Kevin Ratnasekera created GORA-642:
--------------------------------------
Summary: Use HTTPS to resolve dependencies in Maven Build
Key: GORA-642
URL: https://issues.apache.org/jira/browse/GORA-642
Project: Apache Gora
Issue Type: Improvement
Components: build process
Affects Versions: 0.9
Reporter: Kevin Ratnasekera
Assignee: Kevin Ratnasekera
Fix For: 1.0
This is a security fix for a vulnerability in Apache Maven pom.xml file(s).
The build files indicate that this project is resolving dependencies over HTTP
instead of HTTPS. This leaves your build vulnerable to allowing a Man in the
Middle (MITM) attackers to execute arbitrary code on your or your computer or
CI/CD system.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
