Branch: refs/heads/master
Home: https://github.com/jenkinsci/wix-plugin
Commit: 60f65e9f114861513d43bbff24e489622a98f643
https://github.com/jenkinsci/wix-plugin/commit/60f65e9f114861513d43bbff24e489622a98f643
Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Date: 2022-07-21 (Thu, 21 Jul 2022)
Changed paths:
M pom.xml
Log Message:
-----------
vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291
This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.
Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: CodeQL & OpenRewrite
(https://public.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories)
Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8
Co-authored-by: Moderne <t...@moderne.io>
Commit: b47db010499966f6d266497a4debc3d6dfc9a7a9
https://github.com/jenkinsci/wix-plugin/commit/b47db010499966f6d266497a4debc3d6dfc9a7a9
Author: Björn Berg <rollin.h...@gmx.de>
Date: 2022-08-06 (Sat, 06 Aug 2022)
Changed paths:
Log Message:
-----------
Merge pull request #15 from
JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies_maven
[SECURITY] Use HTTPS to resolve dependencies in Maven Build
Compare:
https://github.com/jenkinsci/wix-plugin/compare/d80b6c1f7e6f...b47db0104999
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/wix-plugin/push/refs/heads/master/d80b6c-b47db0%40github.com.
