[jira] [Commented] (GORA-642) Use HTTPS to resolve dependencies in Maven Build

Kevin Ratnasekera (Jira) Tue, 03 Mar 2020 21:28:22 -0800


    [ 
https://issues.apache.org/jira/browse/GORA-642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17050901#comment-17050901
 ]


Kevin Ratnasekera commented on GORA-642:
----------------------------------------

This is fixed with PR [1]
[1]  https://github.com/apache/gora/pull/199

> Use HTTPS to resolve dependencies in Maven Build
> ------------------------------------------------
>
>                 Key: GORA-642
>                 URL: https://issues.apache.org/jira/browse/GORA-642
>             Project: Apache Gora
>          Issue Type: Improvement
>          Components: build process
>    Affects Versions: 0.9
>            Reporter: Kevin Ratnasekera
>            Assignee: Kevin Ratnasekera
>            Priority: Major
>             Fix For: 1.0
>
>
> This is a security fix for a vulnerability in Apache Maven pom.xml file(s).
> The build files indicate that this project is resolving dependencies over 
> HTTP instead of HTTPS. This leaves your build vulnerable to allowing a Man in 
> the Middle (MITM) attackers to execute arbitrary code on your or your 
> computer or CI/CD system.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (GORA-642) Use HTTPS to resolve dependencies in Maven Build

Reply via email to