: Jonathan Leitschuh <Jo...@gmail.com>
AuthorDate: Mon Feb 10 19:45:26 2020 -0500
Use HTTPS instead of HTTP to resolve dependencies
This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.
Signed-off-by: Jonathan Leitschuh <Jo...@gmail.com>
Closes #323
---
.../resources-project-builder/complete-model/w-parent/sub/pom.xml | 6 +++---
.../test/resources-project-builder/complete-model/wo-parent/pom.xml | 6 +++---
.../id-container-joining-with-empty-elements/pom.xml | 2 +-
.../src/test/resources-project-builder/multiple-repos/pom.xml | 2 +-
.../src/test/resources-project-builder/multiple-repos/sub/pom.xml | 2 +-
.../src/test/resources-project-builder/pom-inheritance/pom.xml | 6 +++---
.../unique-repo-id/artifact-repo-in-profile/pom.xml | 4 ++--
.../resources-project-builder/unique-repo-id/artifact-repo/pom.xml | 4 ++--
.../unique-repo-id/plugin-repo-in-profile/pom.xml | 4 ++--
.../resources-project-builder/unique-repo-id/plugin-repo/pom.xml | 4 ++--
.../unprefixed-expression-interpolation/child/pom.xml | 2 +-
.../src/test/resources-project-builder/url-inheritance/pom.xml | 4 ++--
12 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/maven-core/src/test/resources-project-builder/complete-model/w-parent/sub/pom.xml b/maven-core/src/test/resources-project-builder/complete-model/w-parent/sub/pom.xml
index 68ca28d..b2ab912 100644
--- a/maven-core/src/test/resources-project-builder/complete-model/w-parent/sub/pom.xml
+++ b/maven-core/src/test/resources-project-builder/complete-model/w-parent/sub/pom.xml
@@ -130,12 +130,12 @@ under the License.
</ciManagement>
<distributionManagement>
<repository>
- <url>http://project.url/dist</url>
+ <url>https://project.url/dist</url>
<id>project.distros</id>
<name>distros</name>
</repository>
<snapshotRepository>
- <url>http://project.url/snaps</url>
+ <url>https://project.url/snaps</url>
<id>project.snaps</id>
<name>snaps</name>
<uniqueVersion>false</uniqueVersion>
@@ -200,7 +200,7 @@ under the License.
<repositories>
<repository>
<id>project-remote-repo</id>
- <url>http://project.url/remote</url>
+ <url>https://project.url/remote</url>
<name>repo</name>
</repository>
</repositories>
diff --git a/maven-core/src/test/resources-project-builder/complete-model/wo-parent/pom.xml b/maven-core/src/test/resources-project-builder/complete-model/wo-parent/pom.xml
index 7b1ad79..af98aaa 100644
--- a/maven-core/src/test/resources-project-builder/complete-model/wo-parent/pom.xml
+++ b/maven-core/src/test/resources-project-builder/complete-model/wo-parent/pom.xml
@@ -124,12 +124,12 @@ under the License.
</ciManagement>
<distributionManagement>
<repository>
- <url>http://project.url/dist</url>
+ <url>https://project.url/dist</url>
<id>project.distros</id>
<name>distros</name>
</repository>
<snapshotRepository>
- <url>http://project.url/snaps</url>
+ <url>https://project.url/snaps</url>
<id>project.snaps</id>
<name>snaps</name>
<uniqueVersion>false</uniqueVersion>
@@ -194,7 +194,7 @@ under the License.
<repositories>
<repository>
<id>project-remote-repo</id>
- <url>http://project.url/remote</url>
+ <url>https://project.url/remote</url>
<name>repo</name>
</repository>
</repositories>
diff --git a/maven-core/src/test/resources-project-builder/id-container-joining-with-empty-elements/pom.xml b/maven-core/src/test/resources-project-builder/id-container-joining-with-empty-elements/pom.xml
index 4db43cd..f0354df 100644
--- a/maven-core/src/test/resources-project-builder/id-container-joining-with-empty-elements/pom.xml
+++ b/maven-core/src/test/resources-project-builder/id-container-joining-with-empty-elements/pom.xml
@@ -40,7 +40,7 @@ under the License.
<repositories>
<repository>
<id>equal-repo-id</id>
- <url>http://maven.apache.org/null</url>
+ <url>https://maven.apache.org/null</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
diff --git a/maven-core/src/test/resources-project-builder/multiple-repos/pom.xml b/maven-core/src/test/resources-project-builder/multiple-repos/pom.xml
index e59cd0c..11ae200 100644
--- a/maven-core/src/test/resources-project-builder/multiple-repos/pom.xml
+++ b/maven-core/src/test/resources-project-builder/multiple-repos/pom.xml
@@ -33,7 +33,7 @@ under the License.
<id>central-parent</id>
<name>Maven Repository Switchboard</name>
<layout>default</layout>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
diff --git a/maven-core/src/test/resources-project-builder/multiple-repos/sub/pom.xml b/maven-core/src/test/resources-project-builder/multiple-repos/sub/pom.xml
index d7b2102..a6f96cb 100644
--- a/maven-core/src/test/resources-project-builder/multiple-repos/sub/pom.xml
+++ b/maven-core/src/test/resources-project-builder/multiple-repos/sub/pom.xml
@@ -36,7 +36,7 @@ under the License.
