[maven-doxia] branch master updated: Use HTTPS instead of HTTP to resolve dependencies

elharo Tue, 11 Feb 2020 04:42:12 -0800

This is an automated email from the ASF dual-hosted git repository.

elharo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-doxia.git



The following commit(s) were added to refs/heads/master by this push:
     new 558aff6  Use HTTPS instead of HTTP to resolve dependencies
     new 0da0685  Merge pull request #18 from 
JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies
558aff6 is described below

commit 558aff650f41ade433509d112a575ed204221f69
Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
AuthorDate: Mon Feb 10 18:21:10 2020 -0500

    Use HTTPS instead of HTTP to resolve dependencies
    
    This fixes a security vulnerability in this project where the `pom.xml`
    files were configuring Maven to resolve dependencies over HTTP instead of
    HTTPS.
    
    Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b31764f..b074bcf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -328,7 +328,7 @@ under the License.
     <pluginRepository>
       <id>apache.snapshots</id>
       <name>Apache Snapshot Repository</name>
-      <url>http://repository.apache.org/snapshots</url>
+      <url>https://repository.apache.org/snapshots</url>
       <releases>
         <enabled>false</enabled>
       </releases>

[maven-doxia] branch master updated: Use HTTPS instead of HTTP to resolve dependencies

Reply via email to