The change in maven to reject `http://` (non-tls secured http) was as a result of a CVE.
https://nvd.nist.gov/vuln/detail/CVE-2021-26291 I think we should encourage proper use of `https://` (secured TLS http) from here on out within all Eclipse projects using maven. - Joakim On Mon, Jun 21, 2021 at 10:23 AM Mikael Barbero < mikael.barb...@eclipse-foundation.org> wrote: > (cross posted to cross-projects issues). > > There is a breaking change in Maven 3.8.1: it blocks non TLS repositories. > If you have plain http URL in your pom.xml to reference external > repositories, you may see errors like > > Could not transfer artifact > org.jboss.tools.tycho-plugins:repository-utils:pom:1.7.0 from/to > maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for > repositories: [jboss-public-repository-group > (http://repository.jboss.org/nexus/content/groups/public/, default, > releases+snapshots)] > > (from https://bugs.eclipse.org/bugs/show_bug.cgi?id=574364) > > The solution is easy: switch to https:// scheme in your pom.xml, most > public maven repositories are available via TLS. > > Thanks. > > *Mikaël Barbero * > *Manager — Release Engineering and Technology | Eclipse Foundation* > 🐦 @mikbarbero > Eclipse Foundation <http://www.eclipse.org/>: The Platform for Open > Innovation and Collaboration > > On 18 Jun 2021, at 08:53, Mikael Barbero < > mikael.barb...@eclipse-foundation.org> wrote: > > As announced last month, apache-maven-latest has been upgraded to 3.8.1. > > Thanks. > > *Mikaël Barbero * > *Manager — Release Engineering and Technology | Eclipse Foundation* > 🐦 @mikbarbero > Eclipse Foundation <http://www.eclipse.org/>: The Platform for Open > Innovation and Collaboration > > On 21 May 2021, at 10:19, Mikael Barbero < > mikael.barb...@eclipse-foundation.org> wrote: > > Hi > > Maven 3.8.1 has been deployed to all Jenkins instances. > > Note that apache-maven-latest stays at 3.6.3 for now. We will do the the > change once upcoming 2021.06 release is done to avoid any issue with build > script relying on latest. > > Version details are available at > https://wiki.eclipse.org/Jenkins#Apache_Maven > > Cheers, > > *Mikaël Barbero * > *Manager — Release Engineering and Technology | Eclipse Foundation* > 🐦 @mikbarbero > Eclipse Foundation <http://www.eclipse.org/>: The Platform for Open > Innovation and Collaboration > > > > _______________________________________________ > cbi-dev mailing list > cbi-...@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/cbi-dev >
_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev
