thank you for your explanation.
On 9 May 2017 at 10:39, Vincent Massol wrote:
> Hi Miroslav,
> > On 9 May 2017, at 10:34, Miroslav Galajda
> > Hi,
> > when checking for extension updates in xwiki administration, the
> > updater lists some errors.
> > After some investigation, I've found that xwiki is trying to call some
> > api pointing to url like this:
> > https://store.xwiki.com/xwiki/rest/repository/extensions/[
> > where the [URL_ENDING_PART] was one of the following examples found in
> > log:
> > - com.google.code.findbugs%3Aannotations/versions/api
> > -
> > org.xwiki.platform%3Axwiki-platform-blog-ui/versions?
> > -
> > org.xwiki.contrib.ldap%3Aldap-authenticator/versions?
> > The reason for the above listed https calls is due to our proxy that is
> > inspecting every outgoing communication and has denied the requests to
> > store.xwiki.com. The proxy uses CISCO list of untrusted web sites which
> > says this:
> > Reason: BLOCK-MALWARE
> > Threat Type: othermalware
> > Threat Reason: Domain reported and verified as serving malware.
> > as malicious IP. Identified as malicious domain or URL.
> > Notification: WBRS
> > Can be this domain trusted or not? Is it a false threat or not?
> > Is it legal when xwiki calls the API at https://store.xwiki.com?
> Is it can be trusted and it’s legal. Our governance at
> http://dev.xwiki.org/xwiki/bin/view/Community/Governance allows the top
> sponsoring company to list its extension repository in the xwiki
> configuration by default (you can override this if you wish in your
> xwiki.properties file, search for the extension.repositories property).
> FYI ATM the top sponsoring company is XWiki SAS (http://xwiki.com), see
> It currently provides two paying extensions that are advertised on
> http://extensions.xwiki.org/ in the “Sponsored Extensions” section.
> > Thank you