[FOLIO-3106] Update Index Data maven repo url Created: 07/Apr/21 Updated: 21/Jun/21 Resolved: 11/Jun/21 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P2 |
| Reporter: | Adam Dickmeiss | Assignee: | Adam Dickmeiss |
| Resolution: | Done | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||||||||||||||
| Sprint: | |||||||||||||||||||||||||
| Development Team: | None | ||||||||||||||||||||||||
| Description |
|
Starting with maven 3.8.1, http-based maven repositories are unsupported.
This is a problem for projects using http://maven.indexdata.com . They should use https://maven.indexdata.com (which is accessible from today)
https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291 This maven MitM attack has been well known since 2019: |
| Comments |
| Comment by Peter Murray [ 12/Apr/21 ] |
|
Hey, Adam—I think this was fixed last week. Can you verify? |
| Comment by Julian Ladisch [ 11/Jun/21 ] |
|
All issues have been fixed: Two two remaining repositories have been archived, are no longer used and thus don't need a fix: |