Branch: refs/heads/master Home: https://github.com/jenkinsci/wix-plugin
Commit: 60f65e9f114861513d43bbff24e489622a98f643 https://github.com/jenkinsci/wix-plugin/commit/60f65e9f114861513d43bbff24e489622a98f643 Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> Date: 2022-07-21 (Thu, 21 Jul 2022) Changed paths: M pom.xml Log Message: ----------- vuln-fix: Use HTTPS instead of HTTP to resolve deps CVE-2021-26291 This fixes a security vulnerability in this project where the `pom.xml` files were configuring Maven to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.maven.security.UseHttpsForRepositories) Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/8 Co-authored-by: Moderne <t...@moderne.io> Commit: b47db010499966f6d266497a4debc3d6dfc9a7a9 https://github.com/jenkinsci/wix-plugin/commit/b47db010499966f6d266497a4debc3d6dfc9a7a9 Author: Björn Berg <rollin.h...@gmx.de> Date: 2022-08-06 (Sat, 06 Aug 2022) Changed paths: Log Message: ----------- Merge pull request #15 from JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies_maven [SECURITY] Use HTTPS to resolve dependencies in Maven Build Compare: https://github.com/jenkinsci/wix-plugin/compare/d80b6c1f7e6f...b47db0104999 -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/wix-plugin/push/refs/heads/master/d80b6c-b47db0%40github.com.