[ https://issues.apache.org/jira/browse/MWRAPPER-50?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Slawomir Jaranowski updated MWRAPPER-50: ---------------------------------------- Fix Version/s: waiting-for-feedback > Verify checksum when downloading maven-wrapper.jar > ---------------------------------------------------- > > Key: MWRAPPER-50 > URL: https://issues.apache.org/jira/browse/MWRAPPER-50 > Project: Maven Wrapper > Issue Type: Bug > Components: Maven Wrapper Scripts > Affects Versions: 3.1.0 > Reporter: Premek Vyhnal > Priority: Major > Fix For: waiting-for-feedback > > > Hi, > Sorry if I just cannot find it > but it seems the checksum is not checked of the `maven-wrapper.jar` > downloaded here: > [https://github.com/apache/maven-wrapper/blob/efba2bde13feeabfb42e9dc120e8a35c127baf0d/maven-wrapper-distribution/src/resources/mvnw#L207] > > Checksum of the downloaded file should be checked before executing it to > avoid a remote code execution attack on the developer machine. > -- This message was sent by Atlassian Jira (v8.20.10#820010)