This is an automated email from the ASF dual-hosted git repository. elharo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/maven-doxia.git
The following commit(s) were added to refs/heads/master by this push: new 558aff6 Use HTTPS instead of HTTP to resolve dependencies new 0da0685 Merge pull request #18 from JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies 558aff6 is described below commit 558aff650f41ade433509d112a575ed204221f69 Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> AuthorDate: Mon Feb 10 18:21:10 2020 -0500 Use HTTPS instead of HTTP to resolve dependencies This fixes a security vulnerability in this project where the `pom.xml` files were configuring Maven to resolve dependencies over HTTP instead of HTTPS. Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b31764f..b074bcf 100644 --- a/pom.xml +++ b/pom.xml @@ -328,7 +328,7 @@ under the License. <pluginRepository> <id>apache.snapshots</id> <name>Apache Snapshot Repository</name> - <url>http://repository.apache.org/snapshots</url> + <url>https://repository.apache.org/snapshots</url> <releases> <enabled>false</enabled> </releases>