Just wanted to bring this to the users list and ensure that those reading the release notes see the security alert for 3.0.4:
CVE-2013-0253 Apache Maven Severity: Medium Vendor: The Apache Software Foundation Versions Affected: - Apache Maven 3.0.4 - Apache Maven Wagon 2.1, 2.2, 2.3 Description: Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack. All users are recommended to upgrade to Apache Maven 3.0.5 and Apache Maven Wagon 2.4. Credit This issue was identified by Graham Leggett -- The Apache Maven Team On Sat, Feb 23, 2013 at 9:58 AM, Olivier Lamy <ol...@apache.org> wrote: > Hello, > > The Apache Maven team is pleased to announce the release of Apache Maven > 3.0.5 > > Release notes available: > http://maven.apache.org/docs/3.0.5/release-notes.html . > > Maven is a project comprehension and build tool, designed to simplify > the process of maintaining a healthy development lifecycle for your > project. > > You can read more here: > > http://maven.apache.org/ > > Downloads of source and binary distributions are listed in our > download section: > > http://maven.apache.org/download.html > > A major goal of Maven 3.0.x is to be compatible, to the extent > possible, with existing plugins and projects designed for Maven 2.x. > Users interested in upgrading to 3.x should have a glance at the > compatibility notes for known differences between Maven 3.0 and Maven > 2.x: > > http://cwiki.apache.org/MAVEN/maven-3x-compatibility-notes.html > > Users who already use Maven 3.0.x are encouraged to update to this new > maintenance release. > > If you encounter unexpected problems while using Apache Maven 3.0.5, > please feel free to contact us via the Maven developer list: > > http://maven.apache.org/mail-lists.html > > Release Notes - Apache Maven 2 & 3 - Version 3.0.5 > > ** Bug > * [MNG-5430] - use wagon 2.4 > > > Have Fun! > > -- The Apache Maven Team. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >