backporting MNG-7119, I understand that it fixes a (low severity) security issue
backporting MNG-7116, MNG-7117 and MNG-7128 without MNG-7118 does not backport THE security fix = MNG-7118 block HTTP by default sorry, breaking by default is the security fix: if you don't want breaking by default, you don't want the security fix Regards, Hervé Le vendredi 2 avril 2021, 09:20:37 CEST Romain Manni-Bucau a écrit : > Hi all, > > As explained in another thread, I created > https://github.com/apache/maven/pull/462 to backport the security fix on > 3.8 in 3.6.x. > Anyone able to review it? > Only change is that the default configuration is not there but it can be > enabled - idea is to document it instead of breaking by default. > > Romain Manni-Bucau > @rmannibucau <https://twitter.com/rmannibucau> | Blog > <https://rmannibucau.metawerx.net/> | Old Blog > <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> > | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book > <https://www.packtpub.com/application-development/java-ee-8-high-performance > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