<id>central-child</id>
<name>Maven Repository Switchboard</name>
<layout>default</layout>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
diff --git a/maven-core/src/test/resources-project-builder/pom-inheritance/pom.xml b/maven-core/src/test/resources-project-builder/pom-inheritance/pom.xml
index f96a940..eb1ce9d 100644
--- a/maven-core/src/test/resources-project-builder/pom-inheritance/pom.xml
+++ b/maven-core/src/test/resources-project-builder/pom-inheritance/pom.xml
@@ -86,11 +86,11 @@ under the License.
</ciManagement>
<distributionManagement>
<repository>
- <url>http://parent.url/dist</url>
+ <url>https://parent.url/dist</url>
<id>parent.distros</id>
</repository>
<snapshotRepository>
- <url>http://parent.url/snaps</url>
+ <url>https://parent.url/snaps</url>
<id>parent.snaps</id>
</snapshotRepository>
<site>
@@ -130,7 +130,7 @@ under the License.
<repositories>
<repository>
<id>parent-remote-repo</id>
- <url>http://parent.url/remote</url>
+ <url>https://parent.url/remote</url>
</repository>
</repositories>
diff --git a/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo-in-profile/pom.xml b/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo-in-profile/pom.xml
index eb73c4e..acece4c 100644
--- a/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo-in-profile/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo-in-profile/pom.xml
@@ -39,11 +39,11 @@ under the License.
<repositories>
<repository>
<id>one</id>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
<id>one</id>
- <url>http://repository.codehaus.org/</url>
+ <url>https://repository.codehaus.org/</url>
</repository>
</repositories>
</profile>
diff --git a/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo/pom.xml b/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo/pom.xml
index 76d4f74..7d151fc 100644
--- a/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unique-repo-id/artifact-repo/pom.xml
@@ -35,11 +35,11 @@ under the License.
<repositories>
<repository>
<id>one</id>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
<id>one</id>
- <url>http://repository.codehaus.org/</url>
+ <url>https://repository.codehaus.org/</url>
</repository>
</repositories>
</project>
diff --git a/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo-in-profile/pom.xml b/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo-in-profile/pom.xml
index ac1fada..aa90c53 100644
--- a/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo-in-profile/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo-in-profile/pom.xml
@@ -39,11 +39,11 @@ under the License.
<pluginRepositories>
<pluginRepository>
<id>one</id>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
</pluginRepository>
<pluginRepository>
<id>one</id>
- <url>http://repository.codehaus.org/</url>
+ <url>https://repository.codehaus.org/</url>
</pluginRepository>
</pluginRepositories>
</profile>
diff --git a/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo/pom.xml b/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo/pom.xml
index 92fd126..23a0314 100644
--- a/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unique-repo-id/plugin-repo/pom.xml
@@ -35,11 +35,11 @@ under the License.
<pluginRepositories>
<pluginRepository>
<id>one</id>
- <url>http://repo1.maven.org/maven2</url>
+ <url>https://repo1.maven.org/maven2</url>
</pluginRepository>
<pluginRepository>
<id>one</id>
- <url>http://repository.codehaus.org/</url>
+ <url>https://repository.codehaus.org/</url>
</pluginRepository>
</pluginRepositories>
</project>
diff --git a/maven-core/src/test/resources-project-builder/unprefixed-expression-interpolation/child/pom.xml b/maven-core/src/test/resources-project-builder/unprefixed-expression-interpolation/child/pom.xml
index cdc7b75..c5dc230 100644
--- a/maven-core/src/test/resources-project-builder/unprefixed-expression-interpolation/child/pom.xml
+++ b/maven-core/src/test/resources-project-builder/unprefixed-expression-interpolation/child/pom.xml
@@ -58,7 +58,7 @@ under the License.
<repository>
<id>maven-core-it</id>
<name>child-dist-repo</name>
- <url>http://dist.org/</url>
+ <url>https://dist.org/</url>
</repository>
<site>
<id>maven-core-it</id>
diff --git a/maven-core/src/test/resources-project-builder/url-inheritance/pom.xml b/maven-core/src/test/resources-project-builder/url-inheritance/pom.xml
index ed4cdf0..35eb0b0 100644
--- a/maven-core/src/test/resources-project-builder/url-inheritance/pom.xml
+++ b/maven-core/src/test/resources-project-builder/url-inheritance/pom.xml
@@ -58,11 +58,11 @@ under the License.
</ciManagement>
<distributionManagement>
<repository>
- <url>http://parent.url/dist</url>
+ <url>https://parent.url/dist</url>
<id>parent.distros</id>
</repository>
<snapshotRepository>
- <url>http://parent.url/snaps</url>
+ <url>https://parent.url/snaps</url>
<id>parent.snaps</id>
</snapshotRepository>
<site>