This is an automated email from the ASF dual-hosted git repository. dongxu pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/james-hupa.git
The following commit(s) were added to refs/heads/trunk by this push: new 1c0a2eb Use HTTPS instead of HTTP to resolve dependencies new 6d93850 Merge pull request #1 from JLLeitschuh/fix/JLL/use_https_to_resolve_dependencies 1c0a2eb is described below commit 1c0a2ebeaeb2c39e743940d8465349f8f6148365 Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> AuthorDate: Mon Feb 10 19:05:34 2020 -0500 Use HTTPS instead of HTTP to resolve dependencies This fixes a security vulnerability in this project where the `pom.xml` files were configuring Maven to resolve dependencies over HTTP instead of HTTPS. Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index a65ece7..d932e3b 100644 --- a/pom.xml +++ b/pom.xml @@ -335,15 +335,15 @@ <repositories> <repository> <id>repo1</id> - <url>http://repo1.maven.org/maven2/</url> + <url>https://repo1.maven.org/maven2/</url> </repository> <repository> <id>JBoss repository</id> - <url>http://repository.jboss.org/nexus/content/groups/public/</url> + <url>https://repository.jboss.org/nexus/content/groups/public/</url> </repository> <repository> <id>sonatype</id> - <url>http://oss.sonatype.org/content/repositories/snapshots</url> + <url>https://oss.sonatype.org/content/repositories/snapshots</url> <snapshots><enabled>true</enabled></snapshots> <releases><enabled>false</enabled></releases> </repository> --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org